HP-UX Directory Server 8.1 configuration, command, and file reference
If the value of this attribute is changed, then the index must be regenerated using the db2index
command.
DescriptionParameter
cn=attribute_name, cn=index, cn=database_name, cn=ldbm database, cn=plugins,
cn=config
Entry DN
Any integerValid Values
3Default Value
IntegerSyntax
nsSubStrMiddle: 3Example
3.4.8 Database Attributes under cn=attributeName, cn=encrypted attributes,
cn=database_name, cn=ldbm database, cn=plugins, cn=config
The nsAttributeEncryption object class allows selective encryption of attributes within a
database. Extremely sensitive information such as credit card numbers and government
identification numbers may not be protected enough by routine access control measures. Normally,
these attribute values are stored in CLEAR within the database; encrypting them while they are
stored adds another layer of protection. This object class has one attribute,
nsEncryptionAlgorithm, which sets the encryption cipher used per attribute. Each encrypted
attribute represents a subentry under the above cn=config information tree nodes, as shown
in the following diagram:
Figure 3-3 Encrypted attributes under the cn=config node
For example, the database encryption file for the userPassword attribute under o=UserRoot
appears in the Directory Server as follows:
dn:cn=userPassword, cn=encrypted attributes,o=UserRoot, cn=ldbm database,
cn=plugins, cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn:userPassword
nsEncryptionAlgorithm:AES
To configure database encryption, see the "Database Encryption" section of the "Configuring
Directory Databases" chapter in the HP-UX Directory Server administrator guide. For more
information about indexes, refer to the "Managing Indexes" chapter in the HP-UX Directory Server
administrator guide.
152 Plug-in implemented server functionality reference