AWS IAM Identity Center → Linux

Bring your AWS users
to Linux, LDAP free.

Dirless maps your cloud users to native Linux identities - no LDAP, no FreeIPA, no extra infrastructure. Add someone in the AWS Identity Center or the web portal and they show up on every host.

See how it works View on GitHub
The Problem

Your cloud identity
and your servers
don't speak.

Modern teams manage users in AWS IAM Identity Center. But Linux servers have no idea those users exist. The traditional fix is painful.

  • 🏗
    A second system to maintain

    FreeIPA or a fake LDAP server - with its own servers, replication, and failure modes.

  • ✏️
    Double the identity management

    Add someone in the AWS Identity Center, then add them again in LDAP. Remove them, hope you remembered everywhere.

  • 💥
    A fragile critical path

    If your LDAP server is down, nobody can log in anywhere. A directory outage becomes a fleet-wide lockout.

Before Dirless
AWS Identity Center
Sync to LDAP
Manual / Custom Scripting Solution
FreeIPA / LDAP
You have to maintain this and keep it secure
SSSD service
SSSD NSS module
With Dirless
AWS Identity Center
Dirless Syncer
1 or more EC2 instances in your AWS account
Dirless Backend
hosted by Dirless
Dirless Agent
can live in and outside of AWS
Dirless NSS module
How it works

Four components.
Zero extra servers.

Dirless is purpose-built for simplicity. Each piece does one thing well, and the whole system runs on your existing infrastructure.

See how it works →
Features

What Dirless gives you.

More than just user resolution - a complete identity foundation for your Linux fleet.

🔢

Consistent UIDs and GIDs

Every user and group gets a stable UID/GID that is identical across your entire fleet. Shared filesystems like EFS and NFS work correctly because alice is always UID 40001 - everywhere.

🚪

Automatic offboarding

Remove a user from IAM Identity Center and they are gone from every host on the next sync. No manual cleanup, no stale accounts, no forgotten servers.

🛡

Resilient by default

NSS lookups read the local database - no network call at query time. A backend outage or network disruption does not lock users out of their hosts.

🔍

Real names in audit logs

ls -la, ps aux, audit logs - they all show real usernames, not raw UIDs. Your forensics team will thank you.

🌐

Web management portal

Add and remove local users, monitor enrolled nodes, and manage your deployment through a web dashboard - no CLI needed.

☁️

SSM sessions as yourself

AWS Systems Manager can run sessions as the connecting Identity Center user instead of the generic ssm-user - but only if that user exists in the OS. Dirless makes that happen automatically.

🔐

End-to-end encrypted snapshots

Identity snapshots are encrypted with AGE before leaving the backend. The private key lives only on your host. Even if the backend is compromised, your identity data stays private.

Pricing

Simple, server-based pricing.

No per-user fees that scale with your headcount. Pay for the servers you enroll, nothing more. All plans include the full feature set - hosted on our global 3-node cluster.

Beta

Free

$0 / mo
Up to 10 servers

Free forever. A permanent tier for small setups and evaluation.

  • Up to 10 enrolled servers
  • Best-effort support
  • 3-node HA backend
Join the beta No credit card required for this plan

Growth

$10 / mo
$5 / mo
50% off while in beta - keep the 50% discount forever if you sign up during beta and stay subscribed
Up to 50 servers

For growing teams who need more capacity without worrying about per-user costs piling up.

  • Up to 50 enrolled servers
  • Priority email support
  • 3-node HA backend
Get started →

Scale

$30 / mo
$15 / mo
50% off while in beta - keep the 50% discount forever if you sign up during beta and stay subscribed
Up to 200 servers

For larger fleets. Fixed cost regardless of how many users are in your Identity Center.

  • Up to 200 enrolled servers
  • Priority email support
  • 3-node HA backend
Get started →

Enterprise

Custom
Unlimited servers

For large organizations with custom requirements. Get in touch and we'll put together a plan that fits.

  • Unlimited enrolled servers
  • Dedicated support
  • 3-node HA backend
  • Custom SLA available
  • Can be self-hosted
Contact us

Questions? Email us at info@dirless.com

FAQ

Common questions.

Everything you need to know about how Dirless works.

Read the FAQ →

Ready to ditch LDAP?

Enroll your first node in under a minute. No infrastructure changes required.

Create a free account → Talk to us
Built with · Crystal · AGE encryption · TrashPandaDB · Caddy · Atlantic.Net · RackNerd · Zoho Mail