Package aehostd

aehostd is a custom nss/pam daemon to work with Æ-DIR LDAP directories.

Authorized Entities Directory (Æ-DIR) is a Privileged Identity and Access Management (IAM/PIM/PAM) based on OpenLDAP

Main Objectives of AE-DIR

  • Strictly follow need to know and least privilege principles
  • Agile data maintenance by consequent delegation of manageable small areas
  • Provide meaningful audit trails for compliance checks
  • Secure defaults

Packaging aehostd - currently preferably deployed with ansible roles - , as a first step, would get nixos into the range of deployable host systems under AE-DIR management. This is what personally motivates me.

The original author of AE-DIR would welcome such contribution and expressed willingness to support, if needed.

I’m completely new to Nix, and I would appreciate help and guidance of any sorts.

First questions first:

  • Based on the ultimate chances of inclusion, should I fork nixpkgs and work towards a PR? (I’d actually prefer to upstream this)
  • If I got a package done, how should I tackle / organize a companion module for it’s proper configuration?
    • Should a module go in the same PR or separate?