Choosing An LDAP Server

By Rajat Bhargava Posted March 6, 2019

OpenLDAP, Apache Directory Server, 389 Directory Server, RedHat

Choosing an LDAP server can be a complicated task. There are a number of different solutions that purport to be excellent LDAP servers. But, fighting through the noise can be difficult, and it’s a complicated issue already. Choosing the right LDAP server for your organization is paramount, and now IT admins have another option—LDAP in the cloud. Provided as a SaaS-based solution, LDAP-as-a-Service can provide an excellent alternative to traditional on-prem LDAP solutions.

Ultimately, the decision for choosing the right LDAP offering is based on an organization’s key requirements. So, in this blog post we’ll highlight a few different options for LDAP solutions and then discuss different requirements as a basis for your decision.

LDAP Server Solutions

OpenLDAP

OpenLDAP is perhaps the most popular open source LDAP server in the market. But, OpenLDAP™ is mainly used at the command line and often requires a fair amount of expertise to run. Ultimately, this option should be reserved for the most experienced IT pros out there, as it essentially requires an engineer to run and maintain.

Apache Directory Server

This is another popular OpenLDAP server that also includes Kerberos support. Apache Directory Server’s main claim to fame has been its stronger maintenance and management capabilities with Apache Directory Studio as well as the ability to run stored procedures and triggers.

389 Directory Server (Previously Fedora Directory Server)

Yet another incarnation of LDAP, 389 Directory Server is focused on being a reasonably high-performance version of the protocol. Also, RedHat and SUSE dropped support for OpenLDAP and instead will utilize 389 Directory Server, which is their homegrown version of the LDAP protocol.  

Directory-as-a-Service®

This is a commercial version of an LDAP server, delivered from the cloud and made accessible to all different types of IT admins. From seasoned IT admins to jack-of-all trades types, Directory-as-a-Service is a complete directory services solution that utilizes more than just LDAP; it is a reimagination of directory services as a whole.

LDAP Requirements

Making the decision about which LDAP server to choose can be confusing. There are multiple options and each seems to come with its own set of benefits and drawbacks. It may be easier to decide on the best approach by creating a list of key requirements. Below are some suggestions worth considering, but it is important to note that each organization may have a number of other considerations as well.

Self-Hosted or SaaS-Based LDAP?

A basic decision that needs to be made by the IT team is whether they are interested in self-managing the LDAP solution or whether an outsourced SaaS-based LDAP offering would prove useful for them. For cloud LDAP offerings, the benefit is that the provider takes on the role of implementing and managing the LDAP infrastructure.

IT Resources Requiring LDAP Authentication

What IT resources you need to connect to the LDAP server will also make a difference on what you choose. If you are using LDAP for a variety of different devices and applications, you will want to make sure that you understand how difficult it is to connect those IT resources to the LDAP solution you choose.

Central Identity Provider or Adjunct?

Your decision will depend on whether your LDAP server is the authoritative source of your identities or whether the LDAP solution will connect to another identity provider, such as Microsoft® Active Directory®.

Obviously, these are just a small example of potential questions that you may ask yourself. There are sure to be other more technical requirements that each organization will have to examine. Each of those will need to be tested with each potential solution. But, only one of them allows you to test it without actually having to set up and configure the solution.

Let JumpCloud® Handle Your LDAP Server Needs

The goal of LDAP-as-a-Service is to offload the heavy lifting of internally running an LDAP solution. It is also only a portion of the broader Directory-as-a-Service platform that serves as the core identity provider for an organization.

As a comprehensive directory services solution, Directory-as-a-Service enables you to manage systems (Mac®, Linux®, Windows®) via GPO-like Policies, protect networks with RADIUS and VLANs, enable single sign-on to both web applications via SAML and legacy applications through LDAP, and connect to file servers on-prem and in the cloud (NAS/Samba devices, Box™, G Drive™).

Sign up today for a JumpCloud account and put the task of choosing an LDAP server behind you. When you sign up you get immediate access to the full breadth of the Directory-as-a-Service product, and you can manage up to 10 users for free forever with it. If you have further questions, feel free to drop us a line or visit our Knowledge Base.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts