Ryan Braun [ADS] wrote:
I think reversible attribute encryption creates some config entries under the parent database entry in dse.ldif (cn=config) - I think you just have to remove those entries. Of course, if you do this, and you have used reversible attribute encryption, your encrypted attribute values will be lost forever.On Thursday 11 September 2008 15:44, Rich Megginson wrote:So I'm wondering if I need to somehow reinit some of the encryption keys? Or maybe I missed a step for replacing a Server-Cert? But from the docsit looks like a straight forward turn off fds, remove old cert, create/import new cert (with same name), restart fds.Unfortunately, those keys were encrypted with the old key/cert. But as long as you don't want to use reversible attribute encryption, you can ignore those messages.For the sake of argument and potential future issues ( I don't know enough about how the whole encryption system works unfortunately ), lets say I did want to use reversible attribute encryption :)
Ryan -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
