By Vince Lujan Posted September 20, 2019
The Lightweight Directory Access Protocol (LDAP) is the core authentication protocol leveraged for authenticating virtual user identities in IT organizations. It is the backbone of on-prem identity management solutions like OpenLDAP™ and Microsoft Active Directory® (AD). However, as more IT resources shift to the cloud, many IT organizations are looking for a cloud LDAP solution.
The good news is that a new generation of hosted LDAP solution has emerged that has revolutionized the way IT organizations think about LDAP. It’s called Directory-as-a-Service®, but before we discuss the benefits of a cloud LDAP solution, it’s important to understand why a cloud LDAP solution is significant in modern IT.
On-Prem LDAP Solution
The origin of LDAP stretches back to 1993 when our advisor, Tim Howes, and his colleagues at The University of Michigan released their lightweight alternative to the X.500 directory service protocol. They called it LDAP, and it has since become one of the most well known methods of authenticating user identities for access to IT resources.
Two core solutions emerged from the LDAP protocol. The first, of course, was OpenLDAP – the open source iteration of the LDAP protocol. The other was from Microsoft, which combined LDAP and Kerberos to create Active Directory.
OpenLDAP has been highly successful primarily in data center implementations. However, it was Active Directory that would go on to become the most dominant Identity and Access Management (IAM) solution for users and systems to date. Nevertheless, they were both built on the foundation of LDAP.
However, the effectiveness of AD, and OpenLDAP for that matter, really comes down to two primary factors. For one, they were both optimized for the on-prem, homogenous IT environments that existed prior to the introduction of the cloud. The other factor is that IT resources had to be directly bound to their domain.
Neither of these factors presented challenges prior to the introduction of the cloud. For example, AD was introduced when the vast majority of IT resources were still Windows-based and on-prem, so it made sense to also have a Windows-based management solution that was also on-prem.
From On-Prem to Cloud LDAP
It started in the mid-2000’s as Software-as-a-Service (SaaS) applications like Salesforce began to deliver their solutions via the internet. These new cloud solutions were no longer on-prem, could not be directly bound to the domain, and came from a variety of providers. Consequently, OpenLDAP and AD were unable to manage them directly.
The situation would only get worse for OpenLDAP and AD as the years passed and more IT resources moved to the cloud, which is why so many organizations today are interested in a cloud LDAP solution. The simple fact is that IT organizations are seeing diminishing returns from traditional OpenLDAP and AD implementations and cloud alternatives are now preferred.
The good news is a new generation of cloud LDAP solution has emerged that can provide not only LDAP-as-a-Service, but can also provide a comprehensive array of management capabilities for virtually any IT resource. It’s called Directory-as-a-Service®, from JumpCloud.
LDAP-as-a-Service with JumpCloud
Directory-as-a-Service is effectively Active Directory and LDAP reimagined for the cloud era. The key difference is that IT organizations no longer need to invest significant capital and management overhead to implement and maintain an on-prem solution.
Instead, Directory-as-a-Service offers the full functionality of the platform from the cloud, which is always on, accessible from anywhere, and can be scaled at a moment’s notice to suit the dynamic IT environment in most IT organizations today. One of those functions is LDAP-as-a-Service.
Check out the following whiteboard presentation for an in-depth description of how JumpCloud’s LDAP-as-a-Service works:
Learn More about LDAP-as-a-Service
Don’t hesitate to contact a member of the JumpCloud team to learn more about how a cloud LDAP solution can benefit your organization. You can also sign up for a Directory-as-a-Service account and add LDAP authentication to your IT infrastructure today. Your first ten users are free forever to help you discover the full functionality of our platform at no cost to your organization.