Choosing an LDAP server can be a complicated task. There are a number of different solutions that purport to be excellent LDAP servers. But it can be complicated for IT organizations to choose the right solution. Now, IT admins also have another option – LDAP in the cloud. Provided as a SaaS-based solution, LDAP-as-a-Service can be an excellent alternative to traditional on-prem LDAP solutions.
Ultimately, the decision for choosing the right LDAP offering is based on an organization’s key requirements. In this blog post, we’ll highlight a few different options for LDAP solutions and then discuss different requirements as a basis for your decisions.
LDAP Server Solutions
OpenLDAP – this is perhaps the most popular open source LDAP server. OpenLDAP is mainly used at the command line and often requires a fair amount of expertise to run.
Apache Directory Server – here’s another popular OpenLDAP server that also includes Kerberos support. Apache Directory Server’s claim to fame has been its stronger maintenance and management capabilities with Apache Directory Studio and also the ability to run stored procedures and triggers.
389 Directory Server – (previously Fedora Directory Server) this is another incarnation of LDAP. 389 Directory Server is focused on being a reasonably high-performance version of LDAP.
Directory-as-a-Service® – a commercial version of LDAP, this solution is a broad identity management platform with the ability to leverage the LDAP protocol. Directory-as-a-Service is a SaaS-based cloud offering.
Making the decision about which LDAP server to choose can be confusing. It is easier to decide on the best approach by creating a list of key requirements. Below are some requirements worth considering. Of course, each organization may have a number of other considerations as well.
Self-hosted or SaaS-based LDAP? – A basic decision that needs to be made by the IT team is whether they are interested in self-managing the LDAP solution or whether an outsourced SaaS-based offering is useful. For cloud LDAP offerings, the benefit is that the provider takes on the role of implementing and managing the LDAP infrastructure.
IT resources requiring LDAP authentication – What IT resources you need to connect to the LDAP server will also make a difference on what you choose. If you are using LDAP for a variety of different devices and applications, you will want to make sure that you understand how difficult it is to connect those IT resources to the LDAP solution you choose.
Central Identity Provider or Adjunct? – Your decision will depend upon whether your LDAP server is the authoritative source of your identities or whether the LDAP solution will connect to another identity provider.
Obviously, there are other more technical requirements that each organization will have to examine. And those will need to be tested with each potential solution.
Let JumpCloud® Handle Your LDAP Server Needs
The goal of LDAP-as-a-Service is to offload the heavy lifting of internally running an LDAP solution. It also is a portion of the broader Directory-as-a-Service platform that serves as the core identity provider for an organization. As the central, authoritative user management system, Directory-as-a-Service supports a variety of different systems (Windows, Linux, and Mac), cloud and on-prem applications, and networks.