Red Hat DIRECTORY SERVER 7.1 SP7 - S Guía para resolver problemas descargar pdf (Pagina 105)

Encrypting Data in eDirectory 105

Possible Cause

If the parent partition has pre-eDirectory 8.8 servers (mixed version ring) and if the child partition

has ER enabled, the merge and/or join partition operations would be disallowed and the

ERR_INCOMPATIBLE_DS_VERSION error will be returned.

The reason for this is that the child partition contains sensitive data with ER enabled at the partition

level and the parent partition having pre-eDirectory 8.8 server. With ER enabled only between

eDirectory 8.8 servers, on merging, sensitive data is exposed when replicating to pre-eDirectory 8.8

servers.

Action

1. Upgrade the server to a compatible version of eDirectory.

2. Disable ER at the parent or child partition.

NOTE: On disabling ER, replication will happen in the clear text form.

20.2 Problem With Duplicate Encryption Algorithms

If you add an attribute for encryption using LDIF, do not associate duplicate algorithms with one

attribute.

For example, marking title as an encrypted attribute with AES and DES encryption algorithms makes

it unclear as to which algorithm is ultimately considered. Each time when limber is run it appears the

title attribute toggles between AES and DES. Therefore, it seems as though there were some

configuration changes.

To prevent such scenarios, we recommend you to avoid duplicate algorithms been assigned to the

same attribute.

This does not happen if you mark an attribute for encryption using iManager.

20.3 Encryption of Stream Attributes

Stream attributes might be present as clear text data. This is because eDirectory 8.8 does not encrypt

stream attributes.

20.4 Configuring Encrypted Replication through iManager

You cannot configure encrypted replication through iManager if any server in the replica ring is

down.

1 2 ... 100 101 102 103 104 105 106 107 108 109 110 ... 119 120

Sin comentarios

Red Hat DIRECTORY SERVER 7.1 SP7 - S Guía para resolver problemas Pagina 105