On 06/05/2013 11:07 AM, Denise Cosso wrote:
Hi,

Anyone know how to do?

 Stop the server, and add "nsencryptionalgorithm: AES" or 
"nsslapd-encryptionalgorithm: 3DES" to the changelog entry.  The current
 supported encryption algorithms are AES and 3DES

dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleobject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-ID/db/changelog
nsslapd-encryptionalgorithm: AES
Thanks,

Denise


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
If you already have configured SSL on your Directory Server, just adding "nsslapd-encryptionalgorithm: AES" to cn=changelog5,cn=config turns on the changelog encryption.

Then, please restart the server.  You'd be able to see this attribute in your cn=changelog5.
nsSymmetricKey:: BASE64_STRING
And if you run, e.g., strings against to your changelog, the attribute values are encrypted as follows:
# strings 62a1c402-e47611e4-bcd98b6b-27e8b792_55301a33000000010000.db
({replicageneration} 55301a33000000010000
5{replica 1} 55301a44000000010000 55301a44000000010000
0000014d000000000000
[...]
objectClass
_+7B
g`nT
givenName
userPassword
@~$a|F
creatorsName
h@3Z
modifiersName
h@3Z
[...]
Please note that, the encryption starts on the changes made after the changelog encryption is enabled.
Thanks,
--noriko