By Zach DeMeyer Posted August 28, 2018
This August marks the twentieth anniversary of the inception of the OpenLDAP™ Project, an open source version of the Lightweight Directory Access Protocol (LDAP). In a backwards sort of homage to the “birthday” of OpenLDAP, open source Linux directory services, RedHat and SUSE have decided to drop their coverage of OpenLDAP. This change forces RedHat and SUSE customers to either adopt the companies’ proprietary 389 protocol or consider OpenLDAP alternatives.
What is OpenLDAP?
The OpenLDAP Project was created in 1998 on the heels of the development of LDAP by Tim Howes and his colleagues at the University of Michigan. A collaborative effort among a community of developers, the OpenLDAP Project expanded LDAP into a more widely usable, open source platform. OpenLDAP is the leading implementation of LDAP and connects usually Linux (and Unix) based systems and applications to users. Since it’s open source, OpenLDAP, allows for a higher level of customizability than traditional on-prem directory services solutions such as Microsoft® Active Directory®. In the late 90s/early 2000s, when IT and the rest of the workplace was on-prem, OpenLDAP was a crucial tool in the IT admin’s toolbox.
The world has turned ever on since then, however, and so has IT. WiFi and laptops unchained the network from the desktop, and Mac® and other systems hit the workforce en force. With an increase in usage of the cloud, more organizations started looking to web application single sign-on (SSO) solutions to bolster their identity management tools. The Linux-based, on-prem focused OpenLDAP started to slip from popularity.
RedHat and SUSE are forgoing their support of the open source implementation of OpenLDAP in favor of their own directory server solution called 389. Both SUSE and RedHat are recommending that customers either use 389 or seek out OpenLDAP alternatives. Particularly tech savvy folks may be more inclined to implement their own version of OpenLDAP on their on-prem server. This option, while free, comes with the cost of actually implementing and customizing the server, which in and of itself is quite an undertaking. Of course, the same is true with 389, although RedHat and SUSE are banking on customers calling them for support of 389, which is how they will make money.
A modern alternative is to eschew on-prem OpenLDAP options altogether and take advantage of LDAP-as-a-Service, also known as Cloud LDAP. IT admins get the LDAP platform that they know and love without any of the overhead of managing or implementing it. This is one of the core features of JumpCloud®‘s own Directory-as-a-Service® platform.
JumpCloud Directory-as-a-Service (DaaS) is a cloud-based directory service that incorporates the best of the OpenLDAP, SAML, and RADIUS protocols together into one complete package. JumpCloud LDAP-as-a-Service provides highly-available, global LDAP servers – taking the burden of dedicated LDAP servers off the shoulders of IT admins. With JumpCloud, there’s no need to install, configure, and manage your own LDAP server.
Global IT Director at Ooyala, Andy Halvorsen, had been using OpenLDAP made the switch to JumpCloud. Here’s what Andy had to say about the decision:
“The number one issue we have with OpenLDAP is that it requires an engineer to be able to manage it. The GUI for most LDAP browsers is really clunky in contrast to the clean web interface of JumpCloud. There’s a hierarchy to OpenLDAP that’s difficult to understand, whereas the JumpCloud interface has a familiar and intuitive feel to it.”
For most JumpCloud customers, LDAP-as-a-Service is just one part of a much larger offering. Ooyala, for instance, also leverages JumpCloud’s RADIUS-as-a-Service and integration with G Suite™. What set’s JumpCloud apart from other third party LDAP providers is that Directory-as-a-Service is a complete directory service. JumpCloud Directory-as-a-Service connects users to their systems (Windows®, Mac, or Linux), apps, networks, and files – regardless of platform, protocol, or location. DaaS even integrates directly with G Suite and Office 365™, so it’s simple to import your existing identities from those platforms.
That said, if you want to use it exclusively for its Cloud LDAP capabilities, JumpCloud offers a special One Protocol product tier. With One Protocol, you can opt to pay a discounted rate for use of any one of our three main protocols: SAML for SSO, RADIUS for network security, or LDAP. As an added bonus, you also can still utilize JumpCloud’s G Suite/O365 integration and Microsoft® Active Directory® Bridge features in tandem with your protocol of choice.
To learn more about JumpCloud Directory-as-a-Service as an OpenLDAP alternative, contact our success team. You can also check out our Pricing page for more information on the One Protocol option, or our YouTube channel for videos on Directory-as-a-Service. If JumpCloud seems like the OpenLDAP alternative for you, consider signing up for free. There’s no credit card required, and your first ten users are on us.