A hosted LDAP solution is where an LDAP server (or more accurately an LDAP-based directory) is hosted in the cloud. Hosted LDAP encompasses the software and hardware necessary to operate the directory and the managed services. This ensures the directory is always available. A hosted LDAP solution generally has an easy-to-use interface that enables IT admins to easily add, delete, group, and modify users. Due to its multi-tenant nature, hosted LDAP makes certain that only an organization’s users and systems can authenticate and authorize against it. LDAP client setup can become easier with a hosted LDAP solution due to standardization and the fact that guides, setup scripts, or even agents can be utilized to configure an LDAP client to connect with the hosted LDAP server.
LDAP is perhaps the core underlying protocol for directory services. As an open standard that sets the methods for which an organization can store its user directory, LDAP connects to IT resources, and authenticates and authorizes users. LDAP is the underlying protocol for most modern directories and is also the core of newly introduced Directory-as-a-Service® solutions.
However, despite its common use, OpenLDAP (managed internally) may not be the best option for directory services. LDAP users know, it’s often difficult to setup, manage, and maintain causing a rise in resources, time, and expert staff to manage it.
In addition LDAP can cause the following issues:
- The flexibility of the database architecture can cause significant issues. Each organization can setup LDAP differently which means that each LDAP client-server interaction can require different content leading to extra work.
- Managing users within an LDAP system can be laborious. Each user can have a multitude of different settings and permissions – all of which can sometimes require manual configuration and management.
- The LDAP client to server connection can be difficult to setup. For example, configuring LDAP on a Mac OS X device takes 26 steps! The flexibility of LDAP also exposes itself in the client-server communication. Depending upon the server setup, the client requests and data transfer will require specific ordering and information.
- And, if there is a mistake, debugging any of this can be difficult.
In short, although there are tremendous benefits of LDAP, creating and managing LDAP can be arduous.
JumpCloud’s Directory-as-a-Service® (DaaS) makes short work of creating an LDAP-based directory service infrastructure. JumpCloud’s DaaS is a cloud-based directory delivered as a SaaS-based solution. Organizations populate their users in JumpCloud’s core directory. Users can be manually entered or easily imported. The JumpCloud directory then exposes its user store securely via the LDAPS protocol. LDAP servers are placed around the world for LDAP clients to authenticate against. Only an organization’s devices and applications can authenticate against its user base. This is done through the requirement of passing organization and API keys to ensure strict security. This core feature of JumpCloud’s DaaS solution is the hosted LDAP capabilities.
JumpCloud’s hosted LDAP solution is architected as follows:
- A core directory is placed in the cloud. This directory is the user store for an organization’s employee, contractor, and partner population.
- LDAP server endpoints are placed around the world. These endpoints are the bridge between LDAP client authentication and authorization requests to the core directory in the cloud.
- LDAP clients are configured to point to the hosted LDAP servers. The LDAP clients ensure that they pass the organization’s IDs to the hosted LDAP servers to ensure that they are able to authenticate their users. LDAP clients further pass username, password, and/or SSH key information to the LDAP servers to be validated.
- JumpCloud’s hosted LDAP solution then returns the proper authentication and authorization responses.
The benefits of this approach include the lack of setup, configuration, management and maintenance of LDAP by IT staff. Because the solution is cloud-based there is also a dramatic increase in availability and security. Effectively the only task for IT admins becomes the adding or deleting of users.
Finally, a directory that takes the heavy lifting off of an IT admin’s plate.
That’s JumpCloud’s hosted LDAP solution. Learn more.