Maniphest T320431

IDM: Central logging on all changes
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MoritzMuehlenhoff
	Oct 10 2022, 2:56 PM

Description

We should implement a central logging facility of all changes, so that we have a central audit trail of which account changes were triggered when, what and by whom. Logs should be rotated using Logrotate and we should also add them to backups.

For LDAP changes we can probably hook into the existing logging of the LDAP library for managing users and groups, but in addition we also need to include some additional level of detail (e.g. triggered by admin changes).

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	C:idm::deployment logrotation for Django logs.	operations/puppet	production	+22 -3

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T189531 All Wikimedia developer services should use single sign-on
Resolved		None	T161859 Make Wikitech an SUL wiki
Duplicate		None	T367287 Update Wikitech's LDAP credentials to be read-only
Resolved	PRODUCTION ERROR	Tgr	T195253 Special:Notifications gives a consistent PHP exception on load ("The trash icon is not registered") for users with OpenStackManager notifications
Open		None	T106123 Extensions needing to be removed from Wikimedia wikis
Resolved	Request	None	T367220 Archive the OpenStackManager extension
Resolved		taavi	T161553 Remove OpenStackManager from Wikitech
Resolved		taavi	T196171 Developer account creation without OpenStackManager
Declined		None	T179463 Create a single application to provision and manage developer (LDAP) accounts
Resolved		None	T319405 Create an IDM for Wikimedia developer accounts
Resolved		SLyngshede-WMF	T319407 IDM milestone 1 "Initial development work"
Resolved		SLyngshede-WMF	T320431 IDM: Central logging on all changes