By George Lattimore Posted February 23, 2019
As IT organizations consider their stances on identity management, one such consideration is the benefits of OpenLDAP™. There are, in fact, a number of benefits of OpenLDAP, but in the modern era of cloud solutions, is an on-prem, self-managed, single purpose identity provider useful to IT organizations? The short answer is yes, OpenLDAP can be highly beneficial for an organization, with the caveat that it can take a great deal of time to manage and control.
Origins of OpenLDAP
Before OpenLDAP, there was the Lightweight Directory Access Protocol (LDAP), which was used to create lines of communication between user directories and the applications that accessed them. After LDAP was first introduced, its popularity spawned a number of identity providers including OpenLDAP, Microsoft® Active Directory®, and others. As LDAP became so widely used, its status as an industry standard made a great deal of sense; LDAP was a core part of most infrastructures due to its usefulness.
OpenLDAP, an open source implementation of LDAP, would be used by organizations who needed a way to connect users to more technical IT resources, such as Linux® based applications, servers, and storage. An obvious benefit of OpenLDAP at the time was that it was very flexible, and, of course, free, thanks to its open source status.
The Metamorphosis of Identity Management
As time went on, though, IT resources started to change, and so did the protocols they leveraged. Kerberos, SAML, RADIUS, OAuth, SSH, and a dozen other authentication protocols emerged, with each one playing a different role in the IT ecosystem. Of course, LDAP would still be incredibly popular, but a single protocol identity provider, such as OpenLDAP, started to struggle.
But, the benefits of OpenLDAP didn’t go away. It was still ubiquitous with many applications supporting it, old and new (OpenVPN, Docker, Kubernetes, etc.). OpenLDAP’s flexibility and open source heritage made it ideal for those that wanted to deeply customize it. The challenge was that OpenLDAP was now one of a number of types of identity and access management (IAM) solutions that IT admins needed. The overhead of managing all of these various IAM platforms would take its toll. AD for internal IT; OpenLDAP for the data center; SSO for web applications; and more.
An IAM Butterfly
The good news is that IT admins and DevOps engineers don’t need to give up on the benefits of OpenLDAP just because of the overhead of managing it. With a new cloud-based directory service that supports a wide range of protocols, platforms, providers, and locations, IT admins can get the best of all worlds—use LDAP where necessary, connect to web applications via SAML, and then treat macOS® and Linux systems as first class citizens—in one platform called Directory-as-a-Service®.
JumpCloud® Directory-as-a-Service is a vendor-neutral cloud directory service, reimagining Active Directory and OpenLDAP for the modern era. Using the LDAP, SAML, and RADIUS protocols, Directory-as-a-Service federates access to virtually all applications and networks, along with systems and more. With key security features like password complexity and SSH key management, multi-factor authentication (MFA), full disk encryption (FDE), and more, JumpCloud advances your identity management approach with the benefits of OpenLDAP and then some.
Not a JumpCloud Customer?
You can explore the Directory-as-a-Service platform by scheduling a demo or exploring the product yourself. You can do so completely free with ten users free forever to get you started. If you have any additional questions about the benefits of OpenLDAP or JumpCloud, you can contact us for assistance.