Examples of this include:

  • The files containing the PIN needed to access a certificate key or trust store, such as the ads-truststore.pin, keystore.pin, and truststore.pin files in the server’s config directory, can be encrypted.
  • If a command-line tool needs to read a password from a file, such as when using the --bindPasswordFile, --keyStorePasswordFile, or --trustStorePasswordFile arguments offered by LDAP-enabled tools, it should be able to read from encrypted files.
  • If a command-line tool supports obtaining default argument values from a properties file, such as from config/tools.properties, that properties file can be encrypted.
  • When writing its output to one or more files, the ldapsearch tool can encrypt the data as it is written.
  • When reading the set of changes to process, the ldapmodify and parallel-update tools can read those changes from encrypted LDIF files.
  • LDIF tools like ldifsearch, ldifmodify, and ldif-diff support reading from and writing to encrypted LDIF files.