If you already have configured SSL on your Directory Server, just adding "nsslapd-encryptionalgorithm: AES" to cn=changelog5,cn=config turns on the changelog encryption.
Hi, Anyone know how to do? Stop the server, and add "nsencryptionalgorithm: AES" or "nsslapd-encryptionalgorithm: 3DES" to the changelog entry. The current supported encryption algorithms are AES and 3DES dn: cn=changelog5,cn=config objectClass: top objectClass: extensibleobject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-ID/db/changelog nsslapd-encryptionalgorithm: AES
Thanks,
Denise
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
nsSymmetricKey:: BASE64_STRING
And if you run, e.g., strings against to your changelog, the
attribute values are encrypted as follows:# strings 62a1c402-e47611e4-bcd98b6b-27e8b792_55301a33000000010000.dbPlease note that, the encryption starts on the changes made after the changelog encryption is enabled.
({replicageneration} 55301a33000000010000
5{replica 1} 55301a44000000010000 55301a44000000010000
0000014d000000000000
[...]
objectClass
_+7B
g`nT
givenName
userPassword
@~$a|F
creatorsName
h@3Z
modifiersName
h@3Z
[...]