The Quick Guide to LDAP

By Ryan Squires Posted January 28, 2020

LDAP Quick Guide

LDAP has a long history, but much of that information isn’t relevant to how LDAP is most often used now: user authentication. So instead of diving into the past, we thought it might help readers to glance at the quick guide to LDAP to understand the basics. 

What is LDAP?

LDAP powers authentication to help make sure the right people access company resources. These varied resources include systems (Windows®, macOS®, and Linux®), although system authentication with LDAP can be painful, legacy applications, files, and even WiFi networks (though RADIUS is the preferred protocol for network authentication). 

The protocol essentially works like this: A user inputs their username and password to enter a given resource. To fulfill that request, the LDAP protocol takes the username and password and checks it against a database to make sure they’re correct. If the values match, the user authenticates to the requested service, which just basically means they’re allowed to enter whatever resource they were requesting. At the same time, a process called authorization determines what the user can access while in that resource. 

What Are the Benefits of LDAP?

  • Open Source: It doesn’t cost anything to download the most popular implementation of LDAP — OpenLDAP
  • Standardized: LDAP was ratified as an Internet Engineering Task Force (IETF) standard back in 1997 with RFC 2251. As such, the industry at large supports LDAP and will continue to do so. 
  • Flexible: Developers and IT admins utilize LDAP authentication for many different use cases including application and remote server authentication. And because it‘s been used in so many different ways, there is a community surrounding the protocol that helps people get the most out of it. 

What are the Drawbacks of LDAP?

  • Age: LDAP is old. Newer authentication protocols like SAML are built for modern, cloud-forward IT environments. 
  • On-Prem: LDAP is traditionally set up on-prem with an OpenLDAP server, and it is not an easy undertaking. For organizations moving to the cloud, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: