You can use the optional LDAP service that's included as part of the Db2 or Db2 Warehouse for Red Hat®
OpenShift® Kubernetes
offering to add and manage users for your instance.
- Adding Db2 or Db2 Warehouse users
-
Note: If your deployment uses the restricted-v2 SCC, commands that require switching users or
elevated privileges are not supported. Perform all steps as the Db2 instance user within the
container. For more information, see
Deploying Db2 or Db2
Warehouse with non-root deployment.
-
- Run the following commands to setup a terminal session with the tools pod. Set the variables
PROJECT and RELEASE_NAME accordingly.
PROJECT=""
RELEASE_NAME=""
ldap_pod=$(oc get po -n ${PROJECT} -o name | grep ${RELEASE_NAME}-ldap)
- Run the script,
addLdapUser.py, to add an LDAP user. If the password argument
is not provided, a prompt will be provided to enter the password
securely.oc rsh ${ldap_pod} /opt/ibm/ldap_scripts/addLdapUser.py
Usage:
addLdapUser.py [-h] -u USERNAME [-p PASSWORD] -r
{admin,user}
where:
- -h, --help displays the help message and exit option
- -u USERNAME, --username USERNAME defines the username for the new LDAP user (default: None)
- -p PASSWORD, --password PASSWORD defines the password for the new LDAP user (default: Prompt if
not specified)
- -r {admin,user}, --roletype {admin,user} defines the role for the new LDAP user (admin or
user)(default: None)
- Verify the newly created LDAP user ID and credential by following these steps:
- Exit from the LDAP pod.
exit
- Log in to the Db2®
pod.
oc rsh <db2u-deployment-db2u-0> /bin/bash
- Verify that the new LDAP user
exists.
Verify that the new LDAP user exists.
- Log in to a Db2 or Db2 Warehouse instance.
su - db2inst1
- Connect to a database by using the newly created LDAP user
ID:
db2 connect to bludb user <ldap_user using> <ldap_password>