LDAP was created about 25 years ago to improve and simplify directory services. Our advisor and friend, Tim Howes, was the one of the inventors of LDAP along with his colleagues at the University of Michigan. The project was a seminal work in the category and forever changed the future of how identity management would come to work and be known. This is illustrated by the fact that a number of major directory services solutions are based in part or wholly on the LDAP protocol. Two of the most significant solutions are the open source market share leader, OpenLDAP™, and the commercial market share leader, Microsoft Active Directory®. This blog post discusses a new category of the cloud identity management market: online LDAP, sometimes called LDAP-as-a-Service.
As IT admins started to turn to the open source implementation of LDAP, OpenLDAP, they realized the great power that they had to centralize user access management and control. IT admins could add a user to the LDAP platform, and then enable IT applications and systems to authenticate access via the directory service. IT admins simply had to configure their applications and systems to pass the authentication request to their on-prem OpenLDAP instance.
This approach worked well when the entire network was on-prem or contained with one network connected via VPNs. Often, IT organizations would have data centers where their more technical platforms would live, and OpenLDAP was the choice for user management. LDAP use was often predicated on having a direct connection from the IT resource to the OpenLDAP server. Said another way, the LDAP server often times needed to be on-prem with all of the other resources.
Moving Away from the On-Prem World
As the cloud came along and infrastructure and applications started to move to off-prem, IT admins were left in a quandary. They could place their directory services platform at AWS or Google Cloud to be close to their servers, but then they would be left with two directory services platforms – one on-prem and one in the cloud. Alternatively, they could manually manage user access for their (Read more...)