beautypg.com

Nsattributeencryption (object class), Nsencryptionalgorithm – Red Hat 8.1 User Manual

Page 140

background image

Example

nsSubStrMiddle: 3

3.4 .8. Database Attributes under cn=attributeName, cn=encrypted attributes,
cn=database_name, cn=ldbm database, cn=plugins, cn=config

The nsAttributeEncryption object class allows selective encryption of attributes within a database.
Extremely sensitive information such as credit card numbers and government identification numbers may
not be protected enough by routine access control measures. Normally, these attribute values are
stored in CLEAR within the database; encrypting them while they are stored adds another layer of
protection. This object class has one attribute, nsEncryptionAlgorithm, which sets the encryption
cipher used per attribute. Each encrypted attribute represents a subentry under the above cn=config
information tree nodes, as shown in the following diagram:

Figure 3.3. Encrypted Attributes under the cn=config Node

For example, the database encryption file for the userPassword attribute under o=UserRoot appears in
the Directory Server as follows:

dn:cn=userPassword, cn=encrypted attributes,o=UserRoot, cn=ldbm database,
cn=plugins, cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn:userPassword
nsEncryptionAlgorithm:AES

To configure database encryption, see the "Database Encryption" section of the "Configuring Directory
Databases" chapter in the Directory Server Administrator's Guide. For more information about indexes,
refer to the "Managing Indexes" chapter in the Directory Server Administrator's Guide.

3.4 .8.1. nsAttributeEncryption (Object Class)

This object class is used for core configuration entries which identify and encrypt selected attributes
within a Directory Server database.

This object class is defined in Directory Server.

Superior Class

top

OID

2.16.840.1.113730.3.2.316

Required Attributes

objectClass

Defines the object classes for the entry.

cn

Specifies the attribute being encrypted using its
common name.

nsEncryptionAlgorithm

The encryption cipher used.

3.4 .8.2. nsEncryptionAlgorithm

nsEncryptionAlgorithm selects the cipher used by nsAttributeEncryption. The algorithm can be
set per encrypted attribute.

Parameter

Description

Entry DN

cn=attributeName, cn=encrypted attributes,
cn=databaseName, cn=ldbm database,
cn=plugins, cn=config

Valid Values

The following are supported ciphers:

Advanced Encryption Standard Block Cipher
(AES)

14 0

Chapter 3. Plug-in Implemented Server Functionality Reference