Why Use OpenLDAP™?

By Zach DeMeyer Posted April 16, 2019


Many IT organizations are asking the question, why use OpenLDAP™? In light of Red Hat’s shift away from OpenLDAP in favor of its own 389 Directory, the question has become more relevant. OpenLDAP has historically been the most popular open-source LDAP server. But, now, some are curious if there are other alternatives to OpenLDAP.

Clearly, Red Hat has thrown its hat in the ring to be an alternative to OpenLDAP, but there are others too, such as the cloud LDAP solution, Directory-as-a-Service®. But, before we get ahead of ourselves with what LDAP solutions are the best to use, we should discuss the value of OpenLDAP.

The Origins of OpenLDAP

The Lightweight Directory Access Protocol, or LDAP, was created in the early 1990s and quickly became a core authentication protocol for IT organizations. Over time, LDAP would find its niche with more technical solutions and applications. Today, those are often within DevOps and computer engineering organizations.

Before that, however, LDAP existed as the main protocol supporting identity management. It wasn’t long after the introduction of LDAP that several directory solutions spawned from the protocol, including OpenLDAP and Microsoft® Active Directory®.

While OpenLDAP has been incredibly successful, the commercial solution from Microsoft, Active Directory, would go on to dominate the on-prem directory services market. The reasons were simple—Microsoft dominated the workstation and applications markets with Windows® and its related solutions. So, connecting and managing Windows-based IT resources was best from a Windows-based directory services platform. Active Directory did just that.

OpenLDAP Today

Despite Microsoft’s success with AD and regardless of their intention to shift customers to Azure® AD, OpenLDAP has continued to play a critical role in addressing the problem of identity management. Many DevOps organizations and IT admins look to OpenLDAP to manage their OpenVPN® infrastructure, Kubernetes and Docker implementations, backend Jenkins, and thousands of other applications. As such, OpenLDAP is still widely used within organizations today.

IT admins clearly have a reason why they should use OpenLDAP, or at least LDAP as a protocol for identity management. Unfortunately for organizations using OpenLDAP, though, Red Hat’s announcement to drop support of OpenLDAP puts the open-source solution in a tough spot. Given that OpenLDAP implementation is a generally manual and difficult, some are evaluating OpenLDAP alternatives.

OpenLDAP Alternatives

Obviously, a choice for some seeking an OpenLDAP alternative is 389 Directory Server. Red Hat has long established themselves as experts behind open-source software, and their interest in LDAP is no different. Their 389 Directory is an open-source LDAP implementation very similar to OpenLDAP, except for a few key differences.

One of these main differences is that Red Hat fully supports their 389 Directory (for a fee, of course), and continuously updates it to ensure admins can exercise the full operating potential they require from the solution. As a part of this, Red Hat also offers deep technical support for 389 Directory, but it is a paid subscription service.

What remains the same between 389 and OpenLDAP is the fact that they are both solely on-prem implementations. They require dedicated hardware to run, and somebody to implement, configure, and manage them. All the while, the number of innovate solutions available to organizations from the cloud increases rapidly, and LDAP is one of them.

Cloud LDAP, or LDAP-as-a-Service

As IT organizations shift to the cloud and work to centralize the identity and access management approach for an increasing number of disparate IT resources, is there a better way to deploy OpenLDAP? The short answer is yes. A new cloud-based directory service is creating a central platform for identities and federating those via a variety of different protocols including LDAP.

Like Software-as-a-Service (SaaS), LDAP-as-a-Service has revolutionized the way IT organizations leverage LDAP. Using a global network of OpenLDAP instances hosted from the cloud, admins can simply access a web browser, and manage all of their LDAP-linked users and resources instantly. What’s more, LDAP-as-a-Service is only a small part of the greater whole of JumpCloud® Directory-as-a-Service®.

With Directory-as-a-Service, IT admins receive an experience similar to that of the heyday of AD, except from the cloud and with the ability to propagate the same levels of identity management to all three major platforms (Windows, Mac®, and Linux®). Additionally, using LDAP, SAML, and RADIUS, admins can control user access to applications on- and off-prem, networks, web applications, file servers, and more. Using just one password, users in JumpCloud can access virtually all of their IT resources from the cloud.

Learn More

So, why use OpenLDAP when you can get so much more from LDAP-as-a-Service? You can learn more about LDAP-as-a-Service, and Directory-as-a-Service as a whole by trying JumpCloud today. Your JumpCloud account is completely free for up to ten users for as long as you use the product.

With these users, you can sandbox your IT needs in Directory-as-a-Service, and then scale as you see fit, with a cost-effective price per user. You can also see the product with an expert at the reins in a demo. Please contact us to learn more.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts