As IT organizations consider their stances on identity management, one such consideration is the benefits of OpenLDAP™. There are, in fact, a number of benefits of OpenLDAP, but in the modern era of cloud solutions, is an on-prem, self-managed, single purpose identity provider useful to IT organizations? The short answer is yes, OpenLDAP can be highly beneficial for an organization, with the caveat that it can take a great deal of time to manage and control.
Origins of OpenLDAP
Before OpenLDAP, there was the Lightweight Directory Access Protocol (LDAP), which was used to create lines of communication between user directories and the applications that accessed them. After LDAP was first introduced, its popularity spawned a number of identity providers including OpenLDAP, Microsoft® Active Directory®, and others. As LDAP became so widely used, its status as an industry standard made a great deal of sense; LDAP was a core part of most infrastructures due to its usefulness.
OpenLDAP, an open source implementation of LDAP, would be used by organizations who needed a way to connect users to more technical IT resources, such as Linux® based applications, servers, and storage. An obvious benefit of OpenLDAP at the time was that it was very flexible, and, of course, free, thanks to its open source status.
The Metamorphosis of Identity Management
As time went on, though, IT resources started to change, and so did the protocols they leveraged. Kerberos, SAML, RADIUS, OAuth, SSH, and a dozen other authentication protocols emerged, with each one playing a different role in the IT ecosystem. Of course, LDAP would still be incredibly popular, but a single protocol identity provider, such as OpenLDAP, started to struggle.
But, the benefits of OpenLDAP didn’t go away. It was still ubiquitous with many applications supporting it, old and new (OpenVPN, Docker, Kubernetes, etc.). OpenLDAP’s flexibility and open source heritage made it ideal for those that wanted to deeply customize it. The challenge was that OpenLDAP was now one of a number of types of identity and access management (IAM) solutions that IT admins needed. (Read more...)