OpenLDAP™ for Windows®, Mac®, & Linux®

Can you use OpenLDAP™ for Windows®, Mac, and Linux®? The short answer is that it is possible, but for the most part, it is incredibly painful to leverage LDAP for system authentication. On one hand, Linux is generally an easier platform to utilize with OpenLDAP. On the other hand, Windows and Mac are far more difficult to make work with OpenLDAP.

In general, the fact that OpenLDAP works better with Linux systems does make a lot of sense. Linux systems and the users who operate them generally focus on the more technical aspects of computing. So, when it comes to OpenLDAP, an authentication protocol most popular with technical applications and servers, it stands to reason that the two go together. Some of the typical use cases we see OpenLDAP leveraged in are data centers and cloud infrastructure services like those from AWS® and GCE. While OpenLDAP does a good job of supporting Linux systems, there are still a few challenges to be aware of when it comes to using it as your directory service.

OpenLDAP: Three Challenges

The challenge with using OpenLDAP for Windows, Mac, and Linux authentication is three-fold. The first is that OpenLDAP is optimized for LDAP-centric systems and applications. You can find these types of resources in DevOps outfits and other technical organizations. Unfortunately, Mac and Windows systems have generally been optimized for the platforms their respective companies have created for them. In the case of Mac, macOS®is optimized for Open Directory. For Windows systems, they’re designed to work with Active Directory®. The result is that integrating OpenLDAP with Windows and Mac can often be a manual process—one that requires a large number of steps.

The second issue is that a core directory service is often the central point of user and system management across IT resources. Resources include not only systems, but applications (web and on-prem), cloud servers often requiring the use of SSH keys for authentication, file servers, and WiFi and wired networks. Many of the resources mentioned make use of authentication protocols that are different from LDAP. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: