Most directory services in use today leverage the LDAP protocol. Examples include OpenLDAP™, the leading open source implementation of LDAP services, and Microsoft® directory services, which adapted LDAP with their own proprietary elements to create Active Directory®. Even the most modern directory services, such as JumpCloud® Directory-as-a-Service®, leverage LDAP for authentication. So how has a 25-year-old protocol like LDAP managed to remain in use in our fast-moving IT world? We’ll answer that question by analyzing the evolution of LDAP below.
LDAP in the Beginning
According to Tim Howes, co-inventor of the LDAP protocol in 1993, the Lightweight Directory Access Protocol (LDAP) was created to provide low-overhead access to the X.500 directory.
“LDAP includes a subset of full X.500 functionality. It runs directly over TCP and uses a simplified data representation for many protocol elements. These simplifications make LDAP clients smaller, faster, and easier to implement than full X.500 clients.” (OpenLDAP.org)
LDAP has been highly successful. It has become the go to internet directory protocol for a large number of leading software applications. In fact, LDAP was so successful that LDAPv3 (the third version of LDAP) was proposed and accepted as the internet standard for directory services in 1997.
Following this milestone, Kurt Zeilenga, Cofounder/Chief Architect of the OpenLDAP Project, announced the release of OpenLDAP 1.0 in 1998 (Wiki). OpenLDAP 1.0 was the first completely open source suite of client and server applications derived from LDAPv3.3 and included advanced security features, updated platform support, and bug fixes. The fact that OpenLDAP 1.0 was an open source version of LDAP made it very popular. LDAP itself remains a widely used model for various internet standards to this day.
Challenges with LDAP
The challenge with traditional LDAP authentication in and of itself is that it can be difficult to implement and maintain as it must be built out at every level by highly skilled personnel. For example, OpenLDAP requires that admins not only have extensive knowledge of identity management architecture, but everything (Read more...)