Æ-DIR -- Authorized Entitites Directory

Identity and Access Management with OpenLDAP

stroeder

Playlists: 'osc19' videos starting here / audio / related events

This talk will present a concept and real-world implementation of an identity and access management system (IAM) purely based on OpenLDAP.

The main goal of Æ-DIR (besides challenging Unicode handling in various software with its name) is to follow the delegation, need-to-know and least-privilege principles as strictly as possible. The visibility of user, group, sudoers, etc. is limited by OpenLDAP’s set-based ACLs. All systems and services, no exception(!), have to individually authenticate to be authorized to access Æ-DIR.

The talk will give some additional information about the secure base configuration of OpenLDAP and a special NSS/PAM caching demon developed for lower resource usage.

This talk will present a concept and real-world implementation of an identity and access management system (IAM) purely based on OpenLDAP.

The main goal of Æ-DIR (besides challenging Unicode handling in various software with its name) is to follow the delegation, need-to-know and least-privilege principles as strictly as possible. The visibility of user, group, sudoers, etc. is limited by OpenLDAP’s set-based ACLs. All systems and services, no exception(!), have to individually authenticate to be authorized to access Æ-DIR.

The talk will give some additional information about the secure base configuration of OpenLDAP and a special NSS/PAM caching demon developed for lower resource usage.

Download

Related

Embed

Share:

Tags