By Rajat Bhargava Posted April 17, 2019
IT admins are often wondering what the best LDAP server is for them to use. Of course, for different admins and organizations, there are many definitions for what “best” could mean. And, it is likely that each organization has different priorities. Some of those factors involved in the decision-making process could be performance, features, stability, ease of deployment, on-prem or off, and many more.
Perhaps unsurprisingly, there are many different avenues that organizations can explore when it comes to LDAP servers. The options in this arena include open source as well as commercial / SaaS-based solutions. It’s a complex space. So, let’s lay out your options.
Perhaps the most popular open source LDAP server in use today, OpenLDAP™ is a strong potential choice. Of course, it is an on-prem implementation that requires a good bit of overhead in the form of set up and maintenance. But, for those that want to host and maintain the server themselves, it is a good choice. OpenLDAP has plenty of flexibility and is ideal for LDAP experts that want to work at the command line and with the code directly.
389 Directory Server
A solid choice of replacement for OpenLDAP, 389 Directory Server (not to be confused with Red Hat Directory Server) is easy to install and configure. It is based on the Berkeley database, and it should also offer reasonably high performance. 389 Directory Server has a number of features that would be valuable to IT admins as well, including database control, access control, and security functionality.
Apache Directory Server
The Apache Directory Server is a component of the Apache Directory Studio suite of software. For the LDAP side, the concept of the Apache Directory Server is that it is a bit easier to manage due to some strong features regarding the ability to manage the underlying database. Specifically, Apache Directory Server can run stored procedures and triggers to make manipulation of the database and maintenance much easier.
Microsoft® Active Directory®
Organizations can use Microsoft® Active Directory® (MAD or AD) for LDAP authentication, but it may be more difficult to set up as AD’s primary authentication approach is Kerberos. As Microsoft products, most Windows systems and applications leverage the Kerberos approach. That said, there are a number of documents and APIs that IT admins can leverage to connect their LDAP-based applications to AD.
JumpCloud’s approach to directory services is dramatically different than the others on this list. As a virtual identity provider, JumpCloud doesn’t require IT admins to stand up, maintain, or secure an on-prem LDAP instance. That means no purchasing of expensive equipment or needing to employ LDAP experts just to utilize the protocol. JumpCloud leverages a global network of OpenLDAP servers for maximum compatibility and employs experts to maintain them. You just pay for what you need and let us worry about maintenance and uptime.
In addition to LDAP, JumpCloud supports native system APIs (e.g. Windows, Mac), SAML for SSO, RADIUS for network security, SSH keys for remote server access, REST APIs for a variety of functions including user provisioning, and more. Additionally, JumpCloud can help you manage systems as well, no matter the platform, with GPO-like policies—unlike the LDAP servers listed above. For example, in cross-platform scenarios, JumpCloud enables you to deploy policies for enforcing full disk encryption, deploying automatic OS updates, and setting screen lock timers.
Interested? Sign up for a JumpCloud account today. The free version of our account empowers you to manage up to 10 users, their applications, systems, and more from a single administrative console. Plus, you don’t need a credit card.
Learn More About JumpCloud
The best LDAP server for you is a matter of preference and needs, so if you’re ready to discuss your options, contact one of our product experts today, visit our Knowledge Base, or head over to our YouTube channel.