User Tools

Site Tools

Configure LDAP Authentication

To configure custom authentication via an LDAP server following the steps below.

1. Stop the EASA Server service.

2. Add one property to the file below and Save.

  • <SERVERDATA>\admin\config\
    easa.server.menu1 = com.easa.custom.auth.ldap.LDAPMenu

3. Configure LDAP as an EASA Administrator.

  • Start the EASA Server
  • Login to the EASA Server
  • Set: EASA > Set Mode > Administrator
  • Click: EASA > Configure > LDAP
  • Fill out the LDAP form with your credentials
  • Click: Save
userSearch=//easa_user_name// (enter the actual EASA login)
  • userSearch - refers to the Active Directory attribute that should be matched against the user’s login credentials.
    A commonly used attribute is 'sAMAccountName', but your setup might be different
  • Log out of EASA
  • Close the browser
  • Stop the EASA Server

4. Enable a Java LDAP class.

  • Edit the file: <SERVERDATA>\admin\config\
  • Comment Out (prepend a ' # ' symbol to the line):
    AuthenticationClass = backend.DefaultAuthenticator
  • Uncomment (remove initial ' # ' symbol) in line:
  • Save the file

5. Enable the LDAP username as a valid login.

  • Edit the file located at:
  • Replace admin with the actual LDAP username:
    admin.user = admin
  • Replace false below with true :
    create.user = false
  • Save the file
  • Start the EASA Server service
  • Login to EASA with the LDAP credentials

The Base DN that is configurable on the LDAP tab in the userBase parameter will allow all users in the specified Base DN access to EASA when ' create.user=true '. See details below.

Configuration Options

The '' file above contains several key parameters to control the behavior of the authentication.

  • admin.user - should be configured with an LDAP username (the local EASA administrator for example) to ensure that at least one user always has access to admin mode on the server
  • create.user - automatically create an EASA user for the first time a user connects with LDAP
    true - Any user with a valid LDAP account will be able to log in and will have a user account created in EASA.
        Use (below) to prevent a User from automatically seeing any EASAPs
        This option is useful when dealing with a large number of Users
    false - Users need to be created in EASA first, and may then login using his/her LDAP credentials
       The username in EASA should match the LDAP username
       This method is more secure as only the users that you specify will be able to access EASA
       This method is useful when dealing with a relatively small number of users.
  • - Set a default EASA user group for automatically created accounts when: create.user=true
       Leave on ‘All Categories’ when limiting access to the tools isn't a concern
       Set to a user group that doesn’t have any categories specified to limit access
       (ie. a User who strays onto the system won’t see anything by default)
  • auth.logging - Troubleshooting option, passwords will be logged in plain text and so need to be changed if set
  • authentication.mode - Set to basic to enable HTTP basic authentication
       This is advantageous for a User with a browser that caches data
        Otherwise it will retain the EASA login page if set to form

Roll Back to Default Authentication

If you have issues, you’ll need to login to EASA with the default Authenticator.

1. Stop the EASA Server.

2. Modify a file.

  • Edit: <SERVERDATA>\admin\config\
  • Uncomment the line (remove the initial ' # '): AuthenticationClass = backend.DefaultAuthenticator
  • Comment out the line (prepend an initial ' # '): AuthenticationClass = com.easa.custom.auth.ldap.LDAPAttributeAuthenticator

EASA should now accept the default username and password.