[
https://issues.apache.org/jira/browse/DIRAPI-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363249#comment-14363249
]
Emmanuel Lecharny commented on DIRAPI-225:
------------------------------------------
Anonymizing attribute which are DN is quite a challenge. An anonymized DN must
still be a valid DN, which exists in the DIT. We already transform an Entry's
DN when we anonymize the AT which is part of the RDN, but if this anonymized DN
is referenced elswhere in the LDIF file, then we should use this anonymized
version. The problem is that we may refer DN's that we have not yet processed...
That would require we parse the LDIF file first, and keep a track of all the DN
in it, associated with their anonymized form (which requires we also anonymize
the AT during this phase). We can even thing of cycles between entries...
> Add a LDIF anonymizer that takes a LDIF file and replace the value with
> random text
> -----------------------------------------------------------------------------------
>
> Key: DIRAPI-225
> URL: https://issues.apache.org/jira/browse/DIRAPI-225
> Project: Directory Client API
> Issue Type: Improvement
> Affects Versions: 1.0.0-M28
> Reporter: Emmanuel Lecharny
> Fix For: 1.0.0-M29
>
>
> From time to time, we have to ask for user's LDIF, or users have to transmit
> LDIF to someone else for test purposes. It's clearly important to be able to
> have anonymized files, so that no critical information is leaked.
> The idea would be to read the original LDIF, replacing all teh values with
> random - but syntaxically correct - values.
> It should also be configurable (ie, the list of attributes to anonymized
> should be extensible).
> We have to take care of DN too, and of attributes which are DN pointing on
> some of the base entries (like Member).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
