The DB2® database system provides a caching mechanism
to reduce the number of times a client searches the LDAP server.
About this task
After the information is retrieved, it is stored or cached
on the local computer based on the values of the dir_cache database
manager configuration parameter and the DB2LDAPCACHE registry variable.
- If DB2LDAPCACHE=NO and dir_cache=NO, then always read the information
from LDAP.
- If DB2LDAPCACHE=NO and dir_cache=YES, then read the information
from LDAP once and insert it into the DB2 cache.
- If DB2LDAPCACHE=YES or is not set, then read the information from
LDAP server once and cache it into the local database, node, and DCS
directories.
Note: The caching of LDAP information is not applicable to
user-level CLI or DB2 profile registry variables.
Since information in LDAP is subject to change, it might be necessary
to refresh the LDAP entries cached in the local database and node
directories. There are a few ways to do this.
To refresh
all the local database and node entries that were retrieved from LDAP,
use the following command:
db2 refresh ldap immediate
Similarly,
the following command can be used to both refresh existing local database
and node entries and add new entries from LDAP:
db2 refresh ldap immediate all
Specifying
the IMMEDIATE ALL option will add all the NODE and DB entries contained
with the LDAP server into the local directories.
Alternatively,
to force DB2 to refresh the database entries that refer
to LDAP resources on the next database connection or instance attachment,
use the following command:
db2 refresh ldap database directory
Likewise,
to force the DB2 database manager to refresh the nodes entries
that refer to LDAP resources on the next database connection or instance
attachment, use the following command:
db2 refresh ldap node directory
As
part of the refresh, all the LDAP entries that are saved in the local
database and node directories are removed. The next time that the
application accesses the database or node, it will read the information
directly from LDAP and generate a new entry in the local database
or node directory.
To ensure the refresh is done in a timely
way, you might want to:
- Schedule a refresh that is run periodically.
- Run the REFRESH command during system bootup.
- Use an available administration package to invoke the REFRESH command
on all client computers.
- Set DB2LDAPCACHE="NO" to avoid LDAP information being cached in
the database, node, and DCS directories.