Manualshelf

HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
51525354555657585960
NOTE:
The encryption cipher to use is set separately for each attribute, so attribute encryption is applied
to each attribute one at a time.
To remove encryption from attributes, select them from the list of encrypted attributes in the
Attribute Encryption table, and click the Delete button, then click Save to apply the changes.
Any deleted attributes have to be manually re-added after saving.
2.3.3.4 Configuring database encryption using the command line
1. Run the ldapmodify command:
ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com
2. Add an encryption entry for the attribute being encrypted. For example, this entry encrypts
the telephoneNumber attribute with the AES cipher:
dn: cn=telephoneNumber,cn=encrypted attributes,cn=Database1,cn=ldbm database,cn=plugins,cn=config
objectclass: top
objectclass: nsAttributeEncryption
cn: telephoneNumber
nsEncryptionAlgorithm: AES
3. For existing attributes in entries to be encrypted, the information must be exported, then
re-imported. See “Exporting and importing an encrypted database”.
2.3 Creating and maintaining databases 51