Choosing the right LDAP server for your organization is an important decision, and there are several options to consider. For one, hosting your LDAP server on-prem is no longer your only option; cloud LDAP is a SaaS-based solution that can provide an excellent alternative to traditional on-prem solutions. In fact, cloud or on-prem may, perhaps, be the most critical question to ask yourself when choosing an LDAP solution.
Ultimately, you should choose the right LDAP offering based on your organization’s key requirements. So, this blog will cover some of the most common LDAP requirements to consider and then highlight a few different options for LDAP solutions.
Making the decision about which LDAP server to choose can be confusing. The best way to start is to understand what you need from an LDAP server, and then evaluate which option best meets those needs. The following are some suggestions for key requirements worth considering, but every organization may have its own unique considerations as well.
Self-Hosted or Cloud LDAP?
A basic decision that needs to be made by the IT team is whether they are interested in self-managing their LDAP solution or outsourcing that management with a SaaS-based LDAP offering. With cloud LDAP offerings, the provider takes on the role of implementing and managing the LDAP infrastructure, including worrying about issues such as scaling, availability, and security.
You’ll need to make sure the LDAP solution you choose is compatible with the resources and environment in place. This includes compatibility with the following areas.
IT Resources Requiring LDAP Authentication
The types of IT resources you need to connect to the LDAP server will help determine which LDAP solution you choose. If you are using LDAP for a variety of different devices and applications, for example, you’ll need to make sure you can easily connect those resources with the LDAP server you choose.
Central Identity Provider or Adjunct?
Your LDAP server decision will also depend on whether you want it to act as the authoritative source of your identities, or whether it will connect to another identity provider such as Microsoft Active Directory. The integration between those and/or other identity systems can be complicated if they aren’t built to integrate well together. Using an open directory like JumpCloud allows you to use the JumpCloud platform as an identity provider or easily integrate with the identity provider you choose.
Mac, Windows, or Linux?
The systems that need to use LDAP authentication may influence which LDAP server you choose. OpenLDAP, for example, tends to work better with authenticating Linux devices than with Mac and Windows ones. Consider which systems you need to support and how compatible they are with the LDAP server options you’re looking at.
LDAP Server Solutions
OpenLDAP is perhaps the most popular open-source LDAP server on the market. OpenLDAP has stood the test of time with a vibrant community (despite RedHat’s decision to remove it from its distribution).
OpenLDAP is mainly run at the command line and requires a fair amount of expertise. Since Linux tends to cater to more technical users, OpenLDAP supports Linux systems well. However, it tends to fall short with Mac and Windows, which are designed to support their vendors’ LDAP implementations (Apple Open Directory and Microsoft Active Directory, respectively). As a result, integrating OpenLDAP with Windows and Mac can be a complex manual process.
Further, OpenLDAP only supports LDAP; it doesn’t support other protocols, and therefore cannot support the wide range of resources in a modern environment. So, while an OpenLDAP infrastructure is certainly useful, it is merely one protocol amongst a handful that you’re likely already using.
Despite these difficulties, OpenLDAP is highly scalable and used by some of the largest organizations in the world. Ultimately, it should be reserved for the most experienced IT pros out there, as it essentially requires an engineer to run and maintain.
Apache Directory Server
Apache Directory Server is another popular LDAP server that also includes Kerberos support. Apache Directory Server’s main claim to fame has been its stronger maintenance and management capabilities with Apache Directory Studio, as well as the ability to run stored procedures and triggers. Combined with Eclipse-based LDAP browser, this solution can be easier to use and maintain.
389 Directory Server (Previously Fedora Directory Server)
Yet another incarnation of LDAP, 389 Directory Server, run by RedHat, is focused on being a reasonably high-performance version of the protocol. 389 Directory Server is open source and shares many similarities with OpenLDAP. And, like OpenLDAP, it works best with Linux and requires significant technical knowledge to implement and manage.
JumpCloud Directory Platform
JumpCloud Directory Platform is a commercial version of an LDAP server, delivered from the cloud and made accessible to all different types of IT admins. It is compatible with Mac, Windows, and Linux, and supports many additional protocols, including SAML, SCIM, RADIUS, and JIT provisioning. This allows users to securely connect to the resources they need from anywhere and on any trusted device.
Let JumpCloud Handle Your LDAP Server Needs
JumpCloud’s cloud-based LDAP solution is one of many offerings that make up a suite of directory and IT management services. As an open directory platform, JumpCloud gives you the flexibility to manage your IT environment — including identities, devices, and resources — the way that you choose.
This includes managing multi-OS environments with GPO-like policies, protecting networks with RADIUS and VLANs, enabling single sign-on (SSO) to both web applications via SAML and legacy applications through LDAP, and connecting to file servers on-prem and in the cloud (like NAS/Samba devices, Box, G Drive). It allows you to easily connect with other identity providers, HR platforms, and other third-parties to allow you to build the IT environment that works best for your organization.