If the value of this attribute is changed, then the index must be regenerated using the db2index command.

Parameter

Description

Entry DN

cn=attribute_name, cn=index, cn=database_name, cn=ldbm database, cn=plugins,

 

cn=config

Valid Values

Any integer

Default Value

3

Syntax

Integer

Example

nsSubStrMiddle: 3

3.4.8Database Attributes under cn=attributeName, cn=encrypted attributes, cn=database_name, cn=ldbm database, cn=plugins, cn=config

The nsAttributeEncryption object class allows selective encryption of attributes within a database. Extremely sensitive information such as credit card numbers and government identification numbers may not be protected enough by routine access control measures. Normally, these attribute values are stored in CLEAR within the database; encrypting them while they are stored adds another layer of protection. This object class has one attribute, nsEncryptionAlgorithm, which sets the encryption cipher used per attribute. Each encrypted attribute represents a subentry under the above cn=config information tree nodes, as shown in the following diagram:

Figure 3-3 Encrypted attributes under the cn=config node

For example, the database encryption file for the userPassword attribute under o=UserRoot appears in the Directory Server as follows:

dn:cn=userPassword, cn=encrypted attributes,o=UserRoot, cn=ldbm database, cn=plugins, cn=config

objectclass:top

objectclass:nsAttributeEncryption

cn:userPassword

nsEncryptionAlgorithm:AES

To configure database encryption, see the "Database Encryption" section of the "Configuring Directory Databases" chapter in the HP-UX Directory Server administrator guide. For more information about indexes, refer to the "Managing Indexes" chapter in the HP-UX Directory Server administrator guide.

152 Plug-in implemented server functionality reference

Page 152
Image 152
HP UX Identity Security Software manual Encrypted attributes under the cn=config node