By Zach DeMeyer Posted March 1, 2019
The identity and access management (IAM) market has been heating up as of late. As IT admins explore their directory service options, many are going back to basics and wanting an introduction to OpenLDAP™. In this article, we will detail its inception, how it’s used today, and IAM as a whole.
What is OpenLDAP?
If we take a big step back from OpenLDAP, directory services as a category is critical (some might say foundational) within the IT market. IT organizations are leveraging identity providers (IdPs), such as OpenLDAP and Microsoft® Active Directory®, to connect users to the IT resources they need. OpenLDAP focuses on accomplishing that using solely the LDAP authentication protocol, which was created in the early 1990s by Tim Howes and his colleagues at the University of Michigan.
The advent of LDAP would spawn a number of directory services solutions, but OpenLDAP is one of the two breakout directory services that were popular in the IAM space. The other, of course, is Microsoft Active Directory (AD or MAD), which is easily the most popular on-prem enterprise directory service. As an open source solution, OpenLDAP, is widely recognized as a flexible and robust directory services solution leveraging the LDAP protocol with a number of uses.
Uses of OpenLDAP
Many IT organizations and DevOps engineers have utilized OpenLDAP within their data centers and for authenticating technical applications and infrastructure components, such as Kubernetes, OpenVPN™, MySQL, and more. While OpenLDAP has worked well for LDAP-based applications, generally, IT organizations have utilized Active Directory to control user access to Windows®-based systems, servers, applications, and networks. AD, while compatible with LDAP, generally leans on Kerberos for its authentication protocol.
Challenges to On-Prem Identity Management
As more IT infrastructure has moved to the cloud and is delivered as-a-service, however, the challenge is how and why to leverage on-prem identity management services which are self-managed. Both Active Directory and OpenLDAP can be painful to manage and time consuming. An on-prem (or internal) identity management approach often requires high availability equipment, security tooling, monitoring and performance solutions, and other increasing costs, as well as management time.
Of course, we’ve established that the directory service is foundational to IT as a whole. So, given the traditional choices of OpenLDAP and AD are falling out of favor, what’s next? Is there a replacement for the on-prem directory?
OpenLDAP from the Cloud
The good news is that there is a cloud-based directory replacement for OpenLDAP that eliminates the heavy lifting of implementing directory services yourself. In addition, IT admins and DevOps engineers can leverage the same identity that is authenticated via LDAP to also be used on Windows, Mac®, and Linux® systems, AWS® cloud servers, web and on-prem applications, cloud and on-prem file servers, and wired and WiFi networks.
This One Identity to Rule Them All® is available from JumpCloud® Directory-as-a-Service®. By leveraging the LDAP, SAML and RADIUS protocols, Directory-as-a-Service creates a True Single Sign-On™ experience for IT admins and end users alike.
Not Already a JumpCloud Customer?
Interested in a cloud directory service after this introduction to OpenLDAP? Try JumpCloud. Directory-as-a-Service is free forever for up to ten users forever, with a pricing model that scales competitively as you do. You can learn more about JumpCloud by checking out our Resources page, YouTube channel, blog, or simply by contacting us.