By Natalie Bluhm Posted February 4, 2018
With the changes in the IT management tools space, many IT admins have had the thought,
“Can I replace AD with LDAP?” The short answer is no, in most cases. There are some situations where this is possible, but in general, IT admins are better off replacing Active Directory® with a more comprehensive cloud identity management platform.
The changes in IT management tools are really a function of the changes that are underway in the IT space as a whole. With IT organizations transforming their networks to be cloud and web based, it makes sense that the tools that IT admins are using to manage their IT infrastructure are changing as well. Let’s take a look at how these changes have impacted IT’s decision to replace Active Directory.
How Active Directory Hit Rock Bottom
The identity management space is in a state of transformation right now. Historically, Microsoft® Active Directory has been the core identity and access management platform for an organization. This made a lot of sense in the past because the network was all on-prem and Windows® based. In fact, it was a core part of Microsoft’s strategy to stitch together the ability to manage users and systems. Then new resources were introduced that Active Directory wasn’t designed to connect to, and they have only increased in numbers.
The shift to Mac and Linux systems, web applications, new technical applications, and cloud infrastructure from AWS® has created a desire to have one central identity provider that can manage all of these disparate IT resources. IT organizations know that AD is excellent with on-prem, Windows-based networks. Unfortunately, ever since these new, cloud-based, non-Microsoft resources emerged, AD has struggled to provide effective user and system management.
Can You Replace AD With LDAP?
LDAP has been a great open source alternative to Active Directory for many years. In many instances, organizations have leveraged AD and OpenLDAP™ simultaneously. The challenge is that LDAP works well with IT resources that speak LDAP, but if they prefer a different authentication protocol, then LDAP struggles. The result is that you can replace AD with LDAP, but really only in the case if you’re shifting to largely LDAP-based solutions – i.e. Linux, and more technical applications. In general, LDAP isn’t going to be the core identity provider for an organization because of its limited purview. The good news is there is another identity provider option that can replace Active Directory. It’s called JumpCloud Directory-as-a-Service®.
Replace AD with a Cloud Core Identity Provider
JumpCloud Directory-as-a-Service is a cloud identity management platform that securely manages and connects user identities to the IT resources they need regardless of platform, protocol, provider, and location. JumpCloud’s agnostic approach means IT can securely manage user authentication to systems (Linux, Mac, and Windows), on-prem and remote servers (GCP, AWS), LDAP and SAML based applications (Atlassian™, Salesforce®), physical and virtual file storage, and wired and wireless networks. You can move your directory services to the cloud, centralize access to modern IT resources, and keep using your LDAP-based resources.
Find out More about the Cloud Alternative to AD
Learn more about why you should rethinking replacing AD with LDAP by reading Ooyala’s case study. They replaced their OpenLDAP instance with JumpCloud, and couldn’t be more happy about it. Still wondering, “Can I replace AD with LDAP”? Drop us a note if you have some remaining questions about why you should consider moving to a cloud-based directory service instead. We’ll gladly walk you through the advantages of leveraging JumpCloud Directory-as-a-Service. If you’re ready to start testing JumpCloud, sign up for a free account. You will have full access to all of our features, and your first ten users are free forever.