On 06/05/2013 11:07 AM, Denise Cosso wrote:
Hi,
Anyone know how to do?
Stop the server, and add "nsencryptionalgorithm: AES" or "nsslapd-encryptionalgorithm: 3DES" to the changelog entry. The current supported encryption algorithms are AES and 3DES
dn: cn=changelog5,cn=config objectClass: top objectClass: extensibleobject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-ID/db/changelog *nsslapd-encryptionalgorithm: AES* Thanks,
Denise
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
If you already have configured SSL on your Directory Server, just adding "nsslapd-encryptionalgorithm: AES" to cn=changelog5,cn=config turns on the changelog encryption.*
*Then, please restart the server. You'd be able to see this attribute in your cn=changelog5.
|nsSymmetricKey:: BASE64_STRING|
And if you run, e.g., strings against to your changelog, the attribute values are encrypted as follows:
# strings 62a1c402-e47611e4-bcd98b6b-27e8b792_55301a33000000010000.db ({replicageneration} 55301a33000000010000 5{replica 1} 55301a44000000010000 55301a44000000010000 0000014d000000000000 [...] objectClass _+7B g`nT givenName userPassword @~$a|F creatorsName h@3Z modifiersName h@3Z [...]
Please note that, the encryption starts on the changes made after the changelog encryption is enabled.* *Thanks, --noriko*
*