Æ-DIR -- Authorized Entities Directory 0.29.0

Authorized Entities Directory (Æ-DIR) is a Privileged Identity and Access Management (IAM/PIM/PAM) based on OpenLDAP Objectives: * Strictly follow need to know and least privilege principles * Agile data maintenance by consequent delegation of manageable small areas * Provide meaningful audit trails for compliance checks * Secure defaults

Tags openldap iam ldap nis
License Apache
State stable

Recent Releases

0.29.006 Sep 2021 09:18 major feature: Update to OpenLDAP 2.5, new Debian/Ubuntu repos, many software updates, added support for Debian bullseye, AlmaLinux and Rocky Linux.
0.27.730 Jul 2021 08:43 major feature: Added LSB id mappings for installing on Rocky Linux 8.4. More flexible handling of variable openldap_db_params.
0.27.431 May 2021 15:22 major feature: Added LSB id mappings and repo entries for installing on AlmaLinux 8.4 and openSUSE Leap 15.3.
0.27.218 May 2021 05:41 minor bugfix: Fixes for HTML templates.
0.27.016 May 2021 23:39 minor feature: Update to web2ldap 1.6.1 and ldap0 1.2.8+ with performance enhancements for handling large group entries.
0.26.211 May 2021 17:33 minor bugfix: Fixed DB compacting script.
0.26.110 May 2021 16:58 major feature: Added SSH-CA (EKCA) for issuing temporary short-term OpenSSH user certificates.
0.25.122 Apr 2021 18:37 minor feature: - Finally the simple web apps were migrated to Flask/WTForms/Jinja2. - Enforced installation of more recent software releases. - slapdcheck has a config file now where you can set formerly hard-coded parameters. - Added HTTP security header Permissions-Policy. - Fixed HTML markup ae-dir-pwd's change password form. - Improved wording in e-mail templates.
0.24.1918 Mar 2021 14:12 minor feature: Features: - Added support to set aedir_rundir to e.g. /run/ae-dir usually mounted as tmpfs on modern Linux distros (not enabled by default, use with care) - added support for directly validating OTP values with a COMPARE request against a token entry (used by oath-ldap-tool ykcheck) - Change to oathTokenPIN-ACLs and userPassword-ACLs for token entries to enable bulk enrollment of Yubikey tokens 1 - slapdcheck monitoring parameters now in configuration file Fixes - added --graceful-timeout=2 to aedir_gunicorn_args for fixing issues with ansible restart handlers - various fixes for installing on SLE15 SP2 Enforced installation of recent software: - oath-ldap-tool 1.3.4+ - oath-ldap-srv 1.3.0+ - ae-dir-tool 1.0.6+ - slapdcheck 3.8.0+ - pyasn1 and pyasn1_modules
0.21.018 Sep 2020 00:00 minor feature: Enabled sortvals for multi-valued attributes for better performance. Needs reloading of existing databases.
0.15.720 Jun 2020 18:00 stable: aehostd UID/GID is mapped to replica's aeHost entry.
0.12.216 May 2020 15:09 minor feature: Pulls in many software updates besides many other small improvements and fixes.
0.12.114 May 2020 09:56 minor feature: Pulls in many software updates besides many other small improvements and fixes.
0.12.010 May 2020 16:36 minor feature: Pulls in many software updates besides many other small improvements and fixes.
0.11.411 Apr 2020 14:00 minor feature: OATH-LDAP bind listeners are now using config files, added Feature-Policy header to Apache and web2ldap.
0.10.108 Feb 2020 12:56 minor feature: Fixes for Python 3 migration regressions.
0.7.016 Apr 2019 11:00 minor feature: incompatible change of ansible vars for mdb configuration, re-factoring of AppArmor profiles, other minor improvements
0.6.229 Jan 2019 05:49 minor bugfix: minor fixes
0.6.128 Jan 2019 10:03 minor feature: web2ldap update to 1.4.0
0.4.119 Oct 2018 20:00 minor fix: Minor ACL fix
02 Jun 2018 16:51 major feature: initial submission