Develop / Release the "audit" portion of IPA

Solution Verified - Updated -

Issue

  • Customer would like to have audit functionality in IPA
  • [RFE] Basic IdM log feature is missing
  • We know that the Audit part of the IPA product is no longer in the short/medium term roadmap, but we really think at least some basic log for "ipa events" should be included.
  • The idea is to have a log file where ipa commands are logged, example of these events are:
    • Loggin to the webui
    • An $object is created via webui or ipa command
    • An $object is modified via webui or ipa command
    • An $object is deleted via webui or ipa command
    • A change in the ipa server configuration
    • Policy changes
  • And the information relevant to those events: Who, What, When
  • Some of the information can be somehow found in the 389 DS or KDC logs, but not all details are available. For example, any change to a user data will be seen as a MOD operation in the LDAP logs, but there is no way to see which item was changed.

Environment

  • Red Hat Enterprise Linux
  • Identity-Management

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.