10.6. General Considerations after Enabling Attribute Encryption
- Unencrypted data can persist in the server's database page pool backing file. To remove this data:
- Stop the instance:
# systemctl stop dirsrv@instance_name
- Delete the
# rm /var/lib/dirsrv/slapd-instance_name/db/guardian
- Start the instance:
# systemctl start dirsrv@instance_name
- After you enabled encryption and successfully imported the data, delete the LDIF file with the unencrypted data.
- After enabling encryption, the Directory Server deletes and creates a new database when re-importing the data.
- The replication log file is not encrypted. To protect this data, store it on an encrypted disk.
- Data in the server's memory (RAM) is unencrypted and can be temporarily stored in swap partitions. To protect this data, set up encrypted swap space.