The Lightweight Directory Access Protocol (LDAP) is the core authentication protocol leveraged for authenticating virtual user identities in IT organizations. It is the backbone of on-prem identity management solutions like OpenLDAP™ and Microsoft Active Directory® (AD). However, as more IT resources shift to the cloud, many IT organizations are looking for a cloud LDAP solution.
The good news is that a new generation of hosted LDAP solution has emerged that has revolutionized the way IT organizations think about LDAP. It’s called Directory-as-a-Service®, but before we discuss the benefits of a cloud LDAP solution, it’s important to understand why a cloud LDAP solution is significant in modern IT.
On-Prem LDAP Solution
The origin of LDAP stretches back to 1993 when our advisor, Tim Howes, and his colleagues at The University of Michigan released their lightweight alternative to the X.500 directory service protocol. They called it LDAP, and it has since become one of the most well known methods of authenticating user identities for access to IT resources.
Two core solutions emerged from the LDAP protocol. The first, of course, was OpenLDAP – the open source iteration of the LDAP protocol. The other was from Microsoft, which combined LDAP and Kerberos to create Active Directory.
OpenLDAP has been highly successful primarily in data center implementations. However, it was Active Directory that would go on to become the most dominant Identity and Access Management (IAM) solution for users and systems to date. Nevertheless, they were both built on the foundation of LDAP.
However, the effectiveness of AD, and OpenLDAP for that matter, really comes down to two primary factors. For one, they were both optimized for the on-prem, homogenous IT environments that existed prior to the introduction of the cloud. The other factor is that IT resources had to be directly bound to their domain.
Neither of these factors presented challenges prior to the introduction of the cloud. For example, AD was introduced when the vast majority of IT resources were still Windows-based and on-prem, so it made sense to also have a Windows-based management solution that was also on-prem.