For each executed command in server context, send the information about the command to the systemd journal. The resulting string is similar to what is recorded in httpd's error_log for API requests coming through the RPC layer.
In server mode operations are performed directly on the server over LDAPI unix domain socket, so httpd end-point is not used and therefore operations aren't recorded in the error_log. httpd end-point internally also uses the server context, thus all externally performed IPA API requests would also be recorded in the system journal.
PR: https://github.com/freeipa/freeipa/pull/7335
Moved API audit into a separate PR: https://github.com/freeipa/freeipa/pull/7348
master:
ipa-4-11:
ipa-4-10:
ipa-4-9:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @abbra: - Custom field changelog adjusted to FreeIPA now audits all IPA API calls through systemd journal on IPA servers. For details please see design page https://freeipa.readthedocs.io/en/latest/designs/audit-ipa-api.html
Log in to comment on this ticket.