DB2 Version 9.7 for Linux, UNIX, and Windows

Searching the LDAP servers

The DB2® database system searches the current LDAP server but in an environment where there are multiple LDAP servers, you can define the scope of the search.

About this task

For example, if the information is not found in the current LDAP server, you can specify automatic search of all other LDAP servers, or, alternatively, you can restrict the search scope to only the current LDAP server, or to the local DB2 database catalog.
When you set the search scope, this sets the default search scope for the entire enterprise. The search scope is controlled through the DB2 database profile registry variable, DB2LDAP_SEARCH_SCOPE. To set the search scope value, use the -gl option, which means global in LDAP, on the db2set command:
   db2set -gl db2ldap_search_scope=<value>

Possible values include: local, domain, or global. If it is not set, the default value is domain which limits the search scope to the directory on the current LDAP server.

For example, you might want to initially set the search scope to "global" after a new database is created. This allows any DB2 client configured to use LDAP to search all the LDAP servers to find the database. Once the entry has been recorded on each computer after the first connect or attach for each client, if you have caching enabled, the search scope can be changed to "local". Once changed to "local", each client will not scan any LDAP servers.

Note: The DB2 database profile registry variables DB2LDAP_KEEP_CONNECTION and DB2LDAP_SEARCH_SCOPE are the only registry variables that can be set at the global level in LDAP.
Parent topic: Lightweight Directory Access Protocol (LDAP) overview
Related concepts:
DB2 registry and environment variables