OpenLDAP 101

By Zach DeMeyer Posted January 19, 2020

OpenLDAP 101

After almost three decades, OpenLDAP™ is still the premier open-source LDAP implementation. In spite of its popularity, however, some are still unaware of the extent of its capabilities. Well, sharpen your pencil and boot up your server, because it’s time for OpenLDAP 101.

What is LDAP?

The Lightweight Directory Access Protocol, also known as LDAP, is the backbone of OpenLDAP. Created by Tim Howes and his colleagues at the University of Michigan in 1993, LDAP is a lightweight evolution of the X.500 protocol. At the time, the X.500 was the International Organization for Standardization (ISO)’s baseline for directory services. Unfortunately, the protocol was far too heavy and technical to run on most systems of the day.

LDAP, on the other hand, is daemon-based, using the Standalone LDAP Daemon (SLAPD) as a proxy for the X.500 protocol on port 389. With LDAP, IT admins have an easier-to-use, platform-independent tool to manage objects and authenticate user access. LDAP can be used to authenticate access to on-prem applications and networks, as well as other general server resources. In an IT organization, LDAP can be configured with a single configuration file, is usually managed via schema to structure data stored on servers, and automated by API.

What is OpenLDAP?

OpenLDAP is an open-source implementation of LDAP developed by the OpenLDAP project. Since its inception, OpenLDAP has also been supported by open-source giants, RedHat, who helped build out the OpenLDAP community before dropping support for the project in favor of their own open source directory server

As an open-source LDAP offering, OpenLDAP is free to use, install, and configure to suit an organization’s needs. It can be stood up on a majority of servers — even through Infrastructure-as-a-Service (IaaS) — to create a simple directory service. With OpenLDAP, organizations can authenticate user access to LDAP-gated applications and network hardware.

Pros of OpenLDAP

  • Open source, so it’s completely free to use
    • Favorite of budget-conscious IT organizations
  • Community backed, lending to it a high degree of flexibility
    • Community support structure
    • Can be leveraged on most systems

Cons of OpenLDAP

  • Notoriously difficult to implement
    • Requires a highly trained technical team to set up and maintain
  • Needs to be run on server hardware or hosted by an IaaS provider
    • Requires load balancing, monitoring, and backup hardware as well
  • Generally only applicable to on-prem resources or those within its “network”

In the modern era, most IT environments are growing increasingly hybridized, with many organizations opting to go full cloud. Having a solely on-prem directory service through OpenLDAP means organizations will need another option to manage their cloud-based resources, not to mention their systems.

Cloud LDAP-as-a-Service: Revolutionizing OpenLDAP

Over 100k organizations have sought out a cloud directory service featuring LDAP-as-a-Service. Hosted entirely in the cloud, a modern cloud LDAP service offers all of the pros of OpenLDAP with none of the cons. That means authentication to on-prem resources, any time, anywhere, without any of the heavy lifting of on-prem OpenLDAP. In effect, it’s a reimagination of OpenLDAP for modern IT.

LDAP-as-a-Service is offered as a part of Directory-as-a-Service® (DaaS), the first cloud directory service. IT organizations can leverage DaaS to comprehensively manage user identities and their access to virtually all modern IT resources, from systems and applications to networks and infrastructure. Learn more about DaaS and LDAP-as-a-Service here.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts