Authorized Entities Directory
The agile IAM for DevOps
Authorized Entities Directory (Æ-DIR) is a Privileged Identity and Access Management (IAM/PIM/PAM) based on OpenLDAP
- 2021-05-04: ansible-ae-dir-server 0.26.0 -- Integration of EKCA on Æ-DIR providers.
- 2021-04-30: aehostd 1.5.0 -- Major re-factoring of request processing, use of non-demon threads.
- 2021-04-22: ansible-ae-dir-server 0.25.0 -- Simple web apps migrated to Flask, many software updates.
- 2021-04-18: aehostd 1.4.4 -- NSS/PAM server uses thread pool, improved monitoring logs.
- Strictly follow need to know and least privilege principles
- Agile data maintenance by consequent delegation of manageable small areas
- Provide meaningful audit trails for compliance checks
- Secure defaults
- Fine-grained authorization
- Fine-grained delegation, ready-to-use role-model
- Role separation, multiple accounts per person
- Secure password handling, SSH key distribution, built-in CA for OpenSSH User Certificates
- Password self-service web application
- Compatible to all LDAP enabled applications without complicated client-side schema mapping
- Two-factor authentication integrated with LDAP, usable by any LDAP enabled application
- High availability out-of-the-box with LDAP server replicas
- Automated installation of turnkey solution with ansible
- TLS everywhere
- Service hardening out-of-the-box (e.g. with AppArmor)
Find longer introductions: Æ-DIR conference presentations.