HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3332, November 2013)
NOTE:
The encryption cipher to use is set separately for each attribute, so attribute encryption is applied
to each attribute one at a time.
To remove encryption from attributes, select them from the list of encrypted attributes in the Attribute
Encryption table, and click the Delete button, then click Save to apply the changes. Any deleted
attributes have to be manually re-added after saving.
Configuring database encryption using the command line
1. Run the ldapmodify command:
ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com
2. Add an encryption entry for the attribute being encrypted. For example, this entry encrypts
the telephoneNumber attribute with the AES cipher:
dn: cn=telephoneNumber,cn=encrypted attributes,cn=Database1,cn=ldbm database,cn=plugins,cn=config
objectclass: top
objectclass: nsAttributeEncryption
cn: telephoneNumber
nsEncryptionAlgorithm: AES
3. For existing attributes in entries to be encrypted, the information must be exported, then
re-imported. See “Exporting and importing an encrypted database” (page 51).
50 Configuring Directory Databases