The on-prem directory service has been a staple in virtually every organization for a number of years. In fact, Microsoft® Active Directory® – the legacy identity provider – may have more market share in its area than any other Microsoft solution. There have been alternatives though, with OpenLDAPTM being one of the most popular open source directory services solutions. However, the number of OpenLDAP users still pales in comparison to AD’s usage. But the adoption of AD is beginning to trend down, and it’s because of the cloud. As the identity provider shifts to the cloud, can IT organizations leverage a cloud directory that features LDAP-as-a-Service instead of their on-prem counterpart?
The answer is yes. But, first let’s walk through some history, and then we’ll take a look at why you should consider leaving your on-prem OpenLDAP instance.
The Creation of LDAP
The LDAP protocol was created by our advisor, Tim Howes, and his colleagues at the University of Michigan. The boom of the internet and the growing use of desktop computers created a need for an optimized version of the X.500, the directory services protocol at the time. The X.500 was too complex to be properly supported by desktop computers and the internet, so Tim Howes and his colleagues developed a lightweight version now known as the Lightweight Directory Access Protocol (LDAP). LDAP worked so well that it prompted the creation of the two most popular directory services solutions, Active Directory and OpenLDAP. Each one had its own use cases with AD being best for Windows networks, and OpenLDAP utilized for more technical, Unix or Linux based applications and systems.
The Pro’s and Con’s with OpenLDAP
The benefit of the open source directory service, OpenLDAP, is that it is flexible and IT admins and developers can customize it to their needs via custom schemas. Most organizations have implemented it on-prem and end up managing it internally with their own IT resources. However, the advantages of OpenLDAP are also its downfall. For example, increased flexibility can be more difficult to manage. Often, organizations require the time of an engineer to complete simple tasks like adding a user. Depending on the frequency and the amount of time you need from an engineer, this can make OpenLDAP a costly component to have in your IT environment. Additionally, OpenLDAP has been known to be harder to install and configure than its counterpart, Active Directory.
Move to our Cloud Directory Feature LDAP-as-a-Service
The good news for IT admins is that the cloud directory feature LDAP-as-a-Service provides the benefits of OpenLDAP without the heavy lifting. As a SaaS-based service for LDAP, Directory-as-a-Service® can be easily connected to on-prem and cloud-based IT applications and resources (e.g. Samba file servers and NAS appliances) that require LDAP authentication. You simply get to enjoy the benefits of LDAP while we manage the configuration, management, and availability.
Furthermore, our multi-protocol approach enables you to centralize additional IT resources like Mac, Linux, and Windows systems (via our lightweight agent), SAML-based applications, and wired and wireless networks (via RADIUS-as-a-Service). You’ll be able to provide your end users with frictionless access to all of the resources they need, while you achieve optimized control over your IT environment.
Learn more about our Cloud Directory feature LDAP-as-a-Service
For more information, consider reading Ooyala’s case study to find out how they replaced OpenLDAP with our cloud directory feature LDAP-as-a-Service. You are also more than welcome to reach out to us with any questions you might have about our hosted LDAP solution. We also encourage you to start testing our cloud-based directory service by signing up for a free account. All of our features are available, and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud