In Blog, LDAP

What is LDAP?

LDAP (Lightweight Directory Access Protocol) is one of the core protocols that was developed for directory services. It was developed in 1993 by Tim Howes and others at the University of Michigan to be a lightweight version of the X.500 directory services protocols that were in use at the time. The goal of directory services at the time was to create a lightweight protocol that would allow for authentication and authorization of users to servers and applications. LDAP works in a client server format where a client following the protocol will request authentication and/or authorization information.

LDAP in Action

LDAP in Action

The server side of LDAP is a database that has a flexible schema. Not only can LDAP store username and password information, but also can store a variety of attributes including address, telephone number, group, and a variety of others. Because LDAP is an open source protocol, IT organizations can extend the database and protocol to meet their needs. LDAP has been used inside of the popular open source directory service, OpenLDAP™. Further, many common applications and even Samba file servers leverage the LDAP protocol to authenticate and authorize user access.

Over time, LDAP became a core directory services protocol for the Internet. Microsoft®’s Active Directory® – the most widely implemented directory service in the world – built many of its underpinnings on LDAP while also extending the concept of directory services with many proprietary extensions. LDAP has most often been used for more technical situations and organizations. Because of it’s Unix and open source nature, LDAP often lends itself well for environments that are Linux® heavy and leverage technical applications.

There are a handful of overarching concepts with LDAP as with most directory services. The core of a directory service is the ability to add, delete, and modify records. The process of authenticating in LDAP is referred to as binding. Binding can be encapsulated within a secure, encrypted session. LDAP also provides for the ability to search the database to compare attributes – a common task done around groups. Using these basic operators within an LDAP infrastructure, IT admins can accomplish a significant amount of their directory services needs.

Limitations of Conventional LDAP

LDAP Limitations

LDAP’s highly technical and open source nature make it extremely expensive to implement. While much of the LDAP-based software is free, the amount of time required to implement and customize it to meet an organization’s needs can be significant.

OpenLDAP is primarily used for Linux and technical applications. Microsoft, Windows®, and Apple® still have the lion’s share of the enterprise market. So OpenLDAP does not yet function as a cross-platform solution. Further, with the advent of other directory services protocols such as SAML, OAuth, Kerberos, and others, LDAP becomes limiting if it is the only protocol leveraged.

The Future is Multi-Protocol

Modern implementations of directory services leverage the LDAP protocol along with a variety of other protocols. LDAP is utilized to bind users to applications and sometimes to Linux devices, but other devices and applications leverage other protocols that are natively better. For example, many cloud-based applications are leveraging the SAML protocol. Modern implementations of LDAP directory services can be found in JumpCloud® Directory-as-a-Service®.

You can learn more about JumpCloud’s Hosted LDAP Service here. To see JumpCloud’s LDAP implementation for yourself, schedule a demo or sign up for JumpCloud today. There is no credit card required, and signing up is free for your first ten users. If you have any questions about LDAP, feel free to contact us.

 

Recent Posts