Next Generation Directory-based User Management for Cloud Infrastructure

The IETF standard RFC2307 has long been a best-practice for storing security policies of unix machines across tcp/ip networks. It has a common data format so that a uniform security policy can be applied across every node in the network. The problem is keeping the security policy current.

There needs to be a mediator to automatically keep events in sync. Access must be granted when new machines pop up without delay, and most importantly, removed, when no longer needed. At the same time rigid policies must be maintained about who can access a machine when, and for what purpose, or for that matter, who can grant that access, and under what conditions.

Everything must also be backed up by a centralized audit trail. Here we’ll present an approach for doing this using some open source including midPoint IdM and OpenLDAP directory. There is a demo based on a hypothetical case study.