Data Encryption allows to configure attribute encryption.
A description of each property follows.
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ attribute-encryption-include | None |
| ↓ enabled | |
| ↓ encrypted-suffix | |
| ↓ encryption-algorithm |
| Description | Allows to define some attributes to encrypt in all entries that are under the defined suffixes. Defines one attribute to encrypt per attribute-encryption-include attribute value. The defined attribute is encrypted in all entries under the defined suffixes (using encrypted-suffix). No other attributes than the ones defined here are encrypted. If attribute-encryption-include is defined, encryption-algorithm may be defined to tell the encryption algorithm to use. |
|---|---|
| Default Value | None |
| Allowed Values | The name of an attribute type defined in the server schema. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None. Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. If changes are made, one should export and re-import data, to have encrypted attributes consistent with the configuration. |
| Advanced Property | No |
| Read-only | No |
| Description | Indicates whether the Data Encryption is enabled. |
|---|---|
| Default Value | false |
| Allowed Values | true false |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None. Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. If changed, one should export and re-import data, to have encrypted attributes consistent with the configuration. |
| Advanced Property | No |
| Read-only | No |
| Description | Allows to define the suffixes in which the encryption should occur. The attribute encryption occurs only on entries that are under the suffixes defined here. If no suffix is specified, any available suffix in the server is subject to encryption. Warning: this must be a suffix (supported by a backend) and not any DN. For instance if you have a backend with dc=example,dc=com as a suffix, you can specify to encrypt all entries under dc=example,dc=com but not under ou=people,dc=example,dc=com only. |
|---|---|
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None. Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. If changes are made, one should export and re-import data, to have encrypted attributes consistent with the configuration. |
| Advanced Property | No |
| Read-only | No |
| Description | Algorithm used for attribute encryption. This specifies the algorithm used for attribute encryption. The default algorithm is aes-128. |
|---|---|
| Default Value | aes-128 |
| Allowed Values | aes-128 - Value for the AES algorithm with a 128 bit key. aes-256 - Value for the AES algorithm with a 256 bit key. blowfish-128 - Value for the blowfish algorithm with a 128 bit key. rc4-128 - Value for the RC4 algorithm with a 128 bit key. triple-des-168 - Value for the 3DES algorithm with a 168 bit key. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None. Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. If changes are made, one should export and re-import data, to have encrypted attributes consistent with the configuration. |
| Advanced Property | No |
| Read-only | No |