Apple Open Directory Versus OpenLDAP

Written by Greg Keller on March 10, 2016

Share This Article

With so many Macs being sold by Apple, organizations are looking for a solution to manage user access to an array of devices. Apple’s Open Directory solution is often discussed as a directory service for Mac devices.

Of course, the open source OpenLDAP is often brought up in that same conversation. In fact, both solutions come from the same lineage as Apple Open Directory is an off-shoot of OpenLDAP. IT admins often need to make a decision between  Apple Open Directory and OpenLDAP based on a number of concerns.

What to Consider in the Decision-Making

The question of whether or not the organization has only Apple Macs or other Linux-based devices which need to be connected to the core directory services is a great starting point. The next question is whether or not there are applications that need to be connected to the directory server. Integration with the WiFi network can be another factor that must be considered.

The simple answer: for networks that are largely Apple products Apple Open Directory is likely the best choice. If there are other types of systems or applications involved, it may make sense to consider other alternatives such as OpenLDAP that will perform better in that situation.

Some IT admins have access to open source software. The code for an application is sometimes available and they can modify it to provide the services they need. For other IT admins, not having access is not a factor and they are just looking to solve a particular problem.

Obviously OpenLDAP will be fully open and has a broad community of support that assists with the implementation and utilization of the software. Commercial solutions sometimes don’t share all of their source code as they likely view it as proprietary. Of course, open source components are shared, but some areas may be closed source which for some IT engineers is unfortunate.

Factoring in Cloud Infrastructure and Web Applications

While these two factors can be part of the decision, the shift to cloud infrastructure and web applications is likely an even bigger factor. This move is changing how on-premises directory services are perceived and how they can be utilized. If the discussion revolves around Open Directory and OpenLDAP, including cloud directory services that provide LDAP-as-a-Service in the conversation is necessary. Virtual directory services are a great solution to all of these challenges. The infrastructure is shifted to the cloud and delivered as an SaaS-based service.

IT admins don’t need to concern themselves with  installing, configuring, and managing an on-prem directory solution. Modern Directory-as-a-Service® platforms go beyond just a virtual LDAP solution and will connect to systems such as Macs, Windows, and Linux.

Cloud directory services can also connect to on-prem LDAP-based applications as well as web-based SAML. In short, any IT admin in any organization will need to figure out which solution will work best for their particular needs.

If you would like to learn more about whether Apple Open Directory or OpenLDAP is a better choice or whether you need to look at Directory-as-a-Service as well, drop us a note. We’d be happy to talk to you about it. Or, you should feel free to compare JumpCloud’s Identity-as-a-Service platform for yourself. Your first 10 users are free forever.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter