This content has been marked as final. Show 1 reply
as far as I can understand, I'm afraid that what you're trying to accomplish is not possible, since attribute encryption is something that happens 'within the Directory Server instance, between the protocol and the DB'... so the informations are sent in clear over the protocol, and this is what the audit log captures. According to the official product documentation:
"Attribute encryption protects sensitive data while it is stored in the directory. Attribute encryption allows you to specify that certain attributes of an entry are stored in an encrypted format. This prevents data from being readable while stored in database files, backup files, and exported LDIF files.
With this feature, attribute values are encrypted before they are stored in the Directory Server database, and decrypted back to their original value before being returned to the client. You must use access controls to prevent clients from accessing such attributes without permission, and SSL to encrypt the attribute values when in transit between the client and Directory Server."