DB2 10.5 for Linux, UNIX, and Windows

Refreshing LDAP entries in local database and node directories

The DB2® database system provides a caching mechanism to reduce the number of times a client searches the LDAP server.

About this task

After the information is retrieved, it is stored or cached on the local computer based on the values of the dir_cache database manager configuration parameter and the DB2LDAPCACHE registry variable.

If DB2LDAPCACHE=NO and dir_cache=NO, then always read the information from LDAP.
If DB2LDAPCACHE=NO and dir_cache=YES, then read the information from LDAP once and insert it into the DB2 cache.
If DB2LDAPCACHE=YES or is not set, then read the information from LDAP server once and cache it into the local database, node, and DCS directories.

Note: The caching of LDAP information is not applicable to user-level CLI or DB2 profile registry variables. Since information in LDAP is subject to change, it might be necessary to refresh the LDAP entries cached in the local database and node directories. There are a few ways to do this.

Procedure

To refresh all the local database and node entries that were retrieved from LDAP, use the following command:
```
   db2 refresh ldap immediate
```
To refresh existing local database and node entries and add new entries from LDAP, use the following command:
```
   db2 refresh ldap immediate all
```
Specifying the IMMEDIATE ALL parameter adds all the NODE and DB entries contained with the LDAP server into the local directories.
Alternatively, to force DB2 for Linux, UNIX, and Windows to refresh the database entries that refer to LDAP resources on the next database connection or instance attachment, use the following command:
```
      db2 refresh ldap database directory
```
Likewise, to force the DB2 database manager to refresh the nodes entries that refer to LDAP resources on the next database connection or instance attachment, use the following command:
```
      db2 refresh ldap node directory
```

Results

As part of the refresh, all the LDAP entries that are saved in the local database and node directories are removed. The next time that the application accesses the database or node, it will read the information directly from LDAP and generate a new entry in the local database or node directory.

What to do next

To ensure that the refresh is done in a timely way, you might want to:

Schedule a refresh that is run periodically.
Run the REFRESH command during system bootup.
Use an available administration package to invoke the REFRESH command on all client computers.
Set DB2LDAPCACHE=NO to avoid LDAP information being cached in the database, node, and DCS directories.