Red Hat Directory Server 8.0 Configuration, Command, and File Reference
Figure 3.2. Indexed Attribute Representing a Subentry
For example, the index file for the aci attribute under o=UserRoot appears in the Directory
Server as follows:
dn:cn=aci, cn=index, cn=UserRoot, cn=ldbm database, cn=plugins, cn=config
objectclass:top
objectclass:nsIndex
cn:aci
nssystemindex:true
nsindextype:pres
For details regarding the five possible indexing attributes, see the section Section 4.5,
“Database Attributes under cn=default indexes, cn=config, cn=ldbm database, cn=plugins,
cn=config”. For further information about indexes, refer to the "Managing Indexes" chapter in the
Directory Server Administrator's Guide.
4.8. Database Attributes under cn=attributeName, cn=encrypted
attributes, cn=database_name, cn=ldbm database, cn=plugins,
cn=config
The nsAttributeEncryption object class allows selective encryption of attributes within a
database. Extremely sensitive information such as credit card numbers and government
identification numbers may not be protected enough by routine access control measures.
Normally, these attribute values are stored in CLEAR within the database; encrypting them
while they are stored adds another layer of protection. This object class has one attribute,
nsEncryptionAlgorithm, which sets the encryption cipher used per attribute. Each encrypted
attribute represents a subentry under the above cn=config information tree nodes, as shown in
the following diagram:
Chapter 3. Plug-in Implemented Server Functionality Reference
156