Is Active Directory® or OpenLDAP™ Better?

active directory or openldap

It’s an age old question – when looking for a directory solution, is Active Directory® or OpenLDAP™ better? This question has been asked frequently over the past two decades, and is still getting asked today. With the advent of next generation cloud identity management solutions, many admins are beginning to revisit the idea. What is the best directory solution out there?

Difference Between Active Directory and OpenLDAP

LDAP was initially created at the University of Michigan by Tim Howes, a JumpCloud advisor, and some of his colleagues. This invention kicked off the modern era of identity management. From the creation of LDAP, two major directory services spawned: Microsoft Active Directory, and OpenLDAP. Since they both came from the creation of LDAP, both of these solutions had the LDAP protocol at their core.

As time went on, the Microsoft solution evolved. Microsoft added Kerberos as a key protocol for Active Directory, and then tightly tied the directory service to the Windows platform. This led to AD’s commercial success, as it perfectly matched the IT environment of the early 2000s. For Windows-based networks, Active Directory quickly became the ideal choice. For non-Windows resources like Mac and Linux systems, web applications, and others, Active Directory ended up being problematic.

While Microsoft became the main commercial option, OpenLDAP went on to become the open source directory services leader. LDAP thrived with Linux based systems and more technical applications. Unfortunately, it still presented similar problems as AD. OpenLDAP struggled with managing Mac and Windows machines. Of course, OpenLDAP only authenticated LDAP-based requests, so if an IT resource didn’t play well with LDAP, then you’d need an alternate authentication method. Again, not an ideal solution.

Choosing a Directory Solution

The challenge presented by these directories is that admins need to figure out which directory best fits the needs of their IT environment. Are you a Windows shop that has all of your resources on-prem? Active Directory might work for you. Are you an on-prem Linux focused company? Then OpenLDAP may be a decent solution. But the truth of the matter today is that (Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/active-directory-openldap-better/

Jon Griffin

Jon Griffin works as a writer for JumpCloud, an organization focused on bringing centralized IT to the modern organization. He graduated with a degree in Professional and Technical Writing from the University of Colorado Colorado Springs, and is an avid learner of new technology from cloud-based innovations to VR and more.

jon-griffin has 169 posts and counting.See all posts by jon-griffin