It’s an age old question – when looking for a directory solution, is Active Directory® or OpenLDAP™ better? This question has been asked frequently over the past two decades, and is still getting asked today. With the advent of next generation cloud identity management solutions, many admins are beginning to revisit the idea. What is the best directory solution out there?
Difference Between Active Directory and OpenLDAP
LDAP was initially created at the University of Michigan by Tim Howes, a JumpCloud advisor, and some of his colleagues. This invention kicked off the modern era of identity management. From the creation of LDAP, two major directory services spawned: Microsoft Active Directory, and OpenLDAP. Since they both came from the creation of LDAP, both of these solutions had the LDAP protocol at their core.
As time went on, the Microsoft solution evolved. Microsoft added Kerberos as a key protocol for Active Directory, and then tightly tied the directory service to the Windows platform. This led to AD’s commercial success, as it perfectly matched the IT environment of the early 2000s. For Windows-based networks, Active Directory quickly became the ideal choice. For non-Windows resources like Mac and Linux systems, web applications, and others, Active Directory ended up being problematic.
While Microsoft became the main commercial option, OpenLDAP went on to become the open source directory services leader. LDAP thrived with Linux based systems and more technical applications. Unfortunately, it still presented similar problems as AD. OpenLDAP struggled with managing Mac and Windows machines. Of course, OpenLDAP only authenticated LDAP-based requests, so if an IT resource didn’t play well with LDAP, then you’d need an alternate authentication method. Again, not an ideal solution.
Choosing a Directory Solution
The challenge presented by these directories is that admins need to figure out which directory best fits the needs of their IT environment. Are you a Windows shop that has all of your resources on-prem? Active Directory might work for you. Are you an on-prem Linux focused company? Then OpenLDAP may be a decent solution. But the truth of the matter today is that (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/active-directory-openldap-better/