[OPENDJ-3007] Show if an index is confidential or not in dsconfig list-backend-indexes output Created: 09/May/16  Updated: 08/Nov/19  Resolved: 10/May/16

Status: Done
Project: OpenDJ
Component/s: backends, security, tools
Affects Version/s: 4.0.0, 3.5.0
Fix Version/s: 4.0.0, 3.5.0

Type: Improvement Priority: Minor
Reporter: Christophe Sovant Assignee: Fabio Pistolesi
Resolution: Fixed Votes: 0
Labels: verified

Epic Link: Encrypt data at rest
QA Assignee: carole forel

 Description   

dsconfig list-backend-indexes command should display if an index is confidential or not.

$ ./bin/dsconfig -D cn=myself -w password -p 2444 -X list-backend-indexes --backend-name userRoot --advanced -n
Backend Index    : index-type          : index-entry-limit : index-extensible-matching-rule
-----------------:---------------------:-------------------:-------------------------------
aci              : presence            : 4000              : -
cn               : equality, substring : 4000              : -
ds-sync-conflict : equality            : 4000              : -
ds-sync-hist     : ordering            : 4000              : -
entryUUID        : equality            : 4000              : -
givenName        : equality, substring : 4000              : -
mail             : equality, substring : 4000              : -
member           : equality            : 4000              : -
objectClass      : equality            : 4000              : -
sn               : equality, substring : 4000              : -
telephoneNumber  : equality, substring : 4000              : -
uid              : equality            : 4000              : -
uniqueMember     : equality            : 4000              : -


 Comments   
Comment by Fabio Pistolesi [ 09/May/16 ]

New output example:

Backend Index    : index-type          : index-entry-limit : index-extensible-matching-rule : confidentiality-enabled
-----------------:---------------------:-------------------:--------------------------------:------------------------
aci              : presence            : 4000              : -                              : false
cn               : equality, substring : 4000              : -                              : false
ds-sync-conflict : equality            : 4000              : -                              : false
ds-sync-hist     : ordering            : 4000              : -                              : false
entryUUID        : equality            : 4000              : -                              : false

Moreover, a couple other commands can display the same information, backendstat show-index-status and dsconfig list-backends:

bin/backendstat show-index-status -n userRoot -b dc=example,dc=com
Index Name                                        Raw DB Name                                                          Index Valid  Index Confidential  Record Count  Over Entry Limit  95%  90%  85%
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
uid.caseIgnoreMatch                               /dc=com,dc=example/uid.caseIgnoreMatch                               true         false               20            0                 0    0    0
aci.presence                                      /dc=com,dc=example/aci.presence                                      true         false               0             0                 0    0    0
ds-sync-conflict.distinguishedNameMatch           /dc=com,dc=example/ds-sync-conflict.distinguishedNameMatch           true         false               0             0                 0    0    0
givenName.caseIgnoreMatch                         /dc=com,dc=example/givenName.caseIgnoreMatch                         true         false               20            0                 0    0    0
givenName.caseIgnoreSubstringsMatch:6             /dc=com,dc=example/givenName.caseIgnoreSubstringsMatch:6             true         false               94            0                 0    0    0
objectClass.objectIdentifierMatch                 /dc=com,dc=example/objectClass.objectIdentifierMatch                 true         false               6             0                 0    0    0
member.distinguishedNameMatch                     /dc=com,dc=example/member.distinguishedNameMatch                     true         false               0             0                 0    0    0
./bin/dsconfig -D cn=myself -w password -p 2444 -X -n list-backends
Backend        : Type : enabled : base-dn                       : confidentiality-enabled
---------------:------:---------:-------------------------------:------------------------
adminRoot      : ldif : true    : cn=admin data                 : -
userRoot       : pdb  : true    : "dc=example,dc=com"           : false
userRootpeople : je   : true    : "ou=people,dc=example,dc=com" : false
Comment by carole forel [ 12/Jul/16 ]

verified with opendj 4.0.0 rev f8af42101824bb2a0b245c19cf5945921b6e54a5
and 3.5.0 rev 6c04f4cb5de809ea1b4e8deb12925396da89d841

Generated at Tue Oct 27 05:52:37 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.