[GH-ISSUE #575] Customize (audit) logging for login events #208

New issue

Closed

opened 2026-02-27 08:15:53 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 08:15:53 +03:00

Owner

Originally created by @Phype on GitHub (May 11, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/575

Would it be possible to add support for logging login-events (from both LDAP and HTTP interfaces) for log-review, ie. as a centralized source of security events from multiple connected applications?
For HTTP this is pretty straight-forward and for LDAP, one could just log LDAP BIND operations, which are equivalent with someone attempting to log in at a connected application.

I could potentially create a PR which just logs these events to stdout, but i'm unsure whether this would integrate with https://github.com/lldap/lldap/issues/17 and it should probably be configurable too.

Originally created by @Phype on GitHub (May 11, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/575 Would it be possible to add support for logging login-events (from both LDAP and HTTP interfaces) for log-review, ie. as a centralized source of security events from multiple connected applications? For HTTP this is pretty straight-forward and for LDAP, one could just log LDAP BIND operations, which are equivalent with someone attempting to log in at a connected application. I could potentially create a PR which just logs these events to stdout, but i'm unsure whether this would integrate with https://github.com/lldap/lldap/issues/17 and it should probably be configurable too.

kerem

2026-02-27 08:15:53 +03:00

closed this issue
added the
enhancement

question
labels

kerem commented

2026-02-27 08:15:54 +03:00

Author

Owner

@nitnelave commented on GitHub (May 12, 2023):

Hmm, assuming that the HTTP login events had the username (the LDAP ones already do), could you do with the existing log? I think with some grep it should be possible to extract the login events from the logs.

This is not a use case that is high in my priority list, I'm not sure I want to complexify the software to support it.

@nitnelave commented on GitHub (May 12, 2023): Hmm, assuming that the HTTP login events had the username (the LDAP ones already do), could you do with the existing log? I think with some grep it should be possible to extract the login events from the logs. This is not a use case that is high in my priority list, I'm not sure I want to complexify the software to support it.

kerem commented

2026-02-27 08:15:54 +03:00

Author

Owner

@nitnelave commented on GitHub (Jan 22, 2024):

I'm going to close this as out-of-scope but implementable as a plugin once we have #714 (in the distant future).

@nitnelave commented on GitHub (Jan 22, 2024): I'm going to close this as out-of-scope but implementable as a plugin once we have #714 (in the distant future).

kerem commented

2026-02-27 08:15:54 +03:00

Author

Owner

@kar0t commented on GitHub (Apr 30, 2025):

Hi, ALL. We need customizable logging system for meet enterprise-level security constraint.
Should I solve #714 first?

@kar0t commented on GitHub (Apr 30, 2025): Hi, ALL. We need customizable logging system for meet enterprise-level security constraint. Should I solve #714 first?

kerem commented

2026-02-27 08:15:54 +03:00

Author

Owner

@nitnelave commented on GitHub (Apr 30, 2025):

#714 should indeed provide what you need. It's being actively worked on, there should be significant development in the next few weeks.

@nitnelave commented on GitHub (Apr 30, 2025): #714 should indeed provide what you need. It's being actively worked on, there should be significant development in the next few weeks.

kerem referenced this issue

2026-02-27 08:18:12 +03:00

[PR #208] [MERGED] set lldap to run rootless, using user 1000 #617