Web Based LDAP Authentication

web based ldap authentication

Web based LDAP authentication is highly sought after in modern IT organizations. LDAP (Lightweight Directory Access Protocol) is the core authentication protocol leveraged by legacy identity management solutions like Microsoft® Active Directory® (AD) and OpenLDAP™. The trouble is that both solutions were designed for on-prem IT environments. So it’s no surprise that web based LDAP authentication would be a huge advantage as more IT resources shift to the cloud.

The good news is that a next generation LDAP-as-a-Service platform has emerged with the power to authenticate user identities to a comprehensive array of IT resources. It’s called Directory-as-a-Service®. However, before we describe the advantages of the hosted LDAP solution, let’s first outline the characteristics of traditional LDAP authentication to reveal the benefits of web based LDAP authentication.

Characteristics of Legacy LDAP Authentication

Active Directory and OpenLDAP

LDAP was created by our advisor, Tim Howes, and his colleagues at The University of Michigan in 1993. LDAP was designed as a means of securing decentralized IT environments. However, it was Microsoft that introduced the concept of authenticating user access to IT resources bound to a network when they combined the LDAP and Kerberos protocols to create Active Directory in 1999.

IT networks were predominantly based on Microsoft Windows® and on-prem when AD was released. This enabled Microsoft to establish AD as the default on-prem identity management platform that could help manage access to Windows-based systems, applications, file servers, and even the network itself in most organizations.

This approach worked well for many years. However, fundamental developments in the IT landscape started to change how IT organizations approached identity management in the mid-2000’s. For example, WiFi changed network architecture, cloud infrastructure like AWS started to replace on-prem data centers, and web applications were developed for just about any business need.

tim howes LDAP quote

Then, when you factor in remote workers, disparate systems (e.g., Windows, Mac, Linux), and BYOD policies, it’s easy to understand how IT management with legacy identity management tools that were designed to support homogeneous systems and on-prem infrastructure can start to break down.

The bottom line is that AD and OpenLDAP were designed for (Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/web-based-ldap-authentication/

Vince Lujan

Vince is a documentation and blog writer at JumpCloud, the world’s first cloud-based directory service. Vince recently graduated with a degree in professional and technical writing from the University of New Mexico, and enjoys researching new innovations in cloud architecture and infrastructure.

vince-lujan has 170 posts and counting.See all posts by vince-lujan