Building Identity and Access Management in GitHub Enterprise

Matt Todd



In order to empower the Enterprise world to work like an open source community, GitHub needed to offer a product that could integrate with existing Identity and Access Management systems. Companies using systems like LDAP to manage user accounts across all internal services can’t risk introducing services they can’t manage centrally.

Our solution was to leverage existing open source projects like Ruby’s Net::LDAP client library, enabling us to launch our Enterprise product with LDAP support and gain critical customers early on. But scaling proved challenging due to our unfamiliarity with the technology: our approach was generalized to work with the common features of most LDAP directories instead of utilizing available optimizations.

As we learned LDAP in depth, we saw the need to improve the library we utilized in order to make substantial improvements to our own integration. We started by tuning the performance of our directory search strategies, fixing bugs, optimizing hotspots, reducing network IO, and instrumenting the internals of Net::LDAP along the way. Early on we saw the opportunity to join the community in helping maintain it. The library itself is nearly a decade old with numerous passing maintainers. My colleague and I joined as maintainers and started fixing broken tests, cleaning up the library, and responding to long-stale issues and pull requests. The community has since seen increased involvement from new contributors in reported bugs and code.

In this talk, I will delve deeper into how we optimized our software, detailing our engineering processes, and how we used those methods to make major contributions to the community. I’ll be exploring the responsibility we have as members of the community to give back and help maintain projects we depend on. I’ll be digging into the hard lessons we learned as we built a product to integrate with numerous supported LDAP services, including how we benchmarked, optimized, and scaled those solutions.


Matt Todd

From consulting to product engineering over the past decade, I’ve worked as a web engineer on new and legacy systems alike. I currently work at GitHub on our SaaS product and on our GitHub Enterprise offering, maintaining our LDAP, SAML, and other Identity and Access Management integration points. With a focus on product development, I worked with a small team to design and build innovative IAM solutions into GitHub Enterprise, specializing in LDAP support while tuning and optimizing operations.


Building Identity and Access Management in GitHub Enterprise – slides