Before you can use LDAP, you must enable it after the DB2® database product installation
is complete.
Procedure
To enable LDAP support:
- On any machine that is part of a Windows domain, perform the following steps:
- If you did not do so before installing the DB2 database product, you must extend the directory
schema if you want to use Microsoft Active Directory. For more information, see the "Extending
the directory schema for Active Directory" topic.
- Install the LDAP support binary files by running the DB2 Setup program and selecting the LDAP Directory Exploitation
support from Custom install. The Setup program sets automatically the DB2 registry variable DB2_ENABLE_LDAP to YES which is a required setting to enable LDAP support.
- Optional: To use the IBM LDAP client instead of the Microsoft LDAP client, set
the DB2LDAP_CLIENT_PROVIDER registry variable
to IBM.
- On each LDAP client, perform the following steps:
- Specify the TCP/IP host name and optionally the
port number of the LDAP server by running the following command: db2set DB2LDAPHOST=base_domain_name[:port_number] where base_domain_name is the TCP/IP host name,
and [:port_number] is the port number. If you do
not specify a port number, the default LDAP port number 389 is used. For an SSL enabled LDAP server, run the following command: db2set DB2LDAPHOST=base_domain_name:SSL:636 where base_domain_name is the TCP/IP host name.
DB2 objects are
located in the LDAP base distinguished name (baseDN). You can configure
the baseDN on each machine by running the following command:
db2set DB2LDAP_BASEDN=baseDN
where
baseDN is the name of the LDAP suffix that is defined at
the LDAP server.
- Optional: To use LDAP to store DB2 user-specific information, enter the distinguished
name (DN) and password of the LDAP user.
- If you extended the directory schema after installing the DB2 database product, perform the
following steps:
- Register the current instance of the DB2 server in LDAP by running the following command:
db2 register ldap as node-name protocol tcpip
- Register specific databases in LDAP by running the following
command:
db2 catalog ldap database dbname as alias_dbname
What to do next
You can now register the LDAP entries.