User Tools

Site Tools

Configuration of LDAP Authentication in EASA

Configure custom authentication via an LDAP server by following the steps below.

  • Stop the EASA Server service.
  • Add a property to the file and Save:
    • <SERVERDATA>\admin\config\
      • easa.server.menu1 = com.easa.custom.auth.ldap.LDAPMenu
  • Start EASA Server.
  • Login to EASA Server
  • Set EASA→Set Mode→Administrator.
  • Click EASA→Configure→LDAP tab.
  • Fill out LDAP form with your credentials and click Save.
    • UserName:CN=Administrator,OU=Users,DC=easa,DC=com
    • Password=enter_password_here
    • connectionURL=ldap://
    • connectionQueryPort=389
    • userBase=CN=Users,DC=easa,DC=com
    • userSearch=easa_user_name (enter the actual EASA login)
  • Log out of EASA
  • Close the browser
  • Stop EASA Server
  • Edit the file:
    • <SERVERDATA>\admin\config\
    • Comment Out (prepend a # symbol to the line):
      • AuthenticationClass = backend.DefaultAuthenticator
    • Uncomment (remove initial # symbol) in line:
      • #AuthenticationClass=com.easa.custom.auth.ldap.LDAPAttributeAuthenticator
    • Save document.
  • Edit the file located at:
    • <SERVERDATA>\admin\config\
      • Replace admin below with the actual LDAP username:
        • admin.user = admin
      • Replace false below with true:
    • create.user = false
    • Save the file.
  • Start the EASA Server service.
  • Login to EASA with the LDAP credentials.

The Base DN that is configurable on the LDAP tab in the userBase parameter will allow all users in the specified Base DN access to EASA when create.user=true. See details below.

Configuration Options

The file above contains several key parameters to control the behavior of the authentication:

  • admin.user→ should be configured with an LDAP username (the local EASA administrator for example) to ensure that at least one user always has access to admin mode on the server.
  • create.user→automatically create an EASA user for the first time a user connects with LDAP.
    • Behavior is as follows:
      • true→any user with a valid LDAP account will be able to log in and will have a user account created in EASA.
        • Use, below, to prevent a User from automatically seeing any EASAP's.
        • This option is useful when dealing with a large number of Users.
      • false→the users need to be created in EASA first, and can then login using their LDAP credentials.
        • The username in EASA should match the LDAP username.
        • This method is more secure as only the users that you specify will be able to access EASA.
        • This method is useful when dealing with a relatively small number of users.
  •→set a default EASA user group for automatically created accounts when create.user=true
    • Leave on ‘All Categories’ when limiting access to the tools isn't a concern.
    • Set to a user group that doesn’t have any categories specified to limit access
      • (ie. a User who strays onto the system won’t see anything by default)
  • auth.logging→troubleshooting option, passwords will be logged in plain text and so need to be changed if set.
  • authentication.mode→set to 'basic' to enable HTTP basic authentication
    • This is advantageous for a User with a browser that caches data.
    • Otherwise, it will retain the EASA login page if set to 'form'.

Roll Back to Default Authentication

If you have issues, you’ll need to login to EASA with the backend Authenticator.

  • Stop the EASA Server
  • Edit the file:
    • <SERVERDATA>\admin\config\
    • Uncomment the line (remove the initial #):
      • AuthenticationClass = backend.DefaultAuthenticator
    • Comment out the line (prepend an initial #):
      • AuthenticationClass = com.easa.custom.auth.ldap.LDAPAttributeAuthenticator

EASA should now accept the default username and password.