LDAP Authentication Server

By Vince Lujan Posted April 11, 2019

OpenLDAP Server

As the Lightweight Directory Access Protocol (LDAP) has remained a core authentication protocol in the IT space, IT admins often find themselves in search of an LDAP authentication server. But of course, not just any LDAP server will do. So, what is the best LDAP authentication server for your organization? Let’s discuss a few of the options.

LDAP Primer

LDAP was created in 1992 by a man named Tim Howes and his colleagues at the University of Michigan. LDAP was designed to connect users to networks of systems and servers back in the early days of the Internet, and was highly successful. In fact, LDAP became the standard for authentication services in the 1990s.

In 1998, developers created OpenLDAP, an open-source iteration of the LDAP protocol and directory. Then, in 1999, Microsoft® combined elements of the LDAP protocol and directory with Kerberos (and other proprietary elements) to create Active Directory® (AD). Fast forward to 2019, and LDAP continues to inspire modern directory services platforms.  

LDAP Authentication Server Options

Option 1: OpenLDAP

OpenLDAP is an open source iteration of the LDAP protocol and directory. As an on-prem implementation, OpenLDAP is tuned for managing on-prem networks of LDAP-based IT resources. Essentially, OpenLDAP acts as the source of truth for IT resources, such as systems and applications that leverage LDAP for authentication. In doing so, IT admins can manage and connect users to LDAP-based resources from one centralized location via OpenLDAP.

For IT organizations that only leverage LDAP for authentication, OpenLDAP can be the only authentication server needed. As an open source solution, OpenLDAP is a flexible platform that can be adapted for a variety of use cases. However, the challenge with OpenLDAP arises when other protocols such as SAML, RADIUS, SSH, REST, and others come into play. Not only that, but IT admins must be adept at the open source platform, as well as security experts, if they hope to avoid catastrophe.

For these reasons, IT organizations often opt for a more user friendly LDAP authentication server.

Option 2: Active Directory

Active Directory is an on-prem directory services platform from Microsoft. Introduced in 1999, AD is tuned for managing on-prem networks of IT resources that are based on Windows®. As previously noted, AD was built upon an LDAP foundation along with Kerberos. So, IT admins can leverage the Microsoft platform to connect users to IT resources that leverage LDAP for authentication.

Similarly to OpenLDAP, Active Directory can be the only authentication server required, but this is often for Windows-based resources. AD can also connect users to a variety of Windows-based IT resources that don’t leverage LDAP for authentication but rather, Kerberos, for example. As a result, IT admins can not only connect their users to LDAP-based resources and more—so long as it’s Windows-based—but they also don’t need to worry about building, maintaining, and especially securing an open source platform.  

However, also not unlike OpenLDAP, the challenges with AD emerge when non-Windows IT resources come into play—both on-prem and in the cloud. AD doesn’t offer great support for non-Windows platforms, and requires a variety of third-party add-ons such as directory extensions, web application single sign-on (SSO), privileged identity management (PIM), and more to connect to them. So, while AD is perhaps a more user friendly LDAP authentication server in traditional Windows-based environments, it still leaves much to be desired for modern networks.

Option 3: LDAP-as-a-Service

LDAP-as-a-Service is a more recent innovation. LDAP-as-a-Service solutions are essentially cloud-based LDAP authentication servers. The advantage is that IT organizations can shift the burden of building and maintaining an on-prem LDAP implementation to a third-party provider. In doing so, IT admins can connect their users to IT resources that leverage LDAP for authentication, without anything on-prem.

However, it’s important to note that modern LDAP-as-a-Service solutions are often more than just OpenLDAP or AD in the cloud. The JumpCloud® Directory-as-a-Service® platform, for example, offers LDAP, SAML, RADIUS, SSH, REST, and other secure authentication protocols (among other proprietary elements) as a cloud-based directory service. As a result, IT organizations can not only connect their users to IT resources that leverage LDAP for authentication, but also Windows, macOS®, and Linux® systems, web applications, physical and virtual file storage, remote networks, and virtually any IT resource via the comprehensive Directory-as-a-Service.

Of course, LDAP-as-a-Service solutions are focused on security as well. For most IT organizations, a modern LDAP authentication server managed by an outsourced team of security experts would actually enhance security, as well as convenience. Further, depending on the provider, IT organizations may be able to shift their entire identity management infrastructure to the cloud.

Best LDAP Authentication Server

So, which is the best LDAP authentication server? Well, it depends on your environment. If your organization only leverages LDAP for authentication and you’re a DIY kind of person, then OpenLDAP could work for you. If your organization is Windows-centric, and heavily invested in on-prem identity management infrastructure, then AD might be a great fit. If you belong to a cloud-forward IT organization that needs LDAP in addition to other secure authentication protocols, then an LDAP-as-a-Service solution is probably the best option. At any rate, we hope this was helpful.

JumpCloud LDAP Authentication Server

Sign up for a free account or request a demo to see how the JumpCloud Directory-as-a-Service platform can play the role of an LDAP authentication server in your environment. We offer 10 users free forever to help get you started. We also offer single protocol pricing, if cloud LDAP is all that you need. Contact the JumpCloud team if you have any questions.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts