Improve LDAP logging
Open, MediumPublic
Actions

Assigned To

None

Authored By

	herron
	Jan 23 2019, 4:43 PM

Description

During the Security/Logging meeting on 01/22/2019 (notes captured in https://wikitech.wikimedia.org/wiki/Security/logging) a request was made to review and improve the logging and auditing capabilities of the LDAP directory servers used by WMF infrastructure. This is a parent task to review possible solutions and track progress.

A first stab at the steps involved are:

Describe events that should be logged
Review possible changes to the directory servers to generate needed audit logs
Ensure that the logs are written and shipped in a durable way, such that they can be replied on when needed in the future
Define retention period for this log type
Parse logs to generate actionable alerts where appropriate

Event Timeline

herron triaged this task as Medium priority.Jan 23 2019, 4:43 PM

herron created this task.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 23 2019, 4:43 PM

http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies (specifically sections 12.2 and 12.10) outline some possibilities for audit logging and password policy that could be useful here

Peachey88 added a project: LDAP.Feb 3 2019, 11:13 AM

• JBennett moved this task from Incoming to Watching on the Security-Team board.Oct 4 2019, 4:34 PM

Htriedman removed a project: Security-Team.Oct 13 2021, 7:33 PM

jbond edited projects, added Infrastructure Security, Observability-Logging; removed SRE.May 23 2023, 12:08 PM

MoritzMuehlenhoff added a project: Infrastructure-Foundations.May 26 2023, 11:05 AM

lmata moved this task from Inbox to Radar on the Observability-Logging board.May 30 2023, 12:58 PM

Improve LDAP loggingOpen, MediumPublicActions

Description

Event Timeline

Improve LDAP logging
Open, MediumPublic
Actions