Registers the database in Lightweight Directory Access
Protocol (LDAP).
Command syntax
>>-CATALOG LDAP--+-DATABASE-+--database-name--+-----------+----->
'-DB-------' '-AS--alias-'
>--+-------------------+--+----------------------+-------------->
'-AT NODE--nodename-' '-GWNODE--gateway-node-'
>--+---------------------------+--+------------------+---------->
'-PARMS--"parameter-string"-' '-AR--library-name-'
>--+--------------------------------------------------------------+-->
'-AUTHENTICATION--+-SERVER-----------------------------------+-'
+-CLIENT-----------------------------------+
+-SERVER_ENCRYPT---------------------------+
+-SERVER_ENCRYPT_AES-----------------------+
+-KERBEROS TARGET PRINCIPAL--principalname-+
+-DATA_ENCRYPT-----------------------------+
'-GSSPLUGIN--------------------------------'
>--+------------------+----------------------------------------->
'-WITH--"comments"-'
>--+----------------------------------------+------------------><
'-USER--username--+--------------------+-'
'-PASSWORD--password-'
Command parameters
- DATABASE database-name
- Specifies the name of the database to catalog.
- AS alias
- Specifies an alias as an alternate name for the database being
cataloged. If an alias is not specified, the database name is used
as the alias.
- AT NODE nodename
- Specifies the LDAP node name for the database server on which
the database resides. This parameter must be specified when registering
a database on a remote server.
- GWNODE gateway-node
- Specifies the LDAP node name for the gateway server.
- PARMS "parameter-string"
- Specifies a parameter string that is passed to the Application
Requester (AR) when accessing DCS databases. The change password sym_dest_name should not be specified in the parameter
string. Use the keyword CHGPWDLU to specify the
change password LU name when registering the DB2® server in LDAP.
- AR library-name
- Specifies the name of the Application Requester library that is
loaded and used to access a remote database listed in the DCS directory.
If using the DB2 Connect™ AR, do not specify a library name. The default value
will cause DB2 Connect to be invoked.
If not using DB2 Connect, specify the library name
of the AR, and place that library on the same path as the database
manager libraries. On Windows operating systems, the path is drive:\sqllib\dll. On UNIX operating systems,
the path is $HOME/sqllib/lib of the instance
owner.
- AUTHENTICATION
- Specifies the authentication level. Valid values are:
- SERVER
- Specifies that authentication takes place on the node containing
the target database.
- CLIENT
- Specifies that authentication takes place on the node from which
the application is invoked.
- SERVER_ENCRYPT
- Specifies that authentication takes place on the database partition
server containing the target database, and that user IDs and passwords
are encrypted at the source. User IDs and passwords are decrypted
at the target, as specified by the authentication type cataloged at
the source.
- SERVER_ENCRYPT_AES
- Specifies that authentication takes place on the database partition
server containing the target database, and that user IDs and passwords
are encrypted with an Advanced Encryption Standard (AES) encryption
algorithm at the source and decrypted at the target.
- KERBEROS
- Specifies that authentication takes place using Kerberos Security
Mechanism.
- TARGET PRINCIPAL principalname
- Fully qualified Kerberos principal name for the target server;
that is, the logon account of the DB2 server service in the form of userid@xxx.xxx.xxx.com or domain\userid.
- DATA_ENCRYPT
- Specifies that authentication takes place on the node containing
the target database, and that connections must use data encryption.
- GSSPLUGIN
- Specifies that authentication takes place using an external GSS
API-based plug-in security mechanism.
- WITH "comments"
- Describes the DB2 server.
Any comment that helps to describe the server registered in the network
directory can be entered. Maximum length is 30 characters. A carriage
return or a line feed character is not permitted. The comment text
must be enclosed by double quotation marks.
- USER username
- Specifies the user's LDAP distinguished name (DN). The LDAP user
DN must have sufficient authority to create the object in the LDAP
directory. If the user's LDAP DN is not specified, the credentials
of the current logon user will be used. If the user's LDAP DN and
password have been specified using db2ldcfg, the
user name and password do not have to be specified here.
- PASSWORD password
- Account password. If the user's LDAP DN and password have been
specified using db2ldcfg, the user name and password
do not have to be specified here.
Usage notes
If the node name is not specified, DB2 will use the first node in LDAP
that represents the DB2 server
on the current machine.
It might be necessary to manually register
(catalog) the database in LDAP if:
- The database server does not support LDAP. The administrator must
manually register each database in LDAP to allow clients that support
LDAP to access the database without having to catalog the database
locally on each client machine.
- The application wants to use a different name to connect to the
database. In this case, the administrator can catalog the database
using a different alias name.
- The database resides at the host or System i® database server. In this case, the administrator can register
the database in LDAP and specify the gateway node through the GWNODE parameter.
- During CREATE DATABASE IN LDAP the database name already exists
in LDAP. The database is still created on the local machine (and can
be accessed by local applications), but the existing entry in LDAP
will not be modified to reflect the new database. In this case, the
administrator can:
- Remove the existing database entry in LDAP and manually register
the new database in LDAP.
- Register the new database in LDAP using a different alias name.