By Rajat Bhargava Posted March 5, 2015
As most IT admins know, managing OpenLDAP™ is painful. Even though the name has “lightweight” in it, there is nothing lightweight about OpenLDAP. It is one of the premier directory services solutions available today. However, it requires significant expertise to install, configure, and manage.
Challenges With OpenLDAP
OpenLDAP is usually used to connect users to critical applications and services. Most often, these are technical in nature and usually *nix based, although that doesn’t always have to be the case. LDAP is a standard protocol that can be used by any number of devices and systems. There’s a number of specific challenges when implementing OpenLDAP:
- Connecting Applications to OpenLDAP – of course, one of the most important use cases for OpenLDAP is to connect your applications to the central user store. Although the protocol is supposed to be standardized, you’ll need to configure the LDAP “client” (application) to correctly talk to OpenLDAP. This includes getting the ou, dc, dn, and cn right among other configurations. Sometimes these involve trial and error.
- Groups – managing who can access a particular application can get complicated as well. You’ll need to configure the connection to ensure that the right variables are passed to ensure that only right people can access the right applications and devices.
- Certificates, Ports, and Encryption – we’ve witnessed a number of applications not playing nicely with LDAP when it comes to connecting on ports and with encryption. This can get extremely time consuming to solve including using the right certificates on each side of the connection.
These are just a sampling of the issues that IT admins will face when implementing OpenLDAP.
A Better Method to LDAP
There is a better way: a SaaS-based OpenLDAP implementation like JumpCloud’s Directory-as-a-Service®. JumpCloud has spent a tremendous amount of time implementing and refining it’s cloud-based directory services. Organizations benefit by only needing to take care of their part of the equation. With DaaS, users can be easily grouped to deliver access to the appropriate applications and levels of permissions. The UI makes these tasks simple and easy. Then when it comes to connecting the client side to JumpCloud, the standardized approach makes it simple.
In fact, JumpCloud has provided a number of examples on its Engineering blog on how to connect popular applications and devices such as Meraki, Jira, and MySQL to JumpCloud. Further, our support organization and knowledge base is available to help you connect your app or device to our cloud-based OpenLDAP managed service.
If you are running OpenLDAP, there’s no reason to get stuck doing the heavy lifting. JumpCloud’s SaaS-based directory service can reduce your workload while increasing your security. JumpCloud is free forever for 10 users or less. Give it a try and let us know what you think.