Table of Contents
Advertisement
Creating and Maintaining Databases
dn: cn=telephoneNumber,cn=encrypted
attributes,cn=Database1,cn=ldbm database, cn=plugins,cn=config
objectclass: top
objectclass: nsAttributeEncryption
cn: telephoneNumber
nsEncryptionAlgorithm: AES
NOTE
For more information on database encryption configuration schema, refer to
"Database Attributes under cn=attributeName,cn=encrypted
attributes,cn=database_name,cn= ldbm database,cn=plugins,cn=config" in the
Red Hat Directory Server Configuration, Command, and File Reference.
Exporting and Importing an Encrypted Database
Exporting and importing encrypted databases is a similar process to exporting
and importing regular databases. However, the encrypted information must be
decrypted when it is exported to LDIF, then re-encrypted when it is imported to
the database. Using the
will decrypt the data on export and re-encrypt it on import.
Export the data using the
1.
See "Exporting to LDIF from the Command-Line," on page 159, for more
information.
Make any configuration changes.
2.
Re-import the data using the
3.
See "Importing from the Command-Line," on page 153, for more information.
102
Red Hat Directory Server Administrator's Guide • May 2005
To enable database encryption on an attribute with existing stored
data, you have to export the database to LDIF first, then make the
configuration change, then re-import the data to the database. See
"Exporting and Importing an Encrypted Database," on page 102.
The server does not enforce consistency between encryption
configuration and stored data; therefore, pay careful attention that
all existing data are exported before enabling or disabling
encryption.
option when running the
-E
db2ldif -n Database1 -E -a output.ldif -s
"dc=example,dc=com" -s
ldif2db -n Database1 -E
-i /opt/redhat-ds/servers/slapd-dirserver/ldif/output.ldif
script, as follows:
db2ldif
"o=userRoot"
script, as follows:
ldif2db
and
db2ldif
ldif2db
scripts
Advertisement
Table of Contents
Troubleshooting
