If Encryption Management Server is configured to allow third parties to perform key searches using LDAP or LDAPS, by default it will allow wildcard searches and return the first 100 matches.

For example, a third party could search for a* and return the first 100 email addresses beginning with the letter A.

Symantec Encryption Management Server 10.5 and above.

Wildcard searches can be disabled by adding an entry to the /etc/ovid/prefs.xml file. In addition, the number of results returned can be reduced from the default of 100 by adding another entry to the /etc/ovid/prefs.xml file.

To disable wildcard searches and limit the results to 10, please do the following:

1. ssh to Encryption Management Server.
2. Backup the file /etc/ovid/prefs.xml:

   cp /etc/ovid/prefs.xml /etc/ovid/prefs.xml.bak

3. Edit /etc/ovid/prefs.xml and change this:
   

       </keyserver>
       <crl>

   
   to this:
   

           <max-keysearch-results>10</max-keysearch-results>
           <allow-substring-key-search>false</allow-substring-key-search>
       </keyserver>
       <crl>

4. Restart the ldap service:
   

   pgpsysconf --restart ldap

5. Repeat the above steps on all cluster members that allow key lookups from third parties.