1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 7.1 - DEPLOYMENT
  6. Deployment manual

Database Encryption - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Database Encryption

Watch out for overlapping ACIs. For example, if you have an ACI at your
directory root point that allows a group write access to the
givenName
access for just the
so that only one control grants the write access for the group.
As your directory grows more complicated, it becomes increasingly easy to
overlap accidentally ACIs in this manner. By avoiding ACI overlap, you make
your security management easier while potentially reducing the total number
of ACIs contained in your directory.
Name your ACIs.
While naming ACIs is optional, giving each ACI a short, meaningful name
helps you to manage your security model, especially when examining your
ACIs from the Directory Server Console.
Group your ACIs as closely together as possible within your directory.
Try to limit ACI placement to your directory root point and to major directory
branch points. Grouping ACIs helps you manage your total list of ACIs, as
well as helping you keep the total number of ACIs in your directory to a
minimum.
Avoid using double negatives, such as
equal to cn=Joe
Although this syntax is perfectly acceptable for the server, it's confusing for a
human administrator.
Database Encryption
Because information in a database is stored in plain text, some extremely sensitive
information, such as government identification numbers or passwords, may not
be protected enough by access control measures. It may be possible to gain access
to a server's persistent storage files, either by going directly through the
filesystem or by accessing discarded disk drives or archive tape.
Database encryption allows individual attributes to be encrypted as they are
stored in the database. When configured, every instance of a particular attribute,
even index data, will be encrypted and can only be accessed via a secure channel,
such as SSL/TLS.
For information on using database encryption, see chapter 3, "Configuring
Directory Databases," in the Red Hat Directory Server Administrator's Guide.
184
Red Hat Directory Server Deployment Guide • May 2005
attributes and another ACI that allows the same group write
attribute, then consider reworking your ACIs
commonName
.
commonName
deny write if the bind DN is not
and

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the DIRECTORY SERVER 7.1 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

This manual is also suitable for:

Directory server 7.1

Table of Contents