By Ryan Squires Posted March 19, 2019
With newer authentication protocols emerging to authenticate users to their IT resources like SAML 2.0 and OAuth, a common question among IT organizations is when to use LDAP. The key here is that every organization is different, so many may not even have the need for LDAP. Others, particularly those leveraging DevOps, simply could not operate without it.
LDAP and the Relationship with Modern IT
LDAP is still a mainstay in the identity and access management (IAM) world. In fact, it wouldn’t be a difficult argument to make that LDAP authentication is still the baseline for many IT platforms and solutions because of its flexibility, open source heritage, and stability over the years. Despite its creation in in the early 90’s, it’s still as relevant as any authentication protocol we have in IT.
When to Use LDAP
But with newer protocols used in conjunction with newer, web-based applications, should IT admins or DevOps engineers really need to keep using LDAP? Of course, the answer here depends on the types of applications and tools you and your users employ. Every IT resource on the market today has its preferred protocol. For the more technical applications and infrastructure, that protocol is often LDAP. For open source solutions such as Docker, Kubernetes, Jenkins, and OpenVPN™, LDAP also serves as a common authentication protocol. Once you add in network infrastructure gear and storage systems such as Samba file servers and NAS appliances, and suddenly LDAP acts as a core part of your identity and access management infrastructure.
Multiple Resources Means Multiple Protocols
The challenge for IT organizations stems from the fact that IT environments require multiple solutions to service multiple protocols. For example, you need an OpenLDAP™ instance for LDAP; web application single sign-on (SSO) for SAML; Microsoft® Active Directory® for Windows® systems; and Apple’s Open Directory for macOS® machines. But, that isn’t even every protocol. Add in SSH key management for cloud infrastructure (AWS®), multi-factor authentication (MFA) with time-based one-time passwords (TOTP) for identity management and fortification, and RADIUS for network security and you’re looking at quite the workload. Plus, each of them requires set up, configuration, and maintenance as well. With that in mind, it’s easy to understand why IT admins and DevOps engineers are posing the question of “When to Use LDAP.”
Protocols From the Cloud
We get it, that’s a lot of different tools to have to set up, maintain, and ultimately pay for. Luckily, there is a cloud-based directory service that integrating these various protocols into one SaaS-based identity and access management platform. For IT admins and DevOps engineers, that means just one solution to pay for, and nothing to maintain, configure, and secure. Users benefit because they’re empowered with one single set of credentials, via True Single Sign-On™, for each of their IT resources, no matter how its instantiated. In effect, identities via SSH keys, SAML, LDAP, RADIUS and others can each be leveraged to log in to a large number of IT resources—all with one core identity. This comes together in one pane of administrative glass beamed down from the cloud, and it’s called JumpCloud® Directory-as-a-Service®.
Ready to Learn More?
If so, feel free to reach out to one of our product experts and get your questions answered. If you’re the type to get your hands dirty, sign up for a JumpCloud account today and see first hand how JumpCloud enables IT admins and DevOps engineers to manage disparate tools with one centralized, cloud-based directory service. When you sign up, you get access to the entire platform, enabling you to manage up to 10 users free—forever. Once you’ve signed up, peruse our Knowledge Base for technical information to help you get the most out of your JumpCloud account.