Authorized Entities Directory

The agile IAM for DevOps

Authorized Entities Directory (Æ-DIR) is a Privileged Identity and Access Management (IAM/PIM/PAM) based on OpenLDAP

Main Objectives

• Strictly follow need to know and least privilege principles
• Agile data maintenance by consequent delegation of manageable small areas
• Provide meaningful audit trails for compliance checks
• Secure defaults

Key Features

• Fine-grained authorization
• Fine-grained delegation, ready-to-use role-model
• Role separation, multiple accounts per person
• Secure password handling, SSH key distribution
• Compatible to all LDAP enabled applications
• Two-factor authentication integrated with LDAP
• High availability out-of-the-box with LDAP server replicas
• TLS everywhere
• Service hardening out-of-the-box

Find longer introductions: Æ-DIR conference presentations.

News:

• Currently finished:
  aehostd -- custom PAM/NSS demon
• New Æ-DIR slides available of talk at OSDC 2018
• Talk about hardening Æ-DIR at
  OWASP-KA, Karlsruhe, 2018-07-02
• Æ-DIR & OATH-LDAP talk at
  KA-IT-SI, Karlsruhe, 2018-12-13
• More about OATH-LDAP and SSH login listed on www.stroeder.com...