Apple Open Directory
When we think of directory services, we mainly talk about the two stalwarts – Microsoft Active Directory and OpenLDAP.
However, another directory solution exists that is worth discussing: Apple Open Directory.
Apple introduced Open Directory with Mac OSX Server 10.2 as an LDAP compatible directory service. Over time, it added key components to mimic some of Active Directory’s core feature set including the domain and Kerberos. Open Directory is largely based on OpenLDAP, but is tailored to complement Apple Mac devices and for use within the OS X Server.
Recently, Apple decided to stop manufacturing a hardware server platform and instead separated OS X server into an inexpensive software application. While it seems that Apple is backing away from the server market, it’s still supporting the platform. However, we have heard from a number of Apple Open Directory users that they would like to shift their LDAP-based directory to another platform as a result of this shift.
In general, this makes a lot of sense. As we have discussed previously, legacy directories such as AD, LDAP, and Open Directory have a difficult time handling directory services for today’s modern organization. IT is multi-platform and decentralized to take advantage of the best of today’s technology. While Open Directory does an excellent job of handling Mac devices, it struggles with others.
But what does this mean for IT professionals?
While Apple’s shift makes sense for the changing marketplace, it has many of the same shortcomings when managing cloud servers and Web-based applications.
This means IT admins are forced to to either (1) do more manual entry of network configurations, application connections to the directory, and managing groups, or (2) create piecemealed workarounds that are tailored to fit the needs of the business.
As experts in the field, many organizations have come to us for support, and typically we talk to them about two options.
One is to leverage a cloud-based directory (JumpCloud’s Directory-as-a-Service®) as an extension to their existing directory implementation. They can leverage DaaS to control and manage all of the devices and IT applications that Open Directory cannot. Depending upon the Open Directory setup, users can be centrally managed via Open Directory and extended via JumpCloud.
Another option is to migrate Open Directory to DaaS. As DaaS is also LDAP-based, this migration can really be seen as shifting effectively the same platform into a managed service. Users are imported from Open Directory into DaaS and then centrally managed from the DaaS console. JumpCloud handles all of the hardware, software, networking, and maintenance, while the IT admin just worries about their users. A great trade when IT admins are struggling for enough time.
If you are using Apple Open Directory and are interested in taking your directory services to the next level, give JumpCloud a call. Our Directory-as-a-Service® platform could be an ideal solution for you to extend Open Directory or even migrate to.