By Cassa Niedringhaus Posted November 3, 2019
OpenLDAP™ and RADIUS serve IT organizations in connecting users to technical resources and infrastructure and, in some cases, can be used in conjunction to achieve greater security.
They are open-source, which means they are flexible and can be tailored to a specific organization’s needs. Neither is a simple undertaking, though. Both require extensive work to install, configure, and support.
In today’s world of expanding Software- and Infrastructure-as-a-Service offerings, IT admins can instead leverage OpenLDAP and RADIUS through a Software-as-a-Service provider to reap their benefits without spending money or time to install and maintain on-prem infrastructure.
LDAP, OpenLDAP Use Cases
Because of LDAP’s flexibility, IT admins can use it to authenticate employees to a variety of more technical resources, including Linux® servers, Linux-based applications, and DevOps infrastructure.
OpenLDAP (an LDAP server implementation) can also serve as an organization’s identity provider, though it doesn’t provide the system management capabilities of other directory services and is limited to the LDAP protocol.
With OpenLDAP’s flexibility also come added technical responsibilities. IT admins implementing it will face greater challenges in connecting it to Windows® and Mac® systems and applications that authenticate via different protocols, and they’ll likely need to use other identity providers in addition to OpenLDAP to do so. Using multiple identity providers is not an ideal solution for admins seeking centralized control.
RADIUS Use Cases
RADIUS (Remote Authentication Dial In User Service) is a protocol developed in the early 1990s. It remains popular because IT admins can use it to centralize employee authentication to a wide range of networking infrastructure. Centralized authentication streamlines operations because IT admins don’t need to spend time creating accounts for each device.
Instead, one set of credentials enables employees to access all the infrastructure they need, including wireless access points (WAPs), VPNs, and other network devices and servers.
RADIUS can also serve as an identity provider but is generally not used that way anymore. It is more often used to increase network security by requiring unique credentials for each user, RADIUS accounting for data analysis and network monitoring, and implementing dynamic VLAN tagging to segment users into different parts of the network.
Complementary Use Case
IT admins can use both OpenLDAP and RADIUS to connect employees to various resources.
They can also be used in conjunction to create more secure access to WiFi. In the case that OpenLDAP is an organization’s identity provider, IT admins can use RADIUS to authenticate users to network resources using their core OpenLDAP credentials.
However, more robust identity providers than OpenLDAP exist, which could eliminate the need for this use case and simplify on-prem infrastructure management.
Use Both LDAP and RADIUS in the Cloud
LDAP and RADIUS can both live on-prem — or in cloud-hosted servers.
For those who are going the on-prem RADIUS route, there are open- and closed-source implementations, both of which require server infrastructure and ongoing maintenance. It’s much the same for LDAP. Admins can also spin up servers in the cloud, which reduces their on-prem infrastructure but does not reduce the time and labor required to maintain them.
IT admins seeking the capabilities that the protocols provide but without the investment of time, money, and physical space should look to SaaS implementations instead, where server maintenance is offloaded to someone else. Plus, because the services are cloud-based, admins only pay for what they use.
JumpCloud’s Use Case
Through its Directory-as-a-Service®, JumpCloud® provides both cloud LDAP and cloud RADIUS delivered as SaaS-based offerings. Both the managed services offerings feature JumpCloud-hosted and -managed servers around the world to bring their capabilities to IT admins with less heavy lifting on their parts.