Nobody really considers it easy to implement and manage OpenLDAP. On top of that it’s not a complete solution for an era where cloud infrastructure, Macs, and web applications are mainstays. However, if you want to control user access to technical infrastructure including applications, it is a crucial part of the infrastructure, not to mention that LDAP is one of the core authentication protocols in use today.
Unfortunately, in the current IT landscape admins are forced to jump through hoops to connect all of their users and IT resources together. Ideally, IT admins would leverage the LDAP protocol without the heavy lifting of implementing an LDAP infrastructure. Historically, IT admins have had two major options to implement LDAP-based authentication: OpenLDAP™ or Microsoft Active Directory®. As IT organizations know, both of these approaches have their own challenges.
OpenLDAP is the most popular open source LDAP server, and it is ideal for LDAP experts that want to work with code and command lines. It generally focuses on working well with *nix systems, and also offers the option to customize the schema. This flexibility can be limiting though, because it requires IT admins to spend a considerable amount of time setting up and configuring the server side schema and authentication. While ideal for those who want to be involved with the deep technical side of LDAP, if you are not an LDAP expert or if you do not have the time during your week to work with the code, it may not be the solution for you.
Microsoft Active Directory
AD is the most common commercial solution, and has been the go to directory for 20 years. It focuses on supporting Windows systems, and has it’s main protocol support based off of Kerberos. It is also an on-prem solution that must be implemented and managed by your organization. It can be integrated with LDAP, but because it’s primary authentication approach is through Kerberos leveraging LDAP can become tricky. The lack of support for Mac and Linux platforms makes it difficult to use in the modern IT landscape as well. If you are a Windows shop with existing on-prem technology, Microsoft AD is perfect for you. However, if you are a company with mixed platforms and applications and infrastructure in the cloud where you want to leverage the LDAP protocol, AD might not be the best solution for you.
The only approach that works with mixed platform environments, cloud and on-prem applications, and is optimized for LDAP is JumpCloud’s Directory-as-a-Service® It has a standard, common LDAP schema, which reduces implementation complexity. You can easily connect a wide range of critical applications such as OpenVPN, Docker, AirWatch, MySQL, and thousands more via LDAP to the cloud hosted LDAP infrastructure. Directory-as-a-Service gives you all of the power of an OpenLDAP server, with none of the management overhead. IT admins trade the heavy lifting of managing a legacy, on-premises OpenLDAP infrastructure and its servers for a secure cloud-based solution with a global network of LDAP servers. You can try the cloud LDAP-as-a-Service out for yourself by clicking the button below. If you have any questions, you can always contact us here as well.