To Configure Attribute Encryption
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
-
If the suffix on which you want to configure attribute encryption contains any entries whatsoever, you must first export the contents of that suffix to an LDIF file.
If the suffix contains encrypted attributes and you plan to re-initialize the suffix using the exported LDIF file, you can leave the attributes encrypted in the exported LDIF .
-
To enable encryption for an attribute, use this command:
$ dsconf create-encrypted-attr -h host -p port suffix-DN attr-name cipher-name
where cipher-name is one of the following:
-
des - DES block cipher
-
des3 - Triple-DES block cipher
-
rc2 - RC2 block cipher
-
rc4 - RC4 stream cipher
For example:
$ dsconf create-encrypted-attr -h host1 -p 1389 dc=example,dc=com uid rc4
-
-
Initialize the suffix with an LDIF file as described in Initializing a Suffix.
Note –If you are importing the LDIF file using the dsadm import command, you must use the -y option. The dsconf import command does not require to use the -y option.
As the file is loaded and the corresponding indexes are created, all values of the specified attributes will be encrypted.
- © 2010, Oracle Corporation and/or its affiliates