Why LDAP Still Matters
"Just use Google Workspace." I hear this a lot. And for many teams, it's the right call. But when you need full control over user authentication across 10+ internal services β when compliance requires your identity data to stay on-premise β OpenLDAP is still the most battle-tested solution.
Here's what most people get wrong: LDAP isn't outdated. It's invisible. Every time you log into a corporate VPN, access a shared drive, or authenticate to GitLab β there's a good chance LDAP is doing the work behind the scenes.
What OpenLDAP Actually Does
LDAP (Lightweight Directory Access Protocol) is a centralized user directory. One place to manage:
- Who your users are β names, emails, roles
- What they can access β groups, permissions
- How they authenticate β passwords, certificates
Instead of creating separate accounts in every service, you create one LDAP entry β and every connected service uses it.
A Real OpenLDAP Setup with Docker
Here's a production-ready Docker Compose for OpenLDAP with a web admin panel:
services:
openldap:
image: osixia/openldap:1.5.0
restart: unless-stopped
environment:
LDAP_ORGANISATION: "My Company"
LDAP_DOMAIN: "company.com"
LDAP_ADMIN_PASSWORD: "${LDAP_ADMIN_PASSWORD}"
ports:
- "389:389"
- "636:636"
volumes:
- ldap_data:/var/lib/ldap
- ldap_config:/etc/ldap/slapd.d
phpldapadmin:
image: osixia/phpldapadmin:0.9.0
restart: unless-stopped
environment:
PHPLDAPADMIN_LDAP_HOSTS: openldap
ports:
- "6443:443"
depends_on:
- openldap
volumes:
ldap_data:
ldap_config:
Two containers. That's it. You get a full LDAP server with a web interface for managing users and groups.
What You Can Connect to LDAP
Once your directory is running, plug it into everything:
- GitLab / Gitea β developer authentication
- Nextcloud β file sharing with corporate accounts
- Grafana β monitoring dashboards access control
- VPN (OpenVPN / WireGuard) β network access by group
- Jenkins / CI systems β build permissions
- Custom apps β via LDAP bind authentication
One password change propagates everywhere. One account disable locks everything.
OpenLDAP vs Active Directory
FeatureOpenLDAPActive Directory CostFreeWindows Server license OSLinux, DockerWindows Server Best forLinux infra, DevOpsWindows-heavy orgs ComplexityMediumHigh GUIphpLDAPadmin, Apache DSBuilt-in (ADUC)If your infrastructure is Linux-based and you're already using Docker β OpenLDAP is the natural choice.
When LDAP Is the Right Move
- You have 10+ internal services that need shared authentication
- Compliance requires identity data on your own servers
- You're tired of managing separate user accounts everywhere
- You want SSO without paying for enterprise identity providers
If your team is under 10 people and everything runs on SaaS β you probably don't need LDAP. But the moment you self-host more than a few services, centralized identity management stops being optional.
Need help setting up OpenLDAP or integrating SSO for your infrastructure? Book a free consultation.