To configure custom authentication via an LDAP server following the steps below.

1. Stop the EASA Server service.

2. Add one property to the file below and Save.

• <SERVERDATA>\admin\config\Menu.properties
  easa.server.menu1 = com.easa.custom.auth.ldap.LDAPMenu

3. Configure LDAP as an EASA Administrator.

• Start the EASA Server
• Login to the EASA Server
• Set: EASA > Set Mode > Administrator
• Click: EASA > Configure > LDAP
• Fill out the LDAP form with your credentials
• Click: Save

UserName:CN=//Administrator//,OU=//Users//,DC=//easa//,DC=//com//
Password=//enter_password//
connectionURL=//%%ldap://192.168.0.111%%//
connectionQueryPort=//389//
userBase=CN=//Users//,DC=//easa//,DC=//com//
userSearch=//easa_user_name// (enter the actual EASA login)

• userSearch - refers to the Active Directory attribute that should be matched against the user’s login credentials.
  A commonly used attribute is 'sAMAccountName', but your setup might be different

• Log out of EASA
• Close the browser
• Stop the EASA Server

4. Enable a Java LDAP class.

• Edit the file: <SERVERDATA>\admin\config\Authentication.properties
• Comment Out (prepend a ' # ' symbol to the line):
  AuthenticationClass = backend.DefaultAuthenticator
• Uncomment (remove initial ' # ' symbol) in line:
  #AuthenticationClass=com.easa.custom.auth.ldap.LDAPAttributeAuthenticator
• Save the file

5. Enable the LDAP username as a valid login.

• Edit the file located at:
  <SERVERDATA>\admin\config\auth.properties
• Replace admin with the actual LDAP username:
  admin.user = admin
• Replace false below with true :
  create.user = false
• Save the file
• Start the EASA Server service
• Login to EASA with the LDAP credentials

The Base DN that is configurable on the LDAP tab in the userBase parameter will allow all users in the specified Base DN access to EASA when ' create.user=true '. See details below.

The 'auth.properties' file above contains several key parameters to control the behavior of the authentication.

• admin.user - should be configured with an LDAP username (the local EASA administrator for example) to ensure that at least one user always has access to admin mode on the server

• create.user - automatically create an EASA user for the first time a user connects with LDAP
  true - Any user with a valid LDAP account will be able to log in and will have a user account created in EASA.
      Use default.group (below) to prevent a User from automatically seeing any EASAPs
      This option is useful when dealing with a large number of Users
  false - Users need to be created in EASA first, and may then login using his/her LDAP credentials
     The username in EASA should match the LDAP username
     This method is more secure as only the users that you specify will be able to access EASA
     This method is useful when dealing with a relatively small number of users.

• default.group - Set a default EASA user group for automatically created accounts when: create.user=true
     Leave on ‘All Categories’ when limiting access to the tools isn't a concern
     Set to a user group that doesn’t have any categories specified to limit access
     (ie. a User who strays onto the system won’t see anything by default)

• auth.logging - Troubleshooting option, passwords will be logged in plain text and so need to be changed if set

• authentication.mode - Set to basic to enable HTTP basic authentication
     This is advantageous for a User with a browser that caches data
      Otherwise it will retain the EASA login page if set to form

If you have issues, you’ll need to login to EASA with the default Authenticator.

1. Stop the EASA Server.

2. Modify a file.

• Edit: <SERVERDATA>\admin\config\Menu.properties
• Uncomment the line (remove the initial ' # '): AuthenticationClass = backend.DefaultAuthenticator
• Comment out the line (prepend an initial ' # '): AuthenticationClass = com.easa.custom.auth.ldap.LDAPAttributeAuthenticator

EASA should now accept the default username and password.