How to Leverage OpenLDAP Effectively

Posted by Christine Simko on Mar 12, 2019 10:00:00 AM
Christine Simko


What is OpenLDAP?

OpenLDAP is a free, open-sourced Lightweight Directory Access Protocol (LDAP) implementation started by Kurt Zeilenga in 1998.  It was developed as a part of the OpenLDAP Project.

OpenLDAP runs on numerous Linux Distributions, including Ubuntu. Historically, the OpenLDAP server is called slapd, which listens for LDAP connections on any number of ports, the default being 389.

According to the OpenLDAP Wikipedia page, the original architecture “was split between a frontend which handles network access and protocol processing, and a backend which deals strictly with data storage. This split design was a feature of the original University of Michigan code written in 1996[9] and carried on in all subsequent OpenLDAP releases.”

Currently, the architecture is modular therefore many types of backends are now available for other technological databases, not just traditional ones.

The Pros and Cons of Running OpenLDAP

While OpenLDAP’s agility allows authentication with LDAP on many different types of applications and devices, there are serious negatives:

  • The 24/7 availability of an trained IT team to configure, setup, and deploy OpenLDAP
  • In order to run OpenLDAP optimally you need 100% uptime to ensure your users and devices have the ability to authenticate seamlessly
  • Configuring the myriad client applications to talk to OpenLDAP is no easy feat. There are many configurations, including getting the ou, dc, dn, and cn correct. Just this step could require hours of your time, back and forth, fiddling with options.
  • The fundamental reason most use OpenLDAP is for access control, yet simply navigating who should get access to what applications and devices and for how long, etc, can be very convoluted to sort through continually.
  • Many applications do not play nicely with LDAP when it comes to connecting on a certain port. This can be extremely time consuming, and many admins aren’t sufficiently equipped with proper knowledge concerning correct certificates and encryption methods.
  • A great deal of IT admins shy away from using OpenLDAP because of the technical wherewithal in tandem with an IT team’s availability require a great deal of effort for such a simple thing like managing directories for machine access.
  • Other alternatives for user management, like Microsoft Active Directory, Chef or Puppet still require a lot of extra effort to run efficiently.

Run LDAP with Foxpass

There is a better way than operating your own OpenLDAP server!

Foxpass’s SaaS-based LDAP implementation will save you hundreds of countless hours and save your IT team a huge, ongoing headache.

The Foxpass Team has spent a lot of time fine-tuning its cloud-based directory service options. With Foxpass, users can be easily grouped to deliver delegated access to the appropriate resources and designate the appropriate levels of permissions where necessary.

Upgrade your security.

Click Here to learn how Foxpass can help you avoid costly security mistakes

Subscribe Here

Recent Posts