|
On 06/05/2013 11:07 AM, Denise Cosso
wrote:
Hi,
Anyone know how to do?
Stop the server, and add "nsencryptionalgorithm: AES" or
"nsslapd-encryptionalgorithm: 3DES" to the changelog entry. The current
supported encryption algorithms are AES and 3DES
dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleobject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-ID/db/changelog
nsslapd-encryptionalgorithm: AES
Thanks,
Denise
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
If you already have configured SSL on your Directory Server, just
adding "nsslapd-encryptionalgorithm: AES" to cn=changelog5,cn=config
turns on the changelog encryption.
Then, please restart the server. You'd be able to see this
attribute in your cn=changelog5.
nsSymmetricKey:: BASE64_STRING
And if you run, e.g., strings against to your changelog, the
attribute values are encrypted as follows:
# strings
62a1c402-e47611e4-bcd98b6b-27e8b792_55301a33000000010000.db
({replicageneration} 55301a33000000010000
5{replica 1} 55301a44000000010000 55301a44000000010000
0000014d000000000000
[...]
objectClass
_+7B
g`nT
givenName
userPassword
@~$a|F
creatorsName
h@3Z
modifiersName
h@3Z
[...]
Please note that, the encryption starts on the changes made after
the changelog encryption is enabled.
Thanks,
--noriko
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
