By Ryan Squires Posted August 3, 2018
LDAP, aka the Lightweight Directory Access Protocol, is a staple in the IT industry. Part of the reason for its status results from LDAP’s development all the way back in the early 1990s, when Tim Howes and his colleagues were at the University of Michigan. LDAP provided relative ease of use as compared to Direct Access Protocol or DAP, the original tool for accessing X.500, which was a directory service/protocol for accessing information stored in a directory (names, addresses, phone numbers, etc.) that emanated from the telecommunications industry. Still, some people are asking, what is the definition of LDAP?
What Problem does LDAP Address?
Defining LDAP means digging into why it was created. The problem that Tim Howes and his colleagues were faced with solving was that university faculty required a better way to create a directory service – i.e. control and authenticate user access to their systems and applications, while also creating an authoritative directory of user information. Historically, this was done using the X.500 directory service and protocols with a solution such as DAP (directory access protocol) to provide access. But, X.500 was hard on both the systems (large footprint) and network (bandwidth intensive). In fact, many of the systems on people’s desks in the early 1990s could not connect to an X.500 directory service, so it was limited to specific systems (think more mini-computers or micro-computers back in the day – not PCs). Due to these limiting factors, LDAP was created using a limited subset of the DAP protocol to eliminate the overhead issues that plagued X.500/DAP. The limited subset reduced the overhead as compared to DAP which allowed it to use less bandwidth on the network and consume less space on endpoints. As a result of of these efficiencies, LDAP would find great success and become the de facto internet directory services authentication protocol.
Stemming from the the success of LDAP, in 1998 OpenLDAP™ was released. OpenLDAP is open source software which is still in use today. The benefit of the open source OpenLDAP solution is that IT admins can modify it to better fit the needs of their organization. A year later, in 1999, Microsoft released Active Directory®—the most commonly used commercial on-prem directory service on the planet—on the LDAP protocol along with Kerberos, while also creating its own proprietary extensions to keep organizations locked into the Microsoft ecosystem. Moving forward, even modern cloud IT resources and directories continue to leverage LDAP.
Why Do IT Admins Need A Directory Anyway?
The information included within a given directory can simply be the usernames and passwords required to authenticate/authorize users to servers and applications. These values allow users to authenticate to the IT resources they need using a client/server model. Within this model, the client is an LDAP-ready system or application that is requesting information/authentication from an associated LDAP database, while the server is an LDAP server or the user database that the client talks to.
When authenticating against an LDAP server in an attempt to gain access to the database, the user is prompted to provide their username and password. If the values the user inputs into the client matches what is found in the LDAP database, the user is granted access by the LDAP server to whatever the IT resource may be. Aside from usernames and passwords, LDAP can store phone numbers, addresses, and many other values. LDAP’s open source nature allows it to be customized while providing the flexibility that allows it to meet the needs of a diverse pool of organizations. But, from this flexibility comes complexity. In order to make sure that your organization gets exactly what it needs from LDAP, experienced IT professionals must be employed. As a result of that experience they are not inexpensive nor is the time required to maintain LDAP.
Issues With LDAP as We Shift Cloudward
Despite LDAP making directory creation and access easier for the IT admins and users of the early 1990s, it is a difficult tool to employ today with the shift to the cloud. LDAP requires significant investment and upkeep in order to operate. Further, due to LDAP’s entrenched status as a core directory services protocol, many legacy applications like OpenVPN®, Jenkins, MySQL™, Jira®, and Confluence® utilize it to authenticate and authorize users. As a result, LDAP remains a must for many organizations, which can fragment their identity management approach and create identity sprawl as organizations shift cloudward. What IT admins of today need is a cloud-based directory solution that can not only access on-prem legacy applications and hardware but the productivity platforms that are infiltrating modern organizations.
How to Proceed
IT admins can utilize the cloud to keep maintenance costs down while reducing the amount of LDAP set up time by leveraging an LDAP-as-a-Service solution like JumpCloud® Directory-as-a-Service®. By using JumpCloud Directory-as-a-Service, not only will your users be able to authenticate and authorize against LDAP via applications like Jira, Confluence and MySQL, they’ll also be able to sign in to newer productivity platforms like Office 365 and G Suite using SAML (many web apps don’t support LDAP) from a single pane. Additionally, no longer will your users pass sticky notes with SSIDs and passwords on them, because JumpCloud Directory-as-a-Service will make sure your users access the correct wired or WiFi network through RADIUS using the same set of credentials they use for LDAP. On-prem implementations like NAS and Samba file servers can now be accessed from one window and through the Samba extensions under LDAP. Instead of fiddling with what can feel like a million different platforms and authentication protocols, allow JumpCloud Directory-as-a-Service to simplify your IT day-to-day and enable your users to log into everything they need with True Single-Sign On™.
Learn More About JumpCloud
The definition of LDAP can be murky for those just getting started, especially in the face of the shifting Identity Access Management (IAM) arena with a lot of complexity. If you’d like to learn more about JumpCloud Directory-as-a-Service and how it leverages LDAP, don’t hesitate to contact one of our representatives. Also, visit our YouTube channel for whiteboard videos, tutorials, and best practices. Once you’re ready to try cloud-based directory services, sign up and manage 10 users free, forever.