Why LDAP Still Matters

"Just use Google Workspace." I hear this a lot. And for many teams, it's the right call. But when you need full control over user authentication across 10+ internal services — when compliance requires your identity data to stay on-premise — OpenLDAP is still the most battle-tested solution.

Here's what most people get wrong: LDAP isn't outdated. It's invisible. Every time you log into a corporate VPN, access a shared drive, or authenticate to GitLab — there's a good chance LDAP is doing the work behind the scenes.

What OpenLDAP Actually Does

LDAP (Lightweight Directory Access Protocol) is a centralized user directory. One place to manage:

  • Who your users are — names, emails, roles
  • What they can access — groups, permissions
  • How they authenticate — passwords, certificates

Instead of creating separate accounts in every service, you create one LDAP entry — and every connected service uses it.

A Real OpenLDAP Setup with Docker

Here's a production-ready Docker Compose for OpenLDAP with a web admin panel:

services:
  openldap:
    image: osixia/openldap:1.5.0
    restart: unless-stopped
    environment:
      LDAP_ORGANISATION: "My Company"
      LDAP_DOMAIN: "company.com"
      LDAP_ADMIN_PASSWORD: "${LDAP_ADMIN_PASSWORD}"
    ports:
      - "389:389"
      - "636:636"
    volumes:
      - ldap_data:/var/lib/ldap
      - ldap_config:/etc/ldap/slapd.d

  phpldapadmin:
    image: osixia/phpldapadmin:0.9.0
    restart: unless-stopped
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: openldap
    ports:
      - "6443:443"
    depends_on:
      - openldap

volumes:
  ldap_data:
  ldap_config:

Two containers. That's it. You get a full LDAP server with a web interface for managing users and groups.

What You Can Connect to LDAP

Once your directory is running, plug it into everything:

  • GitLab / Gitea — developer authentication
  • Nextcloud — file sharing with corporate accounts
  • Grafana — monitoring dashboards access control
  • VPN (OpenVPN / WireGuard) — network access by group
  • Jenkins / CI systems — build permissions
  • Custom apps — via LDAP bind authentication

One password change propagates everywhere. One account disable locks everything.

OpenLDAP vs Active Directory

FeatureOpenLDAPActive Directory CostFreeWindows Server license OSLinux, DockerWindows Server Best forLinux infra, DevOpsWindows-heavy orgs ComplexityMediumHigh GUIphpLDAPadmin, Apache DSBuilt-in (ADUC)

If your infrastructure is Linux-based and you're already using Docker — OpenLDAP is the natural choice.

When LDAP Is the Right Move

  • You have 10+ internal services that need shared authentication
  • Compliance requires identity data on your own servers
  • You're tired of managing separate user accounts everywhere
  • You want SSO without paying for enterprise identity providers

If your team is under 10 people and everything runs on SaaS — you probably don't need LDAP. But the moment you self-host more than a few services, centralized identity management stops being optional.

Need help setting up OpenLDAP or integrating SSO for your infrastructure? Book a free consultation.