directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRAPI-225) Add a LDIF anonymizer that takes a LDIF file and replace the value with random text
Date Mon, 16 Mar 2015 14:26:38 GMT

    [ https://issues.apache.org/jira/browse/DIRAPI-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363249#comment-14363249
] 

Emmanuel Lecharny commented on DIRAPI-225:
------------------------------------------

Anonymizing attribute which are DN is quite a challenge. An anonymized DN must still be a
valid DN, which exists in the DIT. We already transform an Entry's DN when we anonymize the
AT which is part of the RDN, but if this anonymized DN is referenced elswhere in the LDIF
file, then we should use this anonymized version. The problem is that we may refer DN's that
we have not yet processed...

That would require we parse the LDIF file first, and keep a track of all the DN in it, associated
with their anonymized form (which requires we also anonymize the AT during this phase). We
can even thing of cycles between entries...



> Add a LDIF anonymizer that takes a LDIF file and replace the value with random text
> -----------------------------------------------------------------------------------
>
>                 Key: DIRAPI-225
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-225
>             Project: Directory Client API
>          Issue Type: Improvement
>    Affects Versions: 1.0.0-M28
>            Reporter: Emmanuel Lecharny
>             Fix For: 1.0.0-M29
>
>
> From time to time, we have to ask for user's LDIF, or users have to transmit LDIF to
someone else for test purposes. It's clearly important to be able to have anonymized files,
so that no critical information is leaked.
> The idea would be to read the original LDIF, replacing all teh values with random - but
syntaxically correct - values.
> It should also be configurable (ie, the list of attributes to anonymized should be extensible).
> We have to take care of DN too, and of attributes which are DN pointing on some of the
base entries (like Member).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message