Most directory services in use today leverage the LDAP protocol. Examples include OpenLDAP™, the leading open source implementation of LDAP services, and Microsoft® directory services, which adapted LDAP with their own proprietary elements to create Active Directory®. Even the most modern directory services, such as JumpCloud® Directory-as-a-Service®, leverage LDAP for authentication. So how has a 25-year-old protocol like LDAP managed to remain in use in our fast-moving IT world? We’ll answer that question by analyzing the evolution of LDAP below.
LDAP in the Beginning
According to Tim Howes, co-inventor of the LDAP protocol in 1993, the Lightweight Directory Access Protocol (LDAP) was created to provide low-overhead access to the X.500 directory.
“LDAP includes a subset of full X.500 functionality. It runs directly over TCP and uses a simplified data representation for many protocol elements. These simplifications make LDAP clients smaller, faster, and easier to implement than full X.500 clients.” (OpenLDAP.org)
LDAP has been highly successful. It has become the go to internet directory protocol for a large number of leading software applications. In fact, LDAP was so successful that LDAPv3 (the third version of LDAP) was proposed and accepted as the internet standard for directory services in 1997.
Following this milestone, Kurt Zeilenga, Cofounder/Chief Architect of the OpenLDAP Project, announced the release of OpenLDAP 1.0 in 1998 (Wiki). OpenLDAP 1.0 was the first completely open source suite of client and server applications derived from LDAPv3.3 and included advanced security features, updated platform support, and bug fixes. The fact that OpenLDAP 1.0 was an open source version of LDAP made it very popular. LDAP itself remains a widely used model for various internet standards to this day.
Challenges with LDAP
The challenge with traditional LDAP authentication in and of itself is that it can be difficult to implement and maintain as it must be built out at every level by highly skilled personnel. For example, OpenLDAP requires that admins not only have extensive knowledge of identity management architecture, but everything else that is required to securely manage and connect users to IT resources while maintaining security, compliance, and availability. This often requires a team of seasoned IT veterans just to install and configure the solution, followed by thorough testing and constant maintenance. This can be a huge challenge, especially for smaller organizations. At any rate, once you have all of your entries added to the directory, you activate the LDAP service and hope for the best.
Despite these challenges, LDAP has remained a trusted protocol that has proven to be effective at connecting users to IT resources leveraging this authentication approach. It has also provided a relatively low cost and robust directory service for many organizations. However, while it’s a great solution for those with the know how to build directory services from scratch, there are certainly more user friendly options.
JumpCloud Directory-as-a-Service is the first comprehensive cloud directory service that directly integrates with LDAP services and applications. It enables administrators to leverage all of the same management as traditional LDAP implementations, but offers significant upgrades to identity and access management. In fact, LDAP authentication is just one aspect of the total Directory-as-a-Service package, and is provided as a service from JumpCloud.
The result is that admins can now enjoy LDAP-as-a-Service as part of the entire cloud identity management platform for all of their IT resources. The benefit for end users is a single identity can be leveraged across LDAP, RADIUS, systems (Windows, Mac, Linux), SAML, and much more. Virtual LDAP authentication is just one of the ways Directory-as-a-Service works to make your job easier.
Sign-up today and see how LDAP-as-a-Service from JumpCloud can benefit your organization. Your first 10 users are free forever. You can also contact a member of our team to learn more about the evolution of LDAP.