LDAP-as-a-Service For AWS®

By Vince Lujan Posted April 27, 2019

LDAP-as-a-Service for AWS®

Is there an LDAP-as-a-Service for AWS®? It would certainly be helpful as more DevOps tools and infrastructure shifts to the cloud.

Well, the short answer is, yes—but it isn’t from AWS. Rather, the modern Directory-as-a-Service® is reimagining Microsoft® Active Directory® (AD) and LDAP for the cloud era.

We’ll dig into that further down the page. First, let’s go over why an organization would want LDAP-as-a-Service for AWS to begin with.

Why Do Modern IT Organizations Use LDAP?

The Lightweight Directory Access Protocol (LDAP) is a core part of the authentication process for DevOps tools and infrastructure. Some examples of DevOps applications that leverage LDAP are Kubernetes, Jenkins, Docker, OpenVPN, Git, and many more.

Obviously, developers and operations engineers need secure access to critical applications and infrastructure such as these, which is why IT admins leverage LDAP. However, since LDAP is traditionally an on-prem implementation, what is perhaps less apparent is how to provide LDAP functionality from the cloud.

How Have Organizations Traditionally Provided LDAP?

LDAP is one of the oldest authentication protocols in use today for computer systems. Originally developed for on-prem networks of legacy systems and applications, traditional LDAP solutions have served IT admins well for decades.

Admins typically leverage LDAP-based IAM platforms to provide LDAP functionality in their IT environments. Examples of traditional LDAP-based IAM solutions include the legacy Active Directory platform as well as OpenLDAP.

What are the Challenges with Legacy LDAP?

Traditional LDAP implementations have been quite painful to implement and manage by modern standards. For example, a legacy LDAP setup usually requires heavy investment into on-prem hardware, integrations, and ongoing maintenance.

Not only that, but modern IT organizations often need more than just the LDAP protocol for authentication. There is also SAML for web applications, RADIUS for WiFi networks, SSH for server access, and more.

As a result, modern IT organizations are moving away from traditional LDAP implementations in favor of LDAP-as-a-Service alternatives that can provide a more complete identity management solution. Of course, finding such an LDAP-as-a-Service solution is a challenge in and of itself.

Given that so much of the cloud is based in AWS, admins naturally look to AWS for a cloud-based LDAP solution. However, that’s where many admins reach a dead end. AWS doesn’t really offer their own LDAP service.

How Do You Provide LDAP for AWS?

Many people may consider AWS Directory Service for their LDAP services within AWS. Unfortunately, AWS Directory Service is really a semi-managed Active Directory instance that is intended to extend on-prem AD identities to Windows-based resources in AWS.

So, while AWS Directory Service might provide LDAP for AWS, it is still tied to AD on-prem and primarily focused on Windows cloud resources. A true LDAP-as-a-Service solution would enable IT organizations to leverage LDAP functionality without anything on-prem and without being tethered to legacy platforms.

Fortunately, as previously noted, a next generation Directory-as-a-Service has emerged that is effectively Active Directory and LDAP reimagined for the cloud.

LDAP-as-a-Service for AWS via JumpCloud®

JumpCloud Directory-as-a-Service is a next generation cloud identity provider that is enabling IT admins to reimagine the IAM category as a whole. What has historically been offered from legacy directory services platforms working in combination with a patchwork of add-on solutions can now be delivered from one comprehensive cloud-based service.

As a result, JumpCloud Admins can connect their users to virtually any IT resource, including LDAP-based systems and applications, both in the cloud at AWS, GCP, Azure, and also on-prem. Essentially, JumpCloud Directory-as-a-Service is a cross-platform, vendor-neutral, protocol-driven directory service that securely manages and connects users to virtually any IT resource, from the cloud.

Sign up for a free account to check out LDAP-as-a-Service for AWS with JumpCloud. The full functionality of the Directory-as-a-Service platform is free for up to 10 users. If you have any questions, say hello.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts