Authorized Entities Directory

Admin UI (web2ldap) // Password self-service // OATH enrollment

The agile IAM for DevOps

Authorized Entities Directory (Æ-DIR) is a Privileged Identity and Access Management (IAM/PIM/PAM) based on OpenLDAP

News

• 2021-05-04: ansible-ae-dir-server 0.26.0 -- Integration of EKCA on Æ-DIR providers.
• 2021-04-30: aehostd 1.5.0 -- Major re-factoring of request processing, use of non-demon threads.
• 2021-04-22: ansible-ae-dir-server 0.25.0 -- Simple web apps migrated to Flask, many software updates.
• 2021-04-18: aehostd 1.4.4 -- NSS/PAM server uses thread pool, improved monitoring logs.

Main Objectives

• Strictly follow need to know and least privilege principles
• Agile data maintenance by consequent delegation of manageable small areas
• Provide meaningful audit trails for compliance checks
• Secure defaults

Key Features

• Fine-grained authorization
• Fine-grained delegation, ready-to-use role-model
• Role separation, multiple accounts per person
• Secure password handling, SSH key distribution, built-in CA for OpenSSH User Certificates
• Password self-service web application
• Compatible to all LDAP enabled applications without complicated client-side schema mapping
• Two-factor authentication integrated with LDAP, usable by any LDAP enabled application
• High availability out-of-the-box with LDAP server replicas
• Automated installation of turnkey solution with ansible
• TLS everywhere
• Service hardening out-of-the-box (e.g. with AppArmor)

Find longer introductions: Æ-DIR conference presentations.