By Greg Keller Posted January 19, 2015
Many IT admins believe there are only two choices when it comes to picking a directory service provider: LDAP or Microsoft® Active Directory®.
But I have a different opinion. I would argue the choice isn’t so much LDAP or Active Directory, but how can you leverage the best of both LDAP and AD.
With new innovations in the directory space, that is entirely possible. Before we dive into that, let’s first understand the similarities and differences between LDAP and AD in order to set the stage about how they’re also complementary.
The Similarities Between LDAP and AD
First, it’s obvious that LDAP and AD are both software implementations of directory services. They are also both hosted on-premises, in most cases. Further, both Microsoft Active Directory and LDAP are fundamentally based on the LDAP protocol. Although most people don’t know that because AD mostly authenticates leveraging Kerberos. However, AD does have the capability to authenticate via LDAP as well. Both directories struggle connecting users to cloud computing infrastructure such as IaaS or web-based applications.
The Differences Between LDAP and AD
Realistically, there are probably more differences than similarities between the two directory solutions. Microsoft’s AD is largely a directory for Windows® users, devices, and applications. AD requires a Microsoft Domain Controller to be present and when it is, users are able to single sign-on to Windows resources that live within the domain structure.
LDAP, on the other hand, has largely worked outside of the Windows structure focusing on the Linux / Unix environment and with more technical applications. LDAP doesn’t have the same concepts of domains or single sign-on. LDAP is largely implemented with open source solutions and as a result has more flexibility than AD.
Another critical difference between LDAP and Active Directory is how AD and LDAP each approach device management. AD manages Windows devices through and Group Policy Objects (GPOs). A similar concept doesn’t exist within LDAP. Both LDAP and AD are highly different solutions and as a result many organization must leverage both to serve different purposes.
This is why there’s an obvious opportunity for innovation. Why leverage and manage two complete systems, when one system can effectively merge the two?
And, That’s Directory-as-a-Service®
JumpCloud® Directory-as-a-Service®, also known as DaaS, allows IT admins to leverage the benefits of both AD and LDAP in one solution. Directory-as-a-Service connects users to a wide variety of IT resources, including Windows, Mac®, and Linux® devices, as well as applications located both on-premise and in the cloud. Further, Directory-as-a-Service leverages different authentication protocols such as LDAP, SAML, and others to provide comprehensive authentication, authorization, and management.