Can you leverage an outsourced OpenLDAP™ provider rather than building your own LDAP infrastructure? The answer with Directory-as-a-Service® is yes. OpenLDAP has become a prominent solution in many IT networks. While it isn’t often the core identity provider for an organization, it often plays the critical role of being the user database for more technical systems and applications. OpenLDAP will also often serve as the identity store for an organization’s customers or end user logins (think mobile or web application users).
In The Beginning, There Was LDAP
OpenLDAP hit the market after Tim Howes, our advisor, and his colleagues created the Lightweight Directory Access Protocol (LDAP) while they were at the University of Michigan. At the time, desktop computers and the internet were radically changing the workplace, and the bandwidth of these resources couldn’t effectively support the X.500 – the directory services protocol at the time. So, LDAP was created to be a much more efficient (lightweight) version of the X.500.
AD and OpenLDAP Dominate the Identity Provider Market
The creation of LDAP spawned OpenLDAP and Microsoft Active Directory®. Both identity providers had important use cases within the IT infrastructure.
Active Directory would go on to become the monopoly in the space and be used for the core identity provider for internal employees and contractors. This was largely due to the fact that most IT networks were based on Windows and located on-prem.
OpenLDAP was successful where Linux or different flavors of Unix were in use for data center implementation. Applications based on these platforms would also often be connected to LDAP, and LDAP authentication was relatively straightforward to add to a non-Windows based product. As a result, IT admins and DevOps engineers would often add an LDAP instance to help manage user access to their technical infrastructure.
Of course, the challenges with OpenLDAP were well known. As an open source platform, OpenLDAP had the benefit of being highly flexible, but the downside was the complexity and difficulty in installing, configuring, and maintaining the identity management platform. Often, IT organizations would delegate running OpenLDAP to their more technical (Read more...)