Lightweight Directory Access Protocol (LDAP) is the leading directory service protocol standard. Created in the mid-1990s, LDAP has become a core protocol for user directories. Numerous commercial and open source implementations of LDAP are in use at organizations worldwide. In fact, Microsoft Active Directory leverages LDAP under the covers and OpenLDAP is the leading open source directory.
Unfortunately LDAP is difficult to implement, maintain, and leverage. Thereby, there is a growing opportunity to create an improved directory.
Let’s think about this in more detail.
Connecting Cloud Servers to On-Premise LDAP Directory Can be a Nightmare. Adding to the difficulties in implementing, maintaining, and leveraging LDAP are today’s era of cloud-based services and myriad platform used by businesses. In other words, as businesses increasingly turn to the cloud for business solutions and infrastructure, LDAP is having a hard time keeping up. LDAP is limited in its ability to connect to Infrastructure-as-a-Service providers such as AWS, SoftLayer, Google Compute Engine, and Digital Ocean among others.
This limitation is important to solve. Connecting cloud servers to on-premise LDAP directory, and proper configurations that authenticate against your particular implementation of LDAP, is core to having a secure connection between the two and LDAP clients. Other applications—often technical ones such as OpenVPN—can also be configured to authenticate against LDAP, but, if those applications live in the cloud it becomes even harder for IT admins to manage the two systems. Connecting a wide variety of different platforms, such as Windows or Mac devices, to an LDAP implementation is a configuration nightmare. LDAP is already a highly technical solution. Connecting it to cloud servers make IT configuration even more difficult.
How Do You Solve the Confusion?
You solve this IT nightmare by playing a spade against a spade.
As business move to Software-as-a-Service, or SaaS, solutions, complex IT configurations need to also be SaaS-friendly.
In the case of LDAP, the as-a-service model is critical. LDAP-as-a-Service providers handle the complexity of setup, maintenance, and high availability. An LDAP managed service is easy for the customer to setup. The infrastructure of the LDAP server, directory structure, security, and connection points are already published. Consumers of this hosted LDAP service simply add their users to the cloud-based directory. Devices such as cloud-servers or end user compute devices can either be pointed to the LDAP authentication endpoint or an agent can be installed to configure the LDAP setup. Applications such as OpenVPN can easily be configured with just a few lines to auth against the LDAP host. LDAP-as-a-Service solutions standardize the LDAP directory structure.
Because LDAP is flexible and doesn’t dictate an organizational structure, it challenges IT admins.
Each implementation ends up being custom and requires adjustments to the client connection process. LDAP-as-a-Service solutions live in the cloud which allows for greater coverage of devices and applications. A critical part of enabling a managed LDAP solution to be cloud-based is security. User credentials are protected, but so is the authentication process. LDAP-as-a-Service solutions handle the complexity for their customers.
Another Solution: “Hosted” LDAP
Another way to solve modern IT configuration nightmares is to simply host your LDAP. The benefits of a hosted LDAP solution focus in three primary areas.
1—The first is operational efficiency. IT admins that have managed LDAP know the pain. The goal for them is to be able to leverage directory services for their organization, but building expertise and capabilities in LDAP are not core to their company’s competitive advantage. The ability to outsource LDAP is a big win from this perspective.
2—The second benefit is the expansion of devices and applications that can easily support LDAP. Without LDAP-as-a-Service, an IT admin must deal with the configuration of the client and also the networking to have the client point to the LDAP server. Managed LDAP solutions are cloud-based simplifying the networking and also have created automated methods to connect devices and applications to the LDAP server.
3—The third significant benefit is that LDAP-as-a-Service solutions are highly available and secure. Cloud-based implementation of LDAP can easily horizontally scale and also have been designed to secure user authentication processes and identities.
LDAP-as-a-Service is game changer for IT organizations. They can leverage the benefits of the most popular directory services protocol without the hassle. JumpCloud’s Directory-as-a-Service® solution delivers LDAP-as-a-Service as a core part of its cloud-based directory platform.