If the value of this attribute is changed, then the index must be regenerated using the db2index command.
Parameter | Description |
Entry DN | cn=attribute_name, cn=index, cn=database_name, cn=ldbm database, cn=plugins, |
| cn=config |
|
|
Valid Values | Any integer |
|
|
Default Value | 3 |
|
|
Syntax | Integer |
|
|
Example | nsSubStrMiddle: 3 |
|
|
3.4.8Database Attributes under cn=attributeName, cn=encrypted attributes, cn=database_name, cn=ldbm database, cn=plugins, cn=config
The nsAttributeEncryption object class allows selective encryption of attributes within a database. Extremely sensitive information such as credit card numbers and government identification numbers may not be protected enough by routine access control measures. Normally, these attribute values are stored in CLEAR within the database; encrypting them while they are stored adds another layer of protection. This object class has one attribute, nsEncryptionAlgorithm, which sets the encryption cipher used per attribute. Each encrypted attribute represents a subentry under the above cn=config information tree nodes, as shown in the following diagram:
Figure
For example, the database encryption file for the userPassword attribute under o=UserRoot appears in the Directory Server as follows:
dn:cn=userPassword, cn=encrypted attributes,o=UserRoot, cn=ldbm database, cn=plugins, cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn:userPassword
nsEncryptionAlgorithm:AES
To configure database encryption, see the "Database Encryption" section of the "Configuring Directory Databases" chapter in the
152