Administrators can assign one or more sensitive attribute definitions to a client connection policy. However, in an environment with multiple client connection policies, it could be easy to add a sensitive attribute definition to one policy but overlook it in another. The Directory Server supports the ability to define sensitive attributes as a global configuration option so that they will automatically be used across all client connection policies.

  • Run dsconfig to add a global sensitive attribute across all client connection policies. The following command adds the employeeSSN as a global sensitive attribute, which is applied across all client connection policies.
    $ bin/dsconfig set-global-configuration-prop --add "sensitive-attribute:employeeSSN"