{"id":33880,"date":"2021-06-16T11:00:00","date_gmt":"2021-06-16T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=33880"},"modified":"2024-08-15T12:20:39","modified_gmt":"2024-08-15T16:20:39","slug":"ldap-vs-radius","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/ldap-vs-radius","title":{"rendered":"LDAP vs RADIUS"},"content":{"rendered":"\n

For some, the comparison of LDAP versus RADIUS may not make much sense. But, for others, there are instances where the abilities of each protocol overlap \u2014 especially when it comes to authenticating various networking devices. <\/p>\n\n\n\n

As the pandemic nears its end, organizations are opening their doors to welcome employees back into the office and creating hybrid work environments<\/a>; with that and the emerging question of how end users will access their IT resources in mind, let\u2019s take a look at LDAP versus RADIUS.<\/p>\n\n\n\n

LDAP versus RADIUS: Similarities and Differences<\/h2>\n\n\n\n

Both LDAP and RADIUS are authentication protocols that enable users to access IT resources. Each protocol is available as an open source implementation, and each is standardized with an Internet Engineering Task Force Request for Comments or IETF RFC. Here is a link to each: LDAP<\/a> and RADIUS<\/a>. <\/p>\n\n\n\n

Further, each solution has a community surrounding it that provides further development, discussion, and best practices for implementation. <\/p>\n\n\n\n

In short, these two protocols were created for different use cases. LDAP was created mainly for authentication to systems and applications. <\/p>\n\n\n\n

RADIUS, on the other hand, was initially created for low-bandwidth conditions across networks to authenticate dial-up users via modems to remote servers over telephone lines. Now, it is mainly used for authentication to networks and network resources. <\/p>\n\n\n\n

LDAP and RADIUS can overlap: LDAP can be leveraged to authenticate users to OpenVPN networks in the same way that RADIUS can, for example. <\/p>\n\n\n\n

Also, some WiFi networking gear allows LDAP authentication<\/a> in place of RADIUS. For these purposes, IT admins and DevOps engineers may have a preference based on their environment setup, company processes, or personal experience. . <\/p>\n\n\n\n

Despite these overlaps, however, one generally cannot replace the other. For example, you may need RADIUS reply attributes to place a given user, or group of users, in the correct VLAN<\/a>. You cannot do this with LDAP. Similarly, you wouldn\u2019t use RADIUS to authenticate users to Linux servers or share user attributes with an application.<\/p>\n\n\n\n

Fortunately, LDAP and RADIUS work well in tandem. That\u2019s why the JumpCloud Directory Platform<\/a> leverages both protocols so you get the ability to use LDAP and<\/em> RADIUS\u2014all with no on-prem infrastructure to tend to. <\/p>\n\n\n\n

What LDAP Does<\/h2>\n\n\n\n

LDAP (Lightweight Directory Access Protocol)<\/a> is an authentication protocol that facilitates user access to various IT resources (applications, servers, networking equipment, file servers, and more). <\/p>\n\n\n\n

LDAP is also leveraged as a directory store of information about users, their attributes, and group memberships, among other details. LDAP enables IT administrators to store, access, authenticate, and modify those attributes along with utilizing those attributes during the authentication process. <\/p>\n\n\n\n

One of the most common LDAP actions is the bind request. Essentially, a bind request is a request from a client (sent on behalf of a user) to authenticate against an LDAP server<\/a>, which hosts the directory itself \u2014 the database of users along with their passwords, attributes, and more. <\/p>\n\n\n\n

Ultimately the bind process is to gain access to a particular resource \u2014 which could be a Linux server, application (such as Atlassian Jira), an on-prem storage system like a network attached storage (NAS)<\/a> device, an OpenVPN-based network, or wireless networking gear, among many others. <\/p>\n\n\n\n

Common LDAP implementation choices include: <\/p>\n\n\n\n