Environment
Novell Identity Manager
Novell Identity Manager Remote Loader
Novell eDirectory 8.8 for All Platforms
Situation
Resolution
This is not an issue when using no Remote Loader because there is no Novell-controlled communication that is open to the world to view via a LAN trace.
When using the eDirectory driver SSL encryption between drivers will also be needed in this same case even though there is no Remote Loader.
Additional Information
Support for eDir 8.8 Encrypted Attributes in Spitfire
The following enhancements were made to Spitfire in order to support eDirectory 8.8's encrypted attributes feature:
Encryption in the cache files
When the value for an attribute that appears in the server's attribute encryption policy is stored in a DirXML driver's cache the value is encrypted using the encryption method specified by the server's attribute encryption policy.
Suppression of values in trace output
Value of attributes that appear in the server's attribute encryption policy are suppressed in DSTrace, Java Trace File, and Remote Loader trace information. Encrypted attribute values for attributes that have a schema mapping to an application attribute name are also suppressed under the application attribute name.
Filtering in Remote Loader and eDir to eDir driver when not using SSL
If the Remote Loader or eDir to eDir driver is being used, and SSL is not used for communication, then attributes that appear in the server's attribute encryption policy are stripped from XML documents before the documents are sent to the Remote Loader or the eDir to eDir shim. The stripping occurs before the Schema Mapping Policy or Output Transformation Policy are applied, so such attribute values are not available in those policies.