Exporting And Importing An Encrypted Database - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 3. Configuring Directory Databases
To remove encryption from attributes, select them from the list of encrypted attributes in the Attribute
Encryption table, and hit the Delete button, then hit Save to apply the changes. Any deleted
attributes have to be manually re-added after saving.
3.2.3.4. Configuring Database Encryption Using the Command Line
1. Run the ldapmodify command
ldapmodify -a -p 389 -D "cn=directory manager" -w secret -h us.example.com
2. Add an encryption entry for the attribute being encrypted. For example, this entry encrypts the
telephoneNumber attribute with the AES cipher:
dn: cn=telephoneNumber,cn=encrypted attributes,cn=Database1,cn=ldbm
database,cn=plugins,cn=config
objectclass: top
objectclass: nsAttributeEncryption
cn: telephoneNumber
nsEncryptionAlgorithm: AES
3. For existing attributes in entries to be encrypted, the information must be exported, then re-
Section 3.2.3.5, "Exporting and Importing an Encrypted
imported. See
For more information on database encryption configuration schema, refer to "Database
Attributes under cn=attributeName,cn=encrypted attributes,cn=database_name,cn=ldbm
database,cn=plugins,cn=config" in the Directory Server Configuration, Command, and File Reference.
3.2.3.5. Exporting and Importing an Encrypted Database
Exporting and importing encrypted databases is similar to exporting and importing regular databases.
However, the encrypted information must be decrypted when it is exported to LDIF, then re-encrypted
when it is imported to the database. Using the -E option when running the db2ldif and ldif2db
scripts will decrypt the data on export and re-encrypt it on import.
1. Export the data using the db2ldif script, as follows:
db2ldif -n Database1 -E -a /path/to/output.ldif -s "dc=example,dc=com" -s "o=userRoot"
Section 4.2.3, "Exporting to LDIF from the Command-Line"
See
2. Make any configuration changes.
3. Re-import the data using the ldif2db script, as follows:
ldif2db -n Database1 -E -i /path/to/output.ldif
Section 4.1.4, "Importing from the Command-Line"
See
NOTE
When enabling encryption for data that is already present in the the database, several
additional security concerns arise:
56
1
:
for more information.
Database".
for more information.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers