Implementation Guidelines
LDAP Directory Server
Extend the schema to support classes and attributes needed by DB2 UDB.
Obtain the LDAP server TCP/IP hostname and connection port number.
Obtain the LDAP base distinguished name (baseDN).
Create a user distinguished name (DN) and password for DB2 directory updates.
Create eApplicationSystem object with systemName=DB2.
DB2 UDB Server
Install DB2 UDB ESE on AIX.
Install IBM LDAP Client Software on same box as DB2 server.
Configure DB2 to use the LDAP server.
Register the DB2 server instance with the LDAP directory.
Create a test database (SAMPLE) and verify that it is automatically registered in the LDAP directory.
Catalog an existing database and verify that it is added to the LDAP directory.
DB2 UDB Client
Install IBM LDAP Client code on the workstation.
Make sure that DB2 UDB LDAP Directory Exploitation is installed.
Configure the DB2 client to use the LDAP server.
Test database connections.
An LDAP registered database
A non-LDAP database (catalog database and node on the client are without LDAP)
Test Scenarios
Perform the following test scenarios and observe differences in behavior:
Change DB2LDAPCACHE variable setting from YES to NO.
Catalog the same database with more than one database alias.
Issue the refresh LDAP database and node directory commands after making changes to the LDAP directory.
Catalog different databases on different servers with the same alias.
Locally catalog a database (on the client) with an alias that is already in LDAP but not yet cached to the client.
Step #1
Before you can use DB2 in the IBM LDAP environment, you must select the IBM LDAP client on Windows client systems; use the db2set command to set the DB2LDAP_CLIENT_PROVIDER registry variable to IBM:
$ db2set DB2LDAP_CLIENT_PROVIDER=IBM
On each DB2 UDB machine (client and server):
Step #2
Enable LDAP support:
$ db2set DB2_ENABLE_LDAP=YES
Step #3
Specify LDAP server's TCP/IP hostname and port number:
$ db2set DB2LDAPHOST=newschemadirectory.service.dntteam.com:389
Step #4
Specify the LDAP baseDN:
$ db2set DB2LDAP_BASEDN=o=phantom.com
Step #5
Specify the LDAP user's DN and password for the DB2 instance owner to use LDAP to store DB2 user-specific information. Log in as DB2 instance owner and run the db2ldcfg utility:
$ db2ldcfg ?u "cn=Jonathan Phan, ou=TestTeamI, o=phantom.com, c=us" ?w password
Step #6
Each DB2 server instance must be registered in LDAP to publish the protocol configuration information that is used by the client applications to connect to it:
$ db2 register db2 server in ldap as SANDIEGO protocol tcpip hostname 192.168.1.51 svcename 11001 remote sunshine_dnt instance v8inst
This creates a node directory entry equivalent to that resulting from the following:
catalog tcpip node <node_name> remote <hostname> server <port> remote_instance <instance>
Step #7
A remote DB2 database server can also be registered using this form of the register command:
$ db2 register db2 server in ldap as <ldap_node_name> protocol tcpip hostname <host_name> svcename <tcpip_service_name> remote <remote_computer_name> instance <instance_name>
Step #8 (optional)
To change the DB2 database server information in LDAP, run the following update LDAP command:
$ db2 update ldap node SANDIEGO hostname 192.168.1.101 svcename 11002
Step #9
Create the sample database:
$ db2sampl
Step #10
The database is automatically registered in LDAP during the creation of a database within an instance. If the name already exists in the LDAP directory, the database is still created on the local machine but a warning message is returned, stating the naming conflict in the LDAP directory. In this case, the user can manually register the database:
$ db2 catalog ldap node SANDIEGO as SANDIEGO $ db2 catalog ldap database SAMPLE at node SANDIEGO with "My LDAP SAMPLE database"
Step #11
You can also manually refresh the database and node entries that refer to LDAP resources:
$ db2 refresh ldap database directory $ db2 refresh ldap node directory
