Audit events for changes to LDAP group sync settings and filters
Problem to solve
Audit events for changes to LDAP group sync filters.
Further details
As a large enterprise with compliance audit requirements, we must keep an immutable audit log of all changes to workflow and permissions in our systems. For permissions in GitLab, we use LDAP group sync across a large number of groups, each with their own LDAP filter defining who has access. The key component of auditing this is to know anytime the LDAP filter for a group or project has been changed. At this time we do not need to log changes to the membership (who is returned in those filters).
What does success look like, and how can we measure that?
| Author | Action | Target | IP Address | At |
|---|---|---|---|---|
| Joe Smith | Group link for GROUP updated: LDAP Group CN now linked with LDAP Access | {Group_Name} | 127.0.0.1 | 2018-10-22 14:11:13 UTC |
| Joe Smith | Group link for GROUP updated: LDAP Group CN now linked with LDAP Access | {Group_Name} | 127.0.0.1 | 2018-10-22 14:11:13 UTC |
| Joe Smith | Group link for GROUP updated: LDAP Group CN now linked with LDAP Access | {Group_Name} | 127.0.0.1 | 2018-10-22 14:11:13 UTC |
Links / references
https://docs.gitlab.com/ee/administration/auth/how_to_configure_ldap_gitlab_ee/