Choosing the Right LDAP Server

Written by Rajat Bhargava on April 14, 2021

Share This Article

Choosing an LDAP server can be a complicated task. There are a number of different solutions that purport to be excellent LDAP servers. But, fighting through the noise can be difficult, and it’s a complicated issue already.

Choosing the right LDAP server for your organization is paramount, and now IT admins have another option to consider; LDAP in the cloud. Provided as a SaaS-based solution, Cloud LDAP can provide an excellent alternative to traditional on-prem solutions. In fact, cloud or on-prem may, perhaps, be the most critical question to ask yourself when choosing an LDAP solution.

Ultimately, the decision for choosing the right LDAP offering is based on an organization’s key requirements. So, in this blog post we’ll highlight a few different options for LDAP solutions and then discuss different requirements you should consider as a basis for your decision. 

LDAP Server Solutions 

OpenLDAP™

OpenLDAP is perhaps the most popular open source LDAP server in the market. OpenLDAP has stood the test of time with a vibrant community despite RedHat’s decision to remove it from it’s distribution (arguably this was to increase its revenue with 389 – see below). OpenLDAP is mainly run at the command line and often requires a fair amount of expertise.

Ultimately, this option should be reserved for the most experienced IT pros out there, as it essentially requires an engineer to run and maintain. Of course, OpenLDAP is highly scalable and used by some of the largest organizations in the world.

Apache Directory Server

Apache Directory Server is another popular LDAP server that also includes Kerberos support. Apache Directory Server’s main claim to fame has been its stronger maintenance and management capabilities with Apache Directory Studio, as well as the ability to run stored procedures and triggers. Combined with Eclipse-based LDAP browser, this solution can be easier to use and maintain.

389 Directory Server (Previously Fedora Directory Server)

Yet another incarnation of LDAP, 389 Directory Server, run by RedHat, is focused on being a reasonably high-performance version of the protocol. It should be noted that RedHat and SUSE dropped support for OpenLDAP and instead will utilize 389 Directory Server, which is their homegrown version of the LDAP protocol. Conspiracy theories aside, it seems like RedHat dropping support for OpenLDAP may have simply been an economic decision.

JumpCloud Directory Platform

JumpCloud Directory Platform is a commercial version of an LDAP server, delivered from the cloud and made accessible to all different types of IT admins. From seasoned IT admins to jack-of-all trades types, this complete directory services solution utilizes more than just LDAP; it is a reimagination of directory services as a whole. 

LDAP Requirements

Making the decision about which LDAP server to choose can be confusing. There are multiple options and each seems to come with its own set of benefits and drawbacks. It may be easier to decide on the best approach by creating a list of key requirements. Below are some suggestions worth considering, but it is important to note that each organization may have a number of other considerations as well. Feel free to reach out to us if you need any help.

Self-Hosted or Cloud LDAP?

A basic decision that needs to be made by the IT team is whether they are interested in self-managing the LDAP solution or whether an outsourced SaaS-based LDAP offering from the cloud would prove useful for them. For cloud LDAP offerings, the benefit is that the provider takes on the role of implementing and managing the LDAP infrastructure, including worrying about issues such as scaling, availability, and security. 

IT Resources Requiring LDAP Authentication

What IT resources you need to connect to the LDAP server will also make a difference on what you choose. If you are using LDAP for a variety of different devices and applications, you will want to make sure that you understand how difficult it is to connect those IT resources to the LDAP solution you choose. 

Central Identity Provider or Adjunct?

Your decision will also depend on whether your LDAP server is the authoritative source of your identities, or whether the LDAP solution will connect to another identity provider such as Microsoft Active Directory. The integration between those and/or other identity systems can be complicated and will require the right engineering resources. Don’t forget that you’ll need to ensure the integration is resilient, as a broken connection will mean downtime for your users.

Obviously, these are just a small example of potential questions that you may ask yourself when thinking about what LDAP server solution is right for you. There are sure to be other, more technical requirements that each organization will have to examine. Each of those will need to be tested with each potential solution. But, only one of them allows you to test it without actually having to set up and configure the LDAP server on-prem. (Related: Is there a Free LDAP Server Available?)

Let JumpCloud® Handle Your LDAP Server Needs

The goal of Cloud LDAP is to offload the heavy lifting that comes with internally running an LDAP solution. It is also only a portion of the broader cloud directory platform that serves as the core identity provider for an organization. 

As a comprehensive directory services solution, JumpCloud enables you to manage systems (Mac, Linux, Windows) via GPO-like Policies, protect networks with RADIUS and VLANs, enable single sign-on to both web applications via SAML and legacy applications through LDAP, and connect to file servers on-prem and in the cloud (NAS/Samba devices, Box™, G Drive™). JumpCloud also offers system management capabilities through MDM services and stepped-up security through Zero Trust offerings.

Sign up today for a JumpCloud Free account and put the task of choosing an LDAP server behind you. When you sign up you get immediate access to the full breadth of the platform, and you can manage up to 10 users and 10 systems free. If you have further questions, feel free to drop us a line. You’ll also receive 10 days of Premium 24×7 in-app chat support.

Continue Learning with our Newsletter