Implementation Guidelines

LDAP Directory Server

  • Extend the schema to support classes and attributes needed by DB2 UDB.

  • Obtain the LDAP server TCP/IP hostname and connection port number.

  • Obtain the LDAP base distinguished name (baseDN).

  • Create a user distinguished name (DN) and password for DB2 directory updates.

  • Create eApplicationSystem object with systemName=DB2.

DB2 UDB Server

  • Install DB2 UDB ESE on AIX.

  • Install IBM LDAP Client Software on same box as DB2 server.

  • Configure DB2 to use the LDAP server.

  • Register the DB2 server instance with the LDAP directory.

  • Create a test database (SAMPLE) and verify that it is automatically registered in the LDAP directory.

  • Catalog an existing database and verify that it is added to the LDAP directory.

DB2 UDB Client

  • Install IBM LDAP Client code on the workstation.

  • Make sure that DB2 UDB LDAP Directory Exploitation is installed.

  • Configure the DB2 client to use the LDAP server.

  • Test database connections.

    • An LDAP registered database

    • A non-LDAP database (catalog database and node on the client are without LDAP)

Test Scenarios

Perform the following test scenarios and observe differences in behavior:

  • Change DB2LDAPCACHE variable setting from YES to NO.

  • Catalog the same database with more than one database alias.

  • Issue the refresh LDAP database and node directory commands after making changes to the LDAP directory.

  • Catalog different databases on different servers with the same alias.

  • Locally catalog a database (on the client) with an alias that is already in LDAP but not yet cached to the client.

Step #1

Before you can use DB2 in the IBM LDAP environment, you must select the IBM LDAP client on Windows client systems; use the db2set command to set the DB2LDAP_CLIENT_PROVIDER registry variable to IBM:


On each DB2 UDB machine (client and server):

Step #2

Enable LDAP support:

Step #3

Specify LDAP server's TCP/IP hostname and port number:

$ db2set
Step #4

Specify the LDAP baseDN:

$ db2set
Step #5

Specify the LDAP user's DN and password for the DB2 instance owner to use LDAP to store DB2 user-specific information. Log in as DB2 instance owner and run the db2ldcfg utility:

$ db2ldcfg ?u "cn=Jonathan Phan,
      ou=TestTeamI,, c=us"
      ?w password
Step #6

Each DB2 server instance must be registered in LDAP to publish the protocol configuration information that is used by the client applications to connect to it:

$ db2 register db2 server in ldap as SANDIEGO protocol tcpip
      hostname svcename 11001
      remote sunshine_dnt instance v8inst

This creates a node directory entry equivalent to that resulting from the following:

catalog tcpip node <node_name>
      remote <hostname>
      server <port>
      remote_instance <instance>
Step #7

A remote DB2 database server can also be registered using this form of the register command:

$ db2 register db2 server in ldap as <ldap_node_name>
      protocol tcpip
      hostname <host_name>
      svcename <tcpip_service_name>
      remote <remote_computer_name>
      instance <instance_name>
Step #8 (optional)

To change the DB2 database server information in LDAP, run the following update LDAP command:

$ db2 update ldap node SANDIEGO hostname svcename 11002
Step #9

Create the sample database:

$ db2sampl
Step #10

The database is automatically registered in LDAP during the creation of a database within an instance. If the name already exists in the LDAP directory, the database is still created on the local machine but a warning message is returned, stating the naming conflict in the LDAP directory. In this case, the user can manually register the database:

$ db2 catalog ldap node SANDIEGO as SANDIEGO

$ db2 catalog ldap database SAMPLE at node SANDIEGO
      with "My LDAP SAMPLE database"
Step #11

You can also manually refresh the database and node entries that refer to LDAP resources:

$ db2 refresh ldap database directory

$ db2 refresh ldap node directory