Enable LDAP Authentication
Authenticate your credentials with the W&B Server LDAP server. The following guide explains how to configure the settings for W&B Server. It covers mandatory and optional configurations, as well as instructions for configuring the LDAP connection from systems settings UI. it also provides information on the different inputs of the LDAP configuration, such as the address, base distinguished name, and attributes. You can specify these attributes from the W&B App UI or using environment variables. You can setup either an anonymous bind, or bind with an administrator DN and Password.
Only W&B Admin roles can enable and configure LDAP authentication.
Configure LDAP connection
- W&B App
- Environment variables
- Navigate to the W&B App.
- Select your profile icon from the upper right. From the dropdown, select System Settings.
- Toggle Configure LDAP Client.
- Add the details in the form. Refer to Configuring Parameters section for details on each input.
- Click on Update Settings to test your settings. This will establish a test client/connection with the W&B server.
- If your connection is verified, toggle the Enable LDAP Authentication and select the Update Settings button.
Set LDAP an connection with the following environment variables:
See the Configuration parameters section for definitions of each environment variable. Note that the environment variable prefix
LOCAL_LDAP was omitted from the definition names for clarity.
The following table lists and describes required and optional LDAP configurations.
|This is the address of your LDAP server within the VPC that hosts W&B Server.||Yes|
|The root path searches start from and required for doing any queries into this directory.||Yes|
|Path of the administrative user registered in the LDAP server. This is required if the LDAP server does not support unauthenticated binding. If specified, W&B Server connects to the LDAP server as this user. Otherwise, W&B Server connects using anonymous binding.||No|
|The password for administrative user, this is used to authenticate the binding. If left blank, W&B Server connects using anonymous binding.||No|
|Provide an email and group ID attribute names as comma separated string values.||Yes|
|This tells W&B Server to use LDAP to authenticate. Set to either ||No|