Red Hat Directory Server 8.0 Configuration, Command, and File Reference
Figure 3.3. Encrypted Attributes under the cn=config Node
For example, the database encryption file for the userPassword attribute under o=UserRoot
appears in the Directory Server as follows:
dn:cn=userPassword, cn=encrypted attributes,o=UserRoot, cn=ldbm database,
cn=plugins, cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn:userPassword
nsEncryptionAlgorithm:AES
To configure database encryption, see the "Database Encryption" section of the "Configuring
Directory Databases" chapter in the Directory Server Administrator's Guide. For more
information about indexes, refer to the "Managing Indexes" chapter in the Directory Server
Administrator's Guide.
4.8.1. nsEncryptionAlgorithm
nsEncryptionAlgorithm selects the cipher used by nsAttributeEncryption. The algorithm
can be set per encrypted attribute.
Parameter Description
Entry DN cn=attributeName, cn=encrypted attributes,
cn=databaseName, cn=ldbm database,
cn=plugins, cn=config
Valid Values The following are supported ciphers:
• Advanced Encryption Standard Block
Cipher (AES)
• Triple Data Encryption Standard Block
Cipher (3DES)
Default Value
Syntax DirectoryString
Example nsEncryptionAlgorithm: AES
Database Link Plug-in Attributes (Chaining
157