By George Lattimore Posted March 27, 2019
LDAP remains an integral part of authenticating to the modern office, but how does the protocol relate to the workflow of admins and end users? Before we get into how LDAP is being used in the world of IT today, it’s important to understand how we got here. From a quick overview of the story of LDAP, we can start to see why it was such a needed invention for IT, and the continued impact it’s having on the modern IT infrastructure.
The Inception of LDAP
The story of LDAP begins with JumpCloud® advisor and friend, Tim Howes, and his colleagues at the University of Michigan in the early 1990s (see interview for further details). LDAP was created to simplify the existing approach to directory services which used the X.500 protocol. Tim and his colleagues understood that PCs were starting to emerge as high-value technology components and that a simpler, faster approach to directory services and authentication was needed. Thus, the inception of LDAP.
LDAP would be produced as an open protocol which was subsequently adopted by the IETF to be standardized and promoted through the standards body processes. LDAP would be assigned specific ports to operate over and designated RFCs to ensure organizations knew how to use the protocol standards in their own LDAP implementations.
The Lifeblood for Directory Services
These critical steps helped to ensure that LDAP would be a standard that could be used by organizations for implementing directory services. With that in mind, Microsoft® leveraged the LDAP protocol (and Kerberos®) to create their own solution in the space, Active Directory®. Separately, a number of open source directory servers emerged that implemented LDAP on the server side, including the popular solution, OpenLDAP™. With these two identity providers taking center stage in the directory services space, software vendors and developers started to gain confidence that they could implement an LDAP client in their solution and authenticate users to the LDAP server.
Of course, this approach made a great deal of sense, and by having an effective authentication protocol such as LDAP, organizations could now centrally manage access to IT resources. Instead of having to create user accounts in each separate service, IT organizations could create users in the directory server, and assign rights to those users. When a user accessed an LDAP-based resource like an application or system, the resource would authenticate via the LDAP protocol to the identity provider. The LDAP-based identity provider would respond with a valid authentication or denial. This process greatly simplified control over users and the resources they needed to access. The concept of LDAP and its impact, when looking back, has been quite significant and foundational.
Over time, authentication via the LDAP protocol would become quite evolved with the inclusion of metadata and attributes being leveraged for more sophisticated approaches to user access and information. Ultimately, as IT resources started to fragment from being on-prem and Windows®-based, a variety of different authentication protocols (e.g. SAML, OAuth, RADIUS, etc.) have emerged to solve different needs and requirements.
However, LDAP continues to be a critical component of any IT infrastructure, but now IT organizations no longer need to manage LDAP servers on-prem and spend significant time configuring the connections between IT resources and directory services. Thankfully, many of these tasks have been simplified via a cloud LDAP platform.
Next Gen Cloud LDAP
JumpCloud’s Directory-as-a-Service® is a next generation cloud LDAP platform that’s streamlining system and user management for admins, MSPs, and IT organizations at large. With over 50k organizations currently using the cloud LDAP platform, JumpCloud is leading the charge of cloud enablement and encouraging organizations to get more work done, regardless of platform, protocol, location, or provider.
If you’d like to see how JumpCloud securely connects users to resources via a cloud LDAP platform, sign up for the platform and get started. Your first 10 users are free, forever, so you can explore all of the features and see how it would work with your organization. If you’d like to talk with one of our product experts, send us a note, and we’ll promptly follow up.