On 8/18/20 9:13 AM, Jan Tomasek wrote:
Hi Mark,Looks like you are all good then...
On 8/18/20 2:56 PM, Mark Reynolds wrote:
The best option would be config option to disable attribute encryption for all databases but I failed to find if it is possible.
You have to delete each attribute that was configured for attribute encryption (like what you did above, but you cna also use the CLI tools):
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/configuring_attribute_encryption#disabling_encryption_for_an_attribute_using_the_command_line
I didn't explicitly configure any attribute for encryption. But server any way creates encryption keys.
When I try:
# dsconf cml3 backend attr-encrypt --list dc=cesnet,dc=cz
There are no encrypted attributes for this backend
Also:
# ldapsearch -H ldap://localhost -D "cn=Directory Manager" -W -LLL -o ldif-wrap=no -b "cn=ldbm database,cn=plugins,cn=config" "(objectClass=nsAttributeEncryption)"
Enter LDAP Password:
#
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 389 Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx