Starting in DB2® V9.7, transparent LDAP-based authentication and group look up are supported on the AIX® operating system. Some configuration steps are required before this support is enabled.
These steps assume that the LDAP server is RFC 2307 compliant and configured to store user and group information.
$ lslpp -l "ldap*"
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
ldap.client.adt 5.2.0.0 COMMITTED Directory Client SDK
ldap.client.rte 5.2.0.0 COMMITTED Directory Client Runtime (No
SSL)
ldap.html.en_US.config 5.2.0.0 COMMITTED Directory Install/Config
Gd-U.S. English
ldap.html.en_US.man 5.2.0.0 COMMITTED Directory Man Pages - U.S.
English
ldap.msg.en_US 5.2.0.0 COMMITTED Directory Messages - U.S.
English
Path: /etc/objrepos
ldap.client.rte 5.2.0.0 COMMITTED Directory Client Runtime (No
SSL)
Once you are certain that LDAP is configured properly and that you have populated the LDAP directory with users, you must set the default user to use LDAP. This will ensure that you can log in to the AIX client with any user in the LDAP directory that is not restricted.
chsec -f /etc/security/user -s default -a "SYSTEM=LDAP or files"
chsec -f /etc/security/user -s default -a "REGISTRY=LDAP"
Configurations that use other SYSTEM or REGISTRY attributes might work, but are not supported.
For more details on the stanza SYSTEM and REGISTRY attributes, refer to http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.files/doc/aixfiles/user.htm?.