By Rajat Bhargava Posted January 9, 2015
Most IT admins know that leveraging LDAP for your organization comes with significant positives and negatives. The positives include creating a standardized way to authenticate and authorize users to IT resources. These resources are often more technical, including Unix/Linux systems or applications running on top of those operating systems. The other benefit is the central database of users which increases control and security. The downside of OpenLDAP is that it is difficult to implement, and it can break down.
Today, we’ll discuss the opportunity to leverage LDAP-as-a-Service in order to eliminate the negatives while capitalizing on the positives of OpenLDAP.
Wait, What’s LDAP Again?
LDAP is a directory services protocol. OpenLDAP, on the other hand, is the most popular open source implementation of the protocol. With it, LDAP users are placed into a database and then connected to the IT resources, systems, and applications that each user needs to access. Devices and applications are then configured to talk to the LDAP server.
Each client must be configured to adhere to the database design because LDAP doesn’t enforce a particular directory hierarchy. Each properly configured login is checked against the credentials on the server. After the credentials have been validated or authenticated, the client can then request whether the user has specific permissions. Organizations can control access to critical IT resources through this design.
The challenge is that setting up LDAP is difficult. Each implementation can be different because there is no specific directory hierarchy. IT admins are burdened with designing the directory structure. Furthermore, setting up LDAP authentication on a client can be a painful process. In addition to pointing to the correct location, which requires that every device be networked in a way to see the directory, the clients need to pass the correct requests and data.
This can take admins a great deal of trial and error, especially if they aren’t familiar with LDAP.
The Benefits of a “Managed” LDAP Service
Hosted LDAP takes many of these difficult points off the table for IT organizations.
Managed LDAP services install and configure LDAP to a standard directory structure. This structure is exposed to IT admins via documentation, APIs, and through the LDAP protocol itself. This alleviates the burden of different directory designs.
A managed LDAP service simplifies networking. Secure access can be provided to any LDAP client with Internet connectivity. Client access to the LDAP server is standardized as a result of the standard directory design. An agent can further simplify user authentication and authorization management. A hosted LDAP service also includes built-in high availability and heightens a business’s security.
A cloud-based directory provides logistical benefits in addition to operational benefits. Cloud-based SaaS LDAP services connect to all types of Infrastructure-as-a-Service (IaaS) providers, including AWS, Google Compute Engine, SoftLayer/IBM, Rackspace, and Digital Ocean. The managed LDAP service can act as the core authentication and authorization directory service for an organization’s cloud servers without having to do difficult networking. Any other IT applications that can support the LDAP protocol can also be connected to the cloud-based third-party LDAP service.
Managed LDAP: All the Benefits, None of the Negatives
LDAP is an incredibly important function for organizations, but the protocol can be difficult to operate. Managed LDAP services remove the burden of running LDAP while keeping the benefits. This is an incredibly important ‘as-a-service’ solution. See how to connect your application to LDAP here.
Drop us a note if you are interested in potentially moving your existing LDAP to be a managed solution or are interested in potentially implementing LDAP. Our Directory-as-a-Service® provides a strong managed LDAP solution that could benefit you. Give the JumpCloud® virtual identity provider solution a try. Your first 10 users are free forever.