stroeder.com<\/p>\n
Abstract<\/h2>\n
This talk will present a concept and real-world implementation of a user and authorization management system purely based on OpenLDAP mainly used to control administrative access to Unixoid servers. The main goal of \u00c6-DIR (besides challenging Unicode handling in various software with its name) is to follow the need-to-know principle as much as possible. The visibility of user, group, sudoers, etc. is limited mainly by OpenLDAP’s set-based ACLs. All systems and services, no exception(!), have to individually authenticate to be authorized to access \u00c6-DIR.<\/p>\n
The talk will give some additional information about the secured base configuration of OpenLDAP, tools developed and some experiences made when migrating\/attaching 7000+ servers to this user management.<\/p>\n
Furthermore the architecture of a SSH gateway is shown which uses the very same access control data to authorize SSH connections passing through the gateway.<\/p>\n
Finally the talk will outline some additional to-dos, and rough ideas how to further develop this system.<\/p>\n
Biography<\/h2>\n
Michael Str\u00f6der works since 16 years as a consultant for LDAP based directory services and identity\/access management. His main interest is building highly secure infrastructures.<\/p>\n
He’s also the author of the LDAP client web application web2ldap (see http:\/\/www.web2ldap.de<\/a>) and maintainer of the Python LDAP module (see http:\/\/www.python-ldap.org<\/a>).<\/p>\n AE-DIR: Paranoid user management with OpenLDAP<\/a> – slides<\/p>\n \u00c6-DIR home page<\/a><\/p>\n Michael Str\u00f6der<\/p><\/div>\n","protected":false},"excerpt":{"rendered":" \u00c6-DIR: Yet another LDAP user and systems management Michael Str\u00f6der stroeder.com Abstract This talk will present a concept and real-world implementation of a user and authorization management system purely based on OpenLDAP mainly used to control administrative access to Unixoid… (READ MORE)<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":76,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-without-title.php","meta":{"footnotes":""},"class_list":["post-172","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/comments?post=172"}],"version-history":[{"count":6,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/172\/revisions"}],"predecessor-version":[{"id":598,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/172\/revisions\/598"}],"up":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/76"}],"wp:attachment":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/media?parent=172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Presentation<\/h2>\n
Software<\/h2>\n
![\"Michael](\"http:\/\/ldapcon.org\/2015\/wp-content\/uploads\/2015\/08\/ps100_01998-219x300.jpg\")
<\/a>