News Stay informed about the latest enterprise technology news and product updates.

Firm forgoes LDAP and Active Directory for cloud directory

For one software developer, the choice of an AWS cloud was easier than learning how to secure the infrastructure with a user directory.

Identity and access management in the cloud can be a tricky endeavor, but as cloud computing matures, more alternatives...

have begun to surface that promise a better experience.

One software development startup skipped integration hassles between the AWS cloud, Microsoft Active Directory and the open source Lightweight Directory Access Protocol when it chose a cloud directory from an emerging vendor.

Clip Interactive in Boulder, Colo., is a two-year-old firm which makes software to convert non-digital experiences (such as hearing a song on the radio) into digital ones (identifying the song and downloading as an MP3, for example). It runs about 80 instances in the Amazon Web Services (AWS) Elastic Compute Cloud, about a third of which use a Windows operating system while the rest run Linux.

Getting the company's Ruby-based code to run on Windows servers took some tricks with Chef and scripting, and the specter of setting up user directories for both Linux and Windows in the cloud loomed as an even larger problem, according to Ben Good, Clip's director of engineering operations.

Making all your machines connect in to that LDAP instance by default is also kind of a pain in the butt.
Ben Gooddirector of engineering operations, Clip Interactive

Good had previous experience setting up a Lightweight Directory Access Protocol (LDAP) server in the cloud and found the process painful.

"I have never met someone that said, 'Oh yeah, that was great, that was easy!' about setting up an LDAP instance," he said. "Making all your machines connect in to that LDAP instance by default is also kind of a pain in the butt."

Good had also struggled with using a public/private key setup over SSH to connect users on workstations to server instances in the cloud.

As for Microsoft's Active Directory, which would be required for his Windows servers, "that was never really on the table," Good said. "We don't need that overhead and all the bells and whistles that Active Directory has."

The search for an LDAP replacement

Still, Clip needed to secure its infrastructure. It was already using software from JumpCloud, which was, at the time, selling security as a service software for cloud instances. Good participated in an alpha test of JumpCloud's user directory software about a year ago, as the company wanted its software to replace user directories like LDAP.

JumpCloud uses connectors to hook up to Windows, Linux and Mac OS machines, authenticate users and assign permissions for access to files. Company officials say it can replace both LDAP and Active Directory for $10 per user per month.

JumpCloud's software consists of agents that are installed on Windows and Linux machines alike via Chef when instances are spun up.

"From that point, when [servers] register themselves with JumpCloud, we use their API to … put the operations group on all the instances," Good said. "If it's a box that has a particular environment in Chef then they get developer permissions … and then we manage our users through JumpCloud's user interface."

So far JumpCloud's directory has met Clip's needs, but JumpCloud executives say that the initial version of its directory software is best suited for companies with fewer than 500 end users.

Beth Pariseau is senior news writer for SearchAWS. Write to her at or follow @PariseauTT on Twitter.

Dig Deeper on AWS business applications

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Would you consider an LDAP or Active Directory replacement?
Open source database using GOSA allows system administrator to manage user and groups applications phones faxes nail distribution and other parameters