Despite its age, LDAP remains a useful protocol in an IT administrator’s arsenal. Admins can now use cloud-hosted LDAP implementations to reap the benefits of the protocol without complex configuration or additional on-premises server requirements. That way, they can secure user authentication to legacy applications, Samba file servers and NAS appliances, and other resources that require a backing LDAP directory — all from the cloud.
In this post, we explore the history of the LDAP protocol and give you strategies to select the cloud LDAP solution that best meets your organization’s needs.
History of LDAP: Creating Lightweight Authentication Protocols
OpenLDAP, a standard in identity and access control, is the leading open-source directory service. Even Microsoft’s commercial Active Directory® started with LDAP as one of its foundational protocols, though it now uses Kerberos as the primary authentication approach.
Our friend Tim Howes and his colleagues at the University of Michigan invented the protocol in the 1990s, and it continues to enjoy widespread use because it’s lightweight and allows for authentication and authorization of users to servers and applications (primarily Unix and Linux®-based solutions). It supports technical, on-prem — or local to a data center — applications. However, LDAP configuration and setup can be tedious, and most applications have unique authentication approaches. You might love the functionality and results of LDAP but hate the process of implementing and managing it, which is where cloud-hosted LDAP comes into play.
Cloud-Hosted LDAP: Advancing LDAP in the Modern Era
Various platforms offer cloud LDAP services, but it’s worth considering whether each platform is comprehensive enough to meet your organization’s other identity and access management needs. To evaluate your organization’s needs, you can use the following questions:
- What current resources in your environment require LDAP (i.e., applications and servers)?
- Are your current LDAP binds secure?
- What other resources and protocols do you need to support (i.e., SAML and RADIUS)?
- Can you find an all-in-one solution that meets not only your LDAP needs but also other IT needs, including identity federation and system management?
If you discover that your organization has needs beyond cloud LDAP — such as SAML-backed applications, RADIUS networks, or system management needs — you can look to a full-suite cloud directory service to better suit your environment.
Directory-as-a-Service & LDAP
JumpCloud® created a cloud-hosted LDAP platform — or LDAP-as-a-Service — which eliminates the pain of maintaining your own LDAP setup. JumpCloud’s LDAP service is one segment of the broader Directory-as-a-Service® platform, which serves as a comprehensive directory service in the cloud. You can federate user identities via LDAP, as well as other protocols including RADIUS, SAML, and SCIM. With JumpCloud, you can connect users to their web and legacy applications, servers, networks, and other IT resources. You can also manage their macOS®, Windows®, and Linux machines with GPO-like Policies and custom Commands. Devices are managed via an agent that natively controls and manages user access as well as Policies on each platform.
You simply point applications and other resources at the cloud-hosted LDAP servers for authentication. The platform integrates with applications including Atlassian Jira, OpenVPN, and thousands of others as well as Samba servers and NAS appliances.
To learn more about how JumpCloud’s cloud directory service can help you backend your applications with LDAP, drop us a note. We’re happy to evaluate your technical needs, and your first 10 users and systems are free forever to give you a chance to test drive the platform yourself. You can also use our 24×7 premium in-app chat within the first 10 days for additional support. Learn more about authenticating cloud and on-prem resources with cloud LDAP.