By Jon Griffin Posted September 26, 2017
LDAP was created about 25 years ago to improve and simplify directory services. Our advisor and friend, Tim Howes, was one of the inventors of LDAP along with his colleagues at the University of Michigan. The project was a seminal work in the category and forever changed the future of how identity management would come to work and be known. This is illustrated by the fact that a number of major directory services solutions are based in part or wholly on the LDAP protocol. Two of the most significant solutions are the open source market share leader, OpenLDAP™, and the commercial market share leader, Microsoft Active Directory®. This blog post discusses a new category of the cloud identity management market: online LDAP, sometimes called LDAP-as-a-Service.
As IT admins started to turn to the open source implementation of LDAP, OpenLDAP, they realized the great power that they had to centralize user access management and control. IT admins could add a user to the LDAP platform, and then enable IT applications and systems to authenticate access via the directory service. IT admins simply had to configure their applications and systems to pass the authentication request to their on-prem OpenLDAP instance.
This approach worked well when the entire network was on-prem or contained with one network connected via VPNs. Often, IT organizations would have data centers where their more technical platforms would live, and OpenLDAP was the choice for user management. LDAP use was often predicated on having a direct connection from the IT resource to the OpenLDAP server. Said another way, the LDAP server often times needed to be on-prem with all of the other resources.
Moving Away from the On-Prem World
As the cloud came along and infrastructure and applications started to move to off-prem, IT admins were left in a quandary. They could place their directory services platform at AWS or Google Cloud to be close to their servers, but then they would be left with two directory services platforms – one on-prem and one in the cloud. Alternatively, they could manually manage user access for their cloud systems and applications which would mean significantly more work. Neither of those options is appealing to modern IT organizations.
This is where the online LDAP concept has recently taken hold. Similar to many other infrastructure categories in the IT space, IT admins are pushing their vendors to move their core services to be delivered as cloud services. Interestingly while many other categories have already shifted to the cloud, identity management, and specifically directory services is just making the leap. A big part of this slow move to the cloud was the result of technical implementation challenges to integrate on-prem or local authentication with cloud services without creating extra components or overhead.
Moving to Online LDAP
The online LDAP solution Directory-as-a-Service has solved a number of these technical challenges, and has produced a SaaS-based LDAP solution. The LDAP infrastructure is hosted in the cloud and IT organizations can leverage what they need. IT organizations simply point their applications to the cloud hosted directory for authentication. There is no need for on-prem directory infrastructure like servers, software, VPNs, or other components. LDAP-as-a-Service is a turnkey solution for LDAP.
If you would like to learn more about online LDAP, drop us a note or read this case study on streamlining LDAP authentication. Alternatively, give our cloud LDAP solution a try for yourself. You can sign-up for a free account, where your first 10 users are free forever.