Managing internal LDAP users
You can use the optional LDAP service that's included as part of the Db2 or Db2 Warehouse for Red Hat® OpenShift® Kubernetes offering to add and manage users for your instance.
- Adding Db2 or Db2 Warehouse users
-
- Run the following commands to setup a terminal session with the tools pod. Set the variables
PROJECT and RELEASE_NAME accordingly.
PROJECT="" RELEASE_NAME="" ldap_pod=$(oc get po -n ${PROJECT} -o name | grep ${RELEASE_NAME}-ldap) - Run the script,
addLdapUser.py, to add an LDAP user. If the password argument is not provided, a prompt will be provided to enter the password securely.oc rsh ${ldap_pod} /opt/ibm/ldap_scripts/addLdapUser.pyUsage:
where:addLdapUser.py [-h] -uUSERNAME[-pPASSWORD] -r {admin,user}- -h, --help displays the help message and exit option
- -u USERNAME, --username USERNAME defines the username for the new LDAP user (default: None)
- -p PASSWORD, --password PASSWORD defines the password for the new LDAP user (default: Prompt if not specified)
- -r {admin,user}, --roletype {admin,user} defines the role for the new LDAP user (admin or user)(default: None)
- Verify the newly created LDAP user ID and credential by following these steps:
- Exit from the LDAP pod.
exit - Log in to the Db2®
pod.
oc rsh <db2u-deployment-db2u-0> /bin/bash - Verify that the new LDAP user
exists.
Verify that the new LDAP user exists. - Log in to a Db2 or Db2 Warehouse
instance.
su - db2inst1 - Connect to a database by using the newly created LDAP user
ID:
db2 connect to bludb user <ldap_user using> <ldap_password>
- Exit from the LDAP pod.
- Run the following commands to setup a terminal session with the tools pod. Set the variables
PROJECT and RELEASE_NAME accordingly.