Database Plug-in Attributes
186 Red Hat Directory Server Configuration, Command, and File Reference • May 2005
within the database; encrypting them while they are stored adds another layer of
protection. This object class has one attribute,
nsEncryptionAlgorithm
, which
sets the encryption cipher used per attribute. Each encrypted attribute represents
a subentry under the above
cn=config
information tree nodes, as shown in
Figure 3-3.
Figure 3-3 Encrypted Attributes under the cn=config Node
For example, the database encryption file for the
userPassword
attribute under
o=UserRoot
would appear in the Directory Server as follows:
To configure database encryption, see “Database Encryption,” in chapter 3,
“Configuring Directory Databases,” in the Red Hat Directory Server Administrator’s
Guide. For more information about indexes, see in chapter 10, “Managing
Indexes,” in the Red Hat Directory Server Administrator’s Guide.
nsEncryptionAlgorithm
nsEncryptionAlgorithm
selects the cipher used by
nsAttributeEncryption
.
The algorithm can be set per encrypted attribute.
dn:cn=userPassword,cn=encrypted attributes,o=UserRoot,cn=ldbm
database,cn=plugins,cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn=userPassword
nsEncryptionAlgorithm:AES
Entry DN: cn=attributeName,cn=encrypted attributes,
cn=databaseName,cn=ldbm database,cn=plugins,cn=config
Valid Values: The following are supported ciphers:
•
Adavanced Encryption Standard Block Cipher
—
AES
•
Triple Data Encryption Standard Block Cipher
—
3DES
To Next Page
Loading...
