Microsoft® Active Directory® has been the most popular identity management (IAM) solution in the directory services (now often called an IdP, or identity provider) category for over two decades. But, as the IT environment changes and there is a shift to heterogeneous platforms, the cloud, and remote work, is an open source Active Directory in the cards?
The short answer is that while open source tools are usually great, the identity management category has produced a rather limited array of open source solutions on a relative basis. Further, the open source identity solutions are often focused on a particular problem set, whereas Microsoft has done an excellent job of creating a solution for the vast majority of organizations. The second part of this is that IT organizations aren’t just looking for open source (or a free identity provider), but also cloud based solutions (and if they happen to be open source, all the better). With the dramatic shift to the cloud and remote work (especially during this pandemic), cloud delivered platforms are far more valuable to IT admins. Let’s take a closer look at these two aspects that are part of the general interest in an open source Active Directory.
Open Source Alternatives to Active Directory
In the identity and access management arena there are a number of open source solutions that could be helpful. Of course, the most well known is OpenLDAP™ (supported by our friends at Symas), and there are others such as Samba and FreeIPA. Each of these solutions comes with their own set of strengths and challenges, so let’s take a look at what these are.
OpenLDAP is the most popular LDAP server today. It is highly flexible, scalable, and focused on providing core directory services to resources that leverage the LDAP protocol. The challenge with OpenLDAP is that many IT resources prefer other protocols such as SAML, RADIUS, OAuth/OIDC, and even native integrations. So, while OpenLDAP can be the base directory service for an organization, they also may need to find other solutions to authenticate to web applications, networking equipment, and other IT resources. When introduced, OpenLDAP quickly became one of the leading open source directory solutions on the market.
Samba is best known as a file and print service for non-Windows platforms. While it serves somewhat as a directory service/domain controller, it is often utilized in conjunction with Active Directory to extend it to non-Windows® IT resources. Samba is usually not used as a stand alone solution, so the challenge with this open source option is that IT admins still end up having Active Directory in their environment and perhaps other identity management solutions as well such as web single sign-on.
FreeIPA is focused on one aspect of the identity management space as well: Linux users and hosts. FreeIPA is a combination of LDAP, Kerberos, DNS, and more. However, FreeIPA is rarely used on its own. Much like Samba, FreeIPA is often leveraged in conjunction with Active Directory or other IAM solutions. So, FreeIPA’s main con is that it also doesn’t have a reputation for being a sole directory service as well.
By taking a look at these three open source platforms, it’s clear that while organizations can have success with them, they ultimately will need additional components in order to completely manage and connect users to their IT resources including workstations, servers, applications, files, and networks regardless of platform, protocol, provider, and location. Another characteristic to note is that as open source solutions, none of these options are delivered as a cloud service, and the cloud component is just as important.
It’s Not Just About Open Source
A true SaaS Active Directory alternative not only takes on the responsibility of managing the availability, maintenance, and configuration that is part of being a directory service, but also extending user access and management to a wide range of IT resources through multiple protocols. An integrated cloud directory platform can streamline work for IT admins giving them more time to focus on higher priority organizational initiatives. Fortunately, a solution called JumpCloud Directory Platform has emerged that’s potentially even better than an open source Active Directory.
Open Source Active Directory Alternative: JumpCloud
While not an open source IDaaS platform (although free for up to 10 users and 10 devices), JumpCloud offers an independent cloud directory platform that works with virtually all platforms, protocols, providers, and locations to manage user access to IT resources. By implementing JumpCloud, it is possible to centralize user access to the following:
- Mac®, Windows, and Linux systems
- LDAP and SAML based applications
- Cloud and on-prem file storage through SAML and Samba LDAP
- Wired and WiFi networks via RADIUS
- Physical and Virtual servers through SSH and native integrations
This cloud-based directory service is truly everything IT admins are looking for in a IdP. Don’t believe that statement – check out our reviews on G2 to see what the community is saying about our platform. It is delivered from the cloud, it integrates with all IT resources, and it can truly replace Active Directory.
Discover More about JumpCloud
You are also more than welcome to start testing our cloud-based solution by signing up for a free account which gives you ten users and ten systems free along with ten days of premium in-app chat support. You’ll be able to explore all of our features for free including all of our premium capabilities.