Can I Replace LDAP/OpenLDAP with Azure?

 

OpenLDAP is a free, open-source LDAP server that is used and trusted by organizations around the world. Historically, OpenLDAP has been a good solution for directory services and has succeeded in more technical environments as it requires a fair amount of technical expertise.

To ease the transition to cloud-based networks, Microsoft created Azure to aid clients moving their directories from the on-premise Active Directory (which uses LDAP to communicate) to the cloud. However, Azure is limited compared to AD when it comes to support for WPA2-Enterprise Wi-Fi. AD is an on-premise solution, and Microsoft doesn’t offer cloud PKI or Certificate Authority (CA) services.

So it is understandable for an IT department to look at Azure as an alternative to the more technical openLDAP. But, can Azure replace openLDAP?

 

What’s the Difference Between LDAP and OpenLDAP?

 

It’s important to note that LDAP and OpenLDAP are not the same thing. LDAP refers to the software protocol that stores and arranges data to make it easily searchable. The data can be any information about organizations, devices, or users stored in directories. LDAP is the protocol used by servers to speak with on-premise directories like AD.

OpenLDAP is the leading open source LDAP platform today. OpenLDAP takes use of the LDAP protocol and acts as an IDP to connect users to the company resources they need.

 

What is Azure AD?

 

Azure AD was rolled out to help Windows network administrators transition their ADs to the cloud, but don’t be fooled because Azure AD is not the same thing as AD. Compared to AD, Azure AD is much more limited in services provided. For instance, Azure AD doesn’t support LDAP, Kerberos and NTLM authentication, nor group policy.

Azure AD is also limited when it comes to supporting WPA2-Enterprise Wi-Fi and has no real solution for enabling 802.1X authentication, both of which provide the best network security. In a one-to-one comparison, Azure is not capable of being a full replacement for OpenLDAP, nor vice versa.

Luckily, There is a cloud-based solution that leverages Azure as a SAML provider.

 

Improving Security for Azure with a PKI and Digital Certificates

 

SecureW2 can partner with Microsoft Azure for flawless wireless security and efficient network authentication. Cloud RADIUS offers an exclusive Dynamic Policy Engine that integrates natively with Azure (or any SAML provider) and performs run-time level policy decisions based on dynamic user attributes.

Ostensibly, SecureW2 provides all the benefits of the LDAP protocol (real-time policy enforcement, support for Wi-Fi and VPN authentication), but you only need a directory and can get rid of your on-premise servers.

Standard issue certificates are static, meaning you can’t edit permissions. If admins need to change user attributes, they’d have to revoke the old certificate, create a new one, sign it, and distribute to the user. Dynamic RADIUS takes that away by allowing admins to edit the user’s attributes in the directory instead of going through the certificate management process.

 

SecureW2 Can Make Azure Integration Easy

 

With SecureW2, you can have your secure network set up in a matter of hours and have a support team ready to assist you with any of your questions. Our Dynamic Radius can do many of the same things LDAP does and can be easily integrated into your network environment. Use our directory, your directory, or Azure’s, and you can still integrate seamlessly with Dynamic RADIUS.

We have affordable solutions for organizations of all sizes, check out our pricing here to see if we can be of service.

 

 

 

 

 

 

 

 

 

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Eytan Raphaely

Can I Replace LDAP/OpenLDAP with Azure?