By Greg Keller Posted March 19, 2017
IT admins sometimes ask, what is the preferred LDAP solution?
They often compare Apache Directory Server vs OpenLDAP.
OpenLDAP has been the most popular LDAP implementation for a number of years. Apache Directory Server is also a popular solution that does more than just LDAP and has a set of management tools around it. It is also worth talking about a third LDAP implementation. This one is a cloud-hosted LDAP platform called Directory-as-a-Service®.
When weighing the LDAP implementations to choose from, it is worthwhile to look at your critical requirements. With LDAP solutions, the requirements often turn to what you can do with the actual LDAP database and schema.
Assessing Your LDAP Requirements
With LDAP, the level of experience and expertise of your team running the LDAP implementation is critical. OpenLDAP is far more command-line oriented, and you have much more flexibility of what you can do. Of course, with that flexibility comes the requirement that you have more knowledge and experience with the platform.
Apache Directory Server comes with Apache Directory Studio, a collection of server management tools for LDAP and for ApacheDS. These tools include an LDAP browser, LDIF editor, schema editor, and much more. These management tools are meant to reduce the burden on IT admins who are managing the LDAP platform. OpenLDAP does have third-party management tools that can be used in conjunction with it, but it is primarily driven on the command line.
Stored Procedures, Triggers
One advantage of Apache Directory Server is the ability to run stored procedures and triggers in the LDAP database. This helps IT admins have more control over the database and maintenance/management tasks.
Each platform can perform quite well. It is best to load your dataset into both platforms and run identical tests across each LDAP platform to see which one performs better. There is third-party data that shows each directory server performing well, but it will really depend upon your specific data set, what you are doing with the identity provider, and the load you are placing on the platform.
The Bottom Line: There may be other factors that are important to you when comparing Apache Directory Server vs OpenLDAP, but those are some critical factors to consider. They are both on-prem, self-managed solutions. For those that are looking for a cloud-hosted LDAP service that can off-load the work of running and managing LDAP, there is a third solution to consider called Directory-as-a-Service.
The Cloud-Hosted Alternative to Apache Directory Server vs OpenLDAP
Directory-as-a-Service is a central identity provider that connects users to the IT resources they need regardless of protocol, provider, platform, and location. A key part of this virtual identity provider is its LDAP-as-a-Service functionality. The provider handles the heavy lifting of implementing and running the platform. The customer simply points their LDAP-based applications to the LDAP server in the cloud. Authentications happen via a globally distributed network of load-balanced LDAP servers for fast, reliable authentication.
Cloud-Hosted LDAP From JumpCloud®
If you would like to learn more about whether a cloud LDAP implementation is right for you or whether ApacheDS or OpenLDAP is better for your specific use case, drop us a note. Also, please sign up for our IDaaS platform and take a look at our cloud LDAP functionality for yourself. Finally, please know that your first 10 users are free forever.