Encrypting Data In eDirectory 247novdocx (en) 11 July 2008Viewing Encrypted Attributes Using DSBrowseIf you have enabled the Always Require Secure Channel option, that is, if a secure channel is alwaysrequired to access the encrypted attributes, you cannot view those attributes of the entry that aremarked for encryption. However, you can view the other attributes of the entry that are notencrypted.SNMP TrapsNDS ® Value Events are blocked if you have specified that you always need a secure channel toaccess the encrypted attributes. Traps that are related to value events have value data as NULL andthe result will be set to -6089, which indicates that you need a secure channel to get the encryptedattribute value. The following traps have the value data as NULL: ndsAddValue ndsDeleteValue ndsDeleteAttribute10.1.5 Encrypting and Decrypting Backup DataWhile backing up data on a server that has attributes marked for encryption, you are prompted toprovide a password to encrypt or decrypt backup data. The -E option in the ndsbackup utilityfacilitates this. For more information, refer to the ndsbackup manpage.For more information on backing up your data, refer to Chapter 16, “Backing Up and RestoringNovell eDirectory,” on page 421.10.1.6 Cloning the DIB Fileset Containing Encrypted AttributesWhile cloning, if the eDirectory database contains encrypted attributes in it, then the cloned DIBfileset will also have these attribute values encrypted. You need to set a password to secure the keyused by eDirectory to encrypt the values in the cloned DIB fileset. When you place the cloned DIBfileset on another server, you will be asked to provide this password.For more information, refer to “Clone DIB Set” on page 217.10.1.7 Adding eDirectory 8.8 Servers to Replica RingsYou can add eDirectory 8.8 servers to replica rings irrespective of whether the attributes are markedfor encryption on one or all the servers hosting the replica or whether Always Require SecureChannel is enabled or disabled.For more information on adding eDirectory 8.8 server to the replica ring, refer to “Adding aReplica” on page 137.10.1.8 Backward CompatibilityYou need to change all eDirectory utilities like iManager, SNMP, DirXML® and NSureAudit tosecure NCPTM to access encrypted attributes. Otherwise, you need to specify that a secure channel isnot necessary to access the encrypted attributes. Refer to “Enabling and Disabling Access toEncrypted Attributes Over Clear Text Channels” on page 245 for more information.