If an attribute of an object is encrypted, you cannot view or modify the object by using iManager 2.5.
To work around this issue, you can view or modify the encrypted attribute over a secure channel, using any of the following methods:
LDAP: The LDAP request must be send over a secure channel, which means that the trusted root certificate of the server must be used.
ICE: LDIF scripts can be used to modify the object. If you do this, ICE must use a secure channel.
Use iManager 2.5 FP2, iManager 2.6, or later.
NOTE:We recommend using iManager 2.6 or later for viewing or modifying encrypted attributes.
Alternatively, you can turn off the secure channel required option for viewing or modifying the encrypted attributes by disabling the requireSecure attribute in the EA policy. This makes the object and the encrypted attributes accessible by any client over clear text channel. After this, iManager will be able to access the object.