LDAP vs LDAPS: What's the Difference?

In this video, we explain the similarities and differences between LDAP and LDAPS. Read the full blog post: https://jumpcloud.com/blog/ldap-vs-ld...

Learn more about Cloud LDAP with JumpCloud: https://jumpcloud.com/platform/ldap?u...

Learn more about JumpCloud: https://jumpcloud.com/?utm_source=you...

Try JumpCloud for free: https://jumpcloud.com/signup?utm_sour...

Resources and social media:
-Blog: https://jumpcloud.com/blog?utm_source...
-Community: https://community.jumpcloud.com/
-Facebook:   / jumpcloud.daas  
-Twitter:   / jumpcloud  
-LinkedIn:   / jumpcloud  

Transcript:

When it comes down to it, LDAP and LDAPS are not fundamentally different protocols. They both make use of the lightweight directory access protocol for directory management and authenticating users to resources. The difference lies in the way that they transmit information. LDAPS is an extension of LDAP that encrypts its data transmissions.

Here's how it works. LDAP was designed to transmit data in plain text using Port 389. Back in the early nineties when LDAP was invented, business was typically conducted over a closed LAN. This made transmitting data without encryption to and from the local LDAP server relatively safe because the transmissions were contained within the local network. However, as businesses started adopting the internet, and more recently the cloud, transmitting data in plain text began to pose security problems. With cloud-based LDAP, data including users' credentials can be sent to and from the LDAP server over the public internet.

If that data isn't encrypted, it's at serious risk of theft or compromise. To solve for this, engineers designed a way to send LDAP communications over a cryptographic protocol called SSL. SSL uses certificates to establish a secure connection between the client and the server before exchanging any data. In other words, LDAP over SSL allows LDAP data to be encrypted in transit. This way, credentials and other data remain secure when being sent over the internet. This extension of LDAP that leverages SSL is referred to as LDAPS and it's accomplished with a new port, Port 636. LDAPS does everything that LDAP can do, the main difference is that it uses a more secure channel that encrypts data in transit. To summarize, LDAP and LDAPS are both forms of the Lightweight Directory Access Protocol, which is used to manage directories and authenticate and authorize users to resources.

LDAP transmits data in plain text while LDAPS encrypts data in transit, which makes it a more secure form of the LDAP protocol. LDAP uses Port 389 while LDAPS uses Port 636.

Now a note on SSL. SSL has been upgraded to TLS, which stands for Transport Layer Security. LDAP is also able to transmit over TLS. This method is called STARTTLS. Because STARTTLS uses an improved version of SSL, STARTTLS is generally considered even more secure than both LDAP and LDAPS. You should always use a secure form of LDAP, whether that's LDAPS, STARTTLS, or a combination of the two.

Most LDAP providers offer secure LDAP and many require it. Check your LDAP provider's policies to make sure they use a secure form of LDAP. And if you host your own LDAP instance, make sure you're transmitting LDAP data over SSL or TLS.

Want to learn more about IT protocols? Subscribe to the JumpCloud Channel for more educational content like this and check out the links in the description if you'd like to learn how to implement hassle-free Cloud LDAP with JumpCloud.

#jumpcloud #ldap