Show Table of Contents
10.4. Configuring Attribute Encryption Using the Command Line
- Run the
ldapmodifycommand:# ldapmodify
-a-D "cn=Directory Manager" -W -p 389 -h server.example.com -x - Add an encryption entry for the attribute being encrypted. For example, this entry encrypts the
telephoneNumberattribute with the AES cipher:dn: cn=telephoneNumber,cn=encrypted attributes,cn=Database1,cn=ldbm database,cn=plugins,cn=config changetype: add objectclass: top objectclass: nsAttributeEncryption cn: telephoneNumber nsEncryptionAlgorithm: AES
- For existing attributes in entries to be encrypted, the information must be exported, then re-imported. See Section 10.7, “Exporting and Importing an Encrypted Database”.
For more information on attribute encryption configuration schema, see "Database Attributes under cn=attributeName,cn=encrypted attributes,cn=database_name,cn=ldbm database,cn=plugins,cn=config" in the Red Hat Directory Server Configuration, Command, and File Reference.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.