OpenMetadata/openmetadata-docs/content/v1.0.0/deployment/security/ldap/index.md

---
title: Ldap Authentication
slug: /deployment/security/ldap
---

# Setting up Ldap Authentication
{%important%}

Security requirements for your **production** environment:
- **DELETE** the admin default account shipped by OM in case you had [Basic Authentication](/deployment/security/basic-auth)
  enabled before configuring the authentication with Auth0 SSO.
- **UPDATE** the Private / Public keys used for the [JWT Tokens](/deployment/security/enable-jwt-tokens). The keys we provide
  by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.

{%important%}

OpenMetadata allows using LDAP for validating email and password authentication.
Once setup successfully, the user should be able to sign in to OpenMetadata using the Ldap credentials.

Below are the configuration types to set up the LDAP Authentication:

{%inlineCalloutContainer%}
  {%inlineCallout
    color="violet-70"
    icon="celebration"
    bold="Docker Security"
    href="/deployment/security/ldap/docker"%}
    Configure LDAP for your Docker Deployment.
  {%/inlineCallout%}
  {%inlineCallout
    color="violet-70"
    icon="storage"
    bold="Bare Metal Security"
    href="/deployment/security/ldap/bare-metal"%}
    Configure LDAP for your Bare Metal Deployment.
  {%/inlineCallout%}
{%/inlineCalloutContainer%}

## Metadata Ingestion

For ingesting metadata when LDAP is enabled, it is mandatory to configure the `ingestion-bot` account with the JWT configuration. 
To know how to enable it, you can follow the documentation of [Enable JWT Tokens](/deployment/security/enable-jwt-tokens).
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00			`---`
			`title: Ldap Authentication`
			`slug: /deployment/security/ldap`
			`---`

			`# Setting up Ldap Authentication`
Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`{%important%}`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00
			`Security requirements for your production environment:`
			`- DELETE the admin default account shipped by OM in case you had [Basic Authentication](/deployment/security/basic-auth)`
			`enabled before configuring the authentication with Auth0 SSO.`
			`- UPDATE the Private / Public keys used for the [JWT Tokens](/deployment/security/enable-jwt-tokens). The keys we provide`
			`by default are aimed only for quickstart and testing purposes. They should NEVER be used in a production installation.`

Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`{%important%}`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00
			`OpenMetadata allows using LDAP for validating email and password authentication.`
			`Once setup successfully, the user should be able to sign in to OpenMetadata using the Ldap credentials.`

			`Below are the configuration types to set up the LDAP Authentication:`

Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`{%inlineCalloutContainer%}`
			`{%inlineCallout`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00			`color="violet-70"`
			`icon="celebration"`
			`bold="Docker Security"`
Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`href="/deployment/security/ldap/docker"%}`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00			`Configure LDAP for your Docker Deployment.`
Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`{%/inlineCallout%}`
			`{%inlineCallout`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00			`color="violet-70"`
			`icon="storage"`
			`bold="Bare Metal Security"`
Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`href="/deployment/security/ldap/bare-metal"%}`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00			`Configure LDAP for your Bare Metal Deployment.`
Update requirements and docs migration (#11170) * requirements docs * docs update as per comment and changing old component to new * docs update for auto tagging * removed collapse componenet * fix broken links 2023-04-21 21:59:41 +05:30			`{%/inlineCallout%}`
			`{%/inlineCalloutContainer%}`
Prepare Docs V1 structure (#11089) * Prepare Docs V1 structure * Point to the v1.0.0 images dir * Use the same ssh key * Use new key * Add connectors icons * Update images 2023-04-17 16:45:47 +02:00
			`## Metadata Ingestion`

			For ingesting metadata when LDAP is enabled, it is mandatory to configure the `ingestion-bot` account with the JWT configuration.
			`To know how to enable it, you can follow the documentation of [Enable JWT Tokens](/deployment/security/enable-jwt-tokens).`