11

Are there any enterprise-grade services for externally hosted LDAP used for authenticating users in our company?

Internally, we have many development and test servers that have system users locally created, and then we connect to our current LDAP directory in order to authenticate users. We have many other services that leverage this as well.

We no longer have an individual we feel qualified to manage our LDAP directory, and currently do not want to invest the time nor the resources to get back up to where we were previously. (And, I'm trying to prevent the "cure-all" NIS/YP coming back into play.)

I'm looking for a company that provides an LDAP instance, reliable (duh), good tools for managing users, groups, and really the DN as a whole. Ideally, they support synchronization so we can have a trivial setup in-house that lives off replication, and can be used by our local servers for fast(er) queries for logins and the like, with the secondary fallback to the external system.

While I would prefer to stick with an OpenLDAP based service, I'm open to alternatives that "speak" standard LDAP, and can be used with all the LDAP tools already available (Linux PAM LDAP Auth, mod_authnz_ldap for Apache, etc.). I am not interested in switching to Active Directory.

[edit]
Additionally, this is preferably an offsite host. Not an appliance or anything that we'll buy and place in our facility. The option to have an appliance on-site in addition to the remote host for the replication reason I gave previously is an interesting option, if such a thing exists.

[edit2]
An additional thought occurred to me earlier today. Are there any primary service hosts out there (e-mail hosts, corporate messaging hosts [preferably XMPP], etc.) that would as a result of hosting this function, also expose an LDAP instance? One that they officially support?

It would be very nice if the replication appliance I talked about in my first edit still applies here.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
VxJasonxV
  • 911
  • 1
  • 16
  • 29
  • 4
    So how reliable is your internet connection and are you OK with all work coming to a halt if that connection is down? – EEAA Sep 23 '10 at 17:10
  • I mention replication with a local slave not once, but twice in the question. [edit] And, if our internet connection goes down, have bigger problems given the services that we host out of our network. – VxJasonxV Sep 23 '10 at 17:33
  • Maaaan. I want to post a bounty on this, but then my rep will be under 200 and the ServerFault icon won't show up on my flair :(. What's more important? Awesome widgets, overall rep, or getting this question answered? :( – VxJasonxV Oct 01 '10 at 21:54
  • 2
    if you're more concerned about your rep than your problem I think you need to get your priorities sorted out. – John Gardeniers Oct 04 '10 at 01:17
  • It was a tongue-in-cheek comment for some reasons also not stated. Note also that there's a bounty, from me, on the question. – VxJasonxV Oct 04 '10 at 02:25

4 Answers4

3

  1. Symplified offers a cloud directory service that "provides . . . support for a wide range of LDAP and RDBMS systems as well as cloud services." eWeek provides an overview that may be useful.

  2. Entic.net, a small company that appears to specialize in directory services, is beta-testing a distributed "Cloud DS" LDAP service. No details on the site, but they invite interested parties to contact them about participating in the private beta.

  3. eApps offers an OpenLDAP VPS, publishes an SLA, offers a 24/7 support option, and locates its servers at a QTS datacenter. Unfortunately, this doesn't appear to be their core business. I do not know whether they provide management tools that meet your criteria.

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
  • Mmmm. Getting warmer. Unfortunately all the points you hit are unrelated. You rightly point out the fact that they don't provide the management tools I'm listing, because it's just a VPS package with LDAP in it. Yes, they have an SLA: for their services (hosting packages) as a whole, yes they have 24/7 support for their services as a whole. Nothing pertaining to excellence in quality LDAP management (perhaps more specifically, they have no LDAP management at all, I would still have master control, and master unintentional destruction). – VxJasonxV Oct 04 '10 at 05:11
  • Understood. I suspect that the market for what you're looking for is still an emerging one: most companies still don't "trust the cloud" enough to take the leap of outsourcing their directory services. On the other hand, attitudes are very likely to change, and it could be a very common thing to do within 5-10 years. – Skyhawk Oct 04 '10 at 19:56
  • I also think we're rather far from cloud directory service. There are very few OSS ldap based management tools. It's still a niche market, AD is the dominant platform for directory services. – Hubert Kario Oct 04 '10 at 20:14
  • I found Entic last night via their "CloudFace" offering, didn't see their homepage -> CloudDS offering. Might be something to evaluate down the road. Does RedHat not have VARs and other places that sell RHDS services? – VxJasonxV Oct 04 '10 at 20:39
  • Added Symplified to the list. – Skyhawk Oct 05 '10 at 17:23
  • I'm going to go ahead and give you the bounty because you've stuck to the topic and provided updated answers, whether I take them or not is not entirely the point when I was looking for options as-is. Thanks for sticking around and helping me out with this. – VxJasonxV Oct 08 '10 at 07:03
1

Have you looked for Managed Service Providers in your area? That can be a good fit for getting a specific service and technical skillset that you don't have in-house.

I hate to point this out, but you say you're a business ISP and you don't have (and won't hire) anyone qualified to run LDAP. That sounds pretty bad to me, like if Amazon didn't want to invest in DBA staff - but maybe a MSP would fit the bill for you.

mfinni
  • 36,144
  • 4
  • 53
  • 86
  • You mis-interpreted that comment. I also phrased it horribly. Our ISP is Level3, we have a fiber line coming into our office. The point was simply to state that we are a software development shop, and run a production system out of our office. Suffice it to say, we have a very high-tier ISP serving our internet connection (Level3). Albeit, we're a small business/office, less than 30 folks. Less than 50 in the company as a whole. – VxJasonxV Oct 04 '10 at 21:12
  • OK - my main point still stands. An MSP, particularly if you can find a local one that you like, might serve you well. Get a contract for them to host and manage LDAP for you and to set up a replicated server on your site. Nicely bounded statement of work, a good MSP will jump at the chance for something that should be pure profit after a couple of months. – mfinni Oct 04 '10 at 23:16
  • Sure, I wasn't rejecting your suggestion of MSPs, I was just clarifying the details of our situation. I appreciate the suggestion, hence the +1. – VxJasonxV Oct 05 '10 at 18:56
  • I think invariably we should bring someone in to maintain what we already have, so I'm going to go ahead and award the question to you. Per a comment I left on another question, I gave the bounty to Miles, because he stuck around and provided a lot of valuable options. I know I asked for a vendor, but us as the host and a consultant that knows what they're doing is equally as correct an answer. Thanks for your input. – VxJasonxV Oct 13 '10 at 00:00
0

You could check with your ISP. While they may not advertise the service, they might be willing to work out a deal, particularly if they're a smaller company.

Brad Mace
  • 1,024
  • 3
  • 17
  • 32
-1

I built a cloud LDAP service called Foxpass.

It has a web-based UI to make it easy to manage passwords, users, and groups. As a bonus it also lets users upload their public keys to make LDAP-enabled ssh easier (and will let you enforce key rotation policies).

It is not a hosted installation of an off-the-shelf LDAP system (ie OpenLDAP). Instead is designed from the group-up to be enterprise-grade (reliable, scalable, and fault-tolerant).

https://www.foxpass.com

ArenS
  • 36
  • 3
  • Although your answer might have been appropriate for this 4 year old question, currently the original question itself is no longer [on-topic](http://serverfault.com/help/on-topic) according the site standards. – HBruijn Feb 17 '15 at 23:35