... | ... | @@ -888,8 +888,11 @@ label. |
|
|
|
|
|
## Logs and metrics
|
|
|
|
|
|
<!-- where are the logs? how long are they kept? any PII? -->
|
|
|
<!-- what about performance metrics? same questions -->
|
|
|
The LDAP directory holds a list of usernames, email addresses, real
|
|
|
names, and possibly even physical locations. This information gets
|
|
|
destroyed when a user is completely removed but can be kept
|
|
|
indefinitely for locked out users.
|
|
|
|
|
|
`ud-ldap` keeps a full copy of all emails sent to
|
|
|
`changes@db.torproject.org`, `ping@torproject.org` and
|
|
|
`chpass@torproject.org` in `/srv/db.torproject.org/mail-logs/`. This
|
... | ... | @@ -897,6 +900,8 @@ includes personnally identifiable information (PII) like `Received-by` |
|
|
headers (which may include user's IP addresses), user's email
|
|
|
addresses, SSH public keys, hashed sudo passwords, and junk mail.
|
|
|
|
|
|
TODO: expand. slapd logs? web interface?
|
|
|
|
|
|
## Backups
|
|
|
|
|
|
There's no special backup procedures for the LDAP server, it is
|
... | ... | |