Red Hat 8.1 사용자 설명서
Chapter 3. Plug-in Implemented Server Functionality Reference
194
Parameter
Description
Entry DN
cn=attribute_name, cn=index,
cn=database_name, cn=ldbm database,
cn=plugins, cn=config
cn=database_name, cn=ldbm database,
cn=plugins, cn=config
Valid Values
Any integer
Default Value
3
Syntax
Integer
Example
nsSubStrMiddle: 3
3.4.8. Database Attributes under cn=attributeName, cn=encrypted
attributes, cn=database_name, cn=ldbm database, cn=plugins,
cn=config
The nsAttributeEncryption object class allows selective encryption of attributes within a
database. Extremely sensitive information such as credit card numbers and government identification
numbers may not be protected enough by routine access control measures. Normally, these attribute
values are stored in CLEAR within the database; encrypting them while they are stored adds another
layer of protection. This object class has one attribute, nsEncryptionAlgorithm, which sets the
encryption cipher used per attribute. Each encrypted attribute represents a subentry under the above
cn=config
database. Extremely sensitive information such as credit card numbers and government identification
numbers may not be protected enough by routine access control measures. Normally, these attribute
values are stored in CLEAR within the database; encrypting them while they are stored adds another
layer of protection. This object class has one attribute, nsEncryptionAlgorithm, which sets the
encryption cipher used per attribute. Each encrypted attribute represents a subentry under the above
cn=config
information tree nodes, as shown in the following diagram:
Figure 3.3. Encrypted Attributes under the cn=config Node
For example, the database encryption file for the userPassword attribute under o=UserRoot
appears in the Directory Server as follows:
appears in the Directory Server as follows:
dn:cn=userPassword, cn=encrypted attributes,o=UserRoot, cn=ldbm database,
cn=plugins, cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn:userPassword
nsEncryptionAlgorithm:AES
cn=plugins, cn=config
objectclass:top
objectclass:nsAttributeEncryption
cn:userPassword
nsEncryptionAlgorithm:AES
To configure database encryption, see the "Database Encryption" section of the "Configuring Directory
Databases" chapter in the Directory Server Administrator's Guide. For more information about
indexes, refer to the "Managing Indexes" chapter in the Directory Server Administrator's Guide.
Databases" chapter in the Directory Server Administrator's Guide. For more information about
indexes, refer to the "Managing Indexes" chapter in the Directory Server Administrator's Guide.