Managing users with the internal LDAP deployment

Adding Db2 Users

1. Run the following commands to setup a terminal session with the tools pod. Set the variables PROJECT and RELEASE_NAME accordingly.

   PROJECT="" 
   RELEASE_NAME="" 
   ldap_pod=$(oc get po -n ${PROJECT} -o name | grep ${RELEASE_NAME}-ldap)

2. Run the script, addLdapUser.py, to add an LDAP user. If the password argument is not provided, a prompt will be provided to enter the password securely.

   oc rsh ${ldap_pod} /opt/ibm/ldap_scripts/addLdapUser.py

   Usage: addLdapUser.py [-h] -u USERNAME [-p PASSWORD] -r {admin,user}

   where:

   • -h, --help displays the help message and exit option
   • -u USERNAME, --username USERNAME defines the username for the new LDAP user (default: None)
   • -p PASSWORD, --password PASSWORD defines the password for the new LDAP user (default: Prompt if not specified)
   • -r {admin,user}, --roletype {admin,user} defines the role for the new LDAP user (admin or user)(default: None)
3. Verify the newly created LDAP user ID and credential by following these steps:
   1. Exit from the LDAP pod.

      exit

   2. Log in to the Db2 pod.

      oc rsh db2u-deployment-db2u-0 /bin/bash

   3. Verify that the new LDAP user exists.

      id ldap-user

   4. Log in to a Db2® instance.

      su - db2inst1

   5. Connect to a database by using the newly created LDAP user ID:

      db2 connect to bludb user ldap_user using ldap_password

Changing a Db2 user's password

oc rsh ${ldap_pod} /opt/ibm/ldap_scripts/changePassword.py

Usage: changePassword.py [-h] -u USERNAME [-cp CURRENTPASSWORD] [-np NEWPASSWORD]

Deleting a Db2 user

oc rsh ${ldap_pod} /opt/ibm/ldap_scripts/removeLdapUser.py

Usage: removeLdapUser.py [-h] -u USERNAME