{"id":7586,"date":"2022-11-23T08:00:00","date_gmt":"2022-11-23T13:00:00","guid":{"rendered":"https:\/\/www.jumpcloud.com\/blog\/?p=7586"},"modified":"2024-01-29T14:04:56","modified_gmt":"2024-01-29T19:04:56","slug":"online-ldap","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/online-ldap","title":{"rendered":"Online LDAP"},"content":{"rendered":"\n

LDAP (lightweight directory access protocol)<\/a> is a protocol that facilitates directory management, authentication, and authorization. It was one of the first core directory protocols (invented in the early \u02bc90s), and it is still in use today. However, the typical IT environment has changed considerably in the last few decades, and LDAP has followed suit. What was once exclusively an on-premise protocol is now available both on-premises and in the cloud. <\/p>\n\n\n\n

Online LDAP allows IT admins to reap the benefits of the protocol without complex configuration or additional on-premises server requirements. That way, they can secure user authentication to legacy applications, Samba file servers and NAS appliances, and other resources that require a backing LDAP directory \u2014 all from the cloud.<\/p>\n\n\n\n

This blog will explore the migration of LDAP from on-premise to the cloud and how online LDAP changes the protocol\u2019s manageability and role in the modern directory. <\/p>\n\n\n\n

How LDAP Is Evolving <\/h2>\n\n\n\n

LDAP is a highly technical protocol, and managing it in-house requires considerable time and expertise \u2014 and that\u2019s not to mention the drain on resources from hosting an LDAP server on-prem. Moving LDAP to the cloud relieves the burden of both hosting and managing an LDAP instance. Read on to explore the challenges of managing traditional LDAP and how LDAP is evolving to address these challenges and accommodate changing needs.<\/p>\n\n\n\n

Why Is Traditional LDAP So Hard to Manage?<\/h3>\n\n\n\n

While most LDAP directories, like OpenLDAP<\/a>, are open source and require no software to purchase, they do require a hefty investment in both the server components and technical know-how. This is largely because the protocol is so open and flexible that admins need a strong baseline of knowledge to use it. <\/p>\n\n\n\n

OpenLDAP, for example, is so open-ended that it allows you to create and customize schemas, which define everything from the directory structure to object classification and syntax. This may be highly useful for someone with the expertise and time to set up a directory from scratch, but it can be too<\/em> open-ended for other admins who just want to set up a directory that works. In short, LDAP provides a lot of options with little guidance or structure to contextualize them.<\/p>\n\n\n\n

To complicate things further, maintaining an on-prem directory can be tedious and challenging. Making a change to the schema after the directory has been built, for example, might cause domino-effect breakage throughout the directory environment. Managing precarious structures with a high degree of flexibility and little supporting guidance can cause serious problems in the environment.<\/p>\n\n\n\n

In addition, LDAP programs like OpenLDAP are generally executed and managed at the command line; admins that want a more interactive and visual experience would need to supplement their LDAP implementation with a third-party GUI wrapper. <\/p>\n\n\n\n

And that\u2019s just the half of it. Managing your own LDAP instance also means hosting and managing an LDAP server. That includes keeping up with patches, responding to outages, and paying to house the server somewhere safe with reliable and secure backups in place. And don\u2019t forget the costs of upgrading the hardware itself every few years and hiring an engineer with enough expertise to set up, configure, maintain, and ultimately manage it. <\/p>\n\n\n\n

The time and expenses associated with hosting your own LDAP directory add up; after a few years, they\u2019re rarely lower than the costs of outsourcing to an online LDAP instance. To play around with the associated costs of hosting infrastructure over time, check out this interactive TCO calculator<\/a>.<\/p>\n\n\n\n

How Online LDAP Solves the Problem <\/h3>\n\n\n\n

These challenges aren\u2019t unique to LDAP: in general, businesses have begun to realize that hosting their own infrastructure is rarely more cost and resource-effective than outsourcing them to the cloud. As the cloud replaces on-prem infrastructure as the business norm, LDAP has followed suit. <\/p>\n\n\n\n

Cloud-based LDAP<\/a> has emerged as an alternative to on-prem LDAP for IT teams who want to access LDAP servers online, as needed. This removes the heavy lifting of on-prem LDAP: instead of hosting and managing a server in-house, organizations can simply use a cloud-based one as needed. And many cloud-based LDAP instances include a more user-friendly UI to assist with implementation and configuration. Outsourcing LDAP to the cloud allows IT teams to focus on driving strategic initiatives and enabling their users to work securely from anywhere. Frankly, there is little reason to run your own LDAP infrastructure when you can do so from the cloud.<\/p>\n\n\n\n

What Is LDAP\u2019s Role in the Directory Today?<\/h2>\n\n\n\n

The types of resources that organizations have to manage have diversified considerably. Now, the modern business must manage everything from on-premises systems to mobile devices, wireless networks, and web-based applications, rather than the traditional, fully on-prem environment. To accommodate this diversification, one directory protocol no longer suffices; instead, the modern directory uses multiple protocols, like SAML<\/a>, OAuth, and RADIUS<\/a>. These new protocols don\u2019t replace LDAP; rather, they expand a directory\u2019s reach by allowing the directory to manage more types of resources. <\/p>\n\n\n\n

LDAP is still often the protocol of choice for many open source technical solutions, like Docker, Kubernetes, Jenkins, and thousands of others. Also, because LDAP has been around for so long, many popular commercial applications also standardize around LDAP as their backend authentication protocol. Additionally, Linux server authentication commonly leverages LDAP, usually through OpenLDAP<\/a>, as well.<\/p>\n\n\n\n

Online LDAP Within an Open Directory <\/h2>\n\n\n\n

Many platforms offer online LDAP services; however, they vary in capabilities and comprehensiveness. Some combine LDAP with many other functionalities, like identity and access management (IAM)<\/a>, mobile device management (MDM)<\/a>, and more. It\u2019s worth considering whether an online LDAP offering can meet any of your organization\u2019s other identity and access management needs. To evaluate your organization’s needs, you can use the following questions: <\/p>\n\n\n\n