LDAP support in CLPPlus

CLPPlus connections support DSN alias searches in a configured LDAP directory server.

Description

If you specify a DSN alias name that is not found in the IBM® data server driver configuration file (db2dsdriver.cfg), the CLPPlus interface attempts to connect to the LDAP directory server that is specified in the IBM data server driver configuration file to resolve the DSN alias name. The CLPPlus interface looks up the DSN alias name on the LDAP directory server and use the required connection details from the DSN entry, such as host name, port number, user ID, and password, to make a connection. If no match is found on the LDAP directory server or the connection to the LDAP directory server fails, the DSN alias name is treated as a database name during an interactive connection.

To enable the LDAP support, use the <ldapserver> section in the IBM data server driver configuration file to specify the LDAP directory server information. A single LDAP directory server entry is allowed in the IBM data server driver configuration file. The UserID and Password fields in the <ldapserver> section are optional; you can enter user ID and password information at run time. User ID and password information is cached during the CLPPlus session.

If you set the UserID parameter in the IBM data server driver configuration file to "*anonymous", an anonymous connection to the LDAP directory server is attempted; user ID and password information is not passed. You are not prompted for a password, and if you set the Password parameter in the IBM data server driver configuration file, the parameter is ignored.

Important:

If you set the UserID parameter to "*anonymous", you must configure the LDAP directory server to support anonymous connections.

Examples

Consider the following sample IBM data server driver configuration file:

<configuration>
	<dsncollection>
		<dsn alias="alias1" name="name1" host="server1.net1.com" port="50001"/>
	</dsncollection>

	<databases>

		<database name="name1" host="server1.net1.com" port="50001">
			<parameter name="CurrentSchema" value="OWNER1"/>
			<wlb>
				<parameter name="enableWLB" value="true"/>
				<parameter name="maxTransports" value="50"/>
			</wlb>
			<acr>
				<parameter name="enableACR" value="true"/>
			</acr>
		</database>

	</databases>

	<ldapserver>
		<parameter name="EnableLDAP" value="YES"/>
		<parameter name="LDAPServerHost" value="ipv6lab7.torolab.ibm.com"/>
		<parameter name="LDAPServerPort" value="389"/>
		<parameter name="UserID" value="root"/>
		<parameter name="Password" value="itdsv23"/>
		<parameter name="BaseDN" value="O=IBM"/>
		<parameter name="Authentication" value="simple"/>
	</ldapserver>
</configuration>

The following example connects to a DSN alias DBLDAP1 with the sample IBM data server driver configuration file. The DBLDAP1 DSN alias name is not found in the IBM data server driver configuration file and the DSN alias entry on the LDAP directory server ipv6lab7.torolab.ibm is searched. The host, port, and database information from the DBLDAP1 DSN alias name that is found on the LDAP directory server is retrieved to establish a connection.

SQL> connect
Enter DATABASE NAME [SAMPLE]: DBLDAP1
Enter ID : db2admin
Enter password: ********

Database Connection Information :
---------------------------------
Hostname = winguest.torolab.ibm.com
Database server = DB2/NT  SQL09075
SQL authorization ID = db2admin
Local database alias = DBLDAP1
Port = 50000

The following example connects to the DBLDAP1 DSN from the CLPPlus session in the VERBOSE mode:

SQL> connect
DB250001I: CLPPlus has successfully read the configuration file named 
'C:\Documents and Settings\All Users\Application data\IBM\DB2\DB2COPY1\cfg\db2dsdriver.cfg'.

Enter DATABASE NAME [SAMPLE]: DBLDAP1

DB250014I: DSN alias 'DBLDAP1' is not found in the configuration file named 
'C:\Documents and Settings\All Users\Application Data\IBM\DB2\DB2COPY1\cfg\db2dsdriver.cfg'. 

DB250015I: CLPPlus successfully established a connection with LDAP directory 
server 'ipv6lab7.torolab.ibm.com:389'

Enter ID : db2admin
Enter password: ********

Database Connection Information :
---------------------------------
Hostname = winguest.torolab.ibm.com
Database server = DB2/NT  SQL09075
SQL authorization ID = db2admin
Local database alias = DBLDAP1
Port = 50000

The following example connects to a DSN alias DBLDAP2 with the sample IBM data server driver configuration file. The CLPPlus session is running in the VERBOSE mode. When the DSN alias DBLDAP2 is not found in the IBM data server driver configuration file or on the specified LDAP directory server, then the interactive CLPPlus connection attempt occurs.

SQL> connect
DB250001I: CLPPlus has successfully read the configuration file named 
'C:\Documents and Settings\All Users\Application data\IBM\DB2\DB2COPY1\cfg\db2dsdriver.cfg'.

Enter DATABASE NAME [SAMPLE]: DBLDAP2

DB250014I: DSN alias 'DBLDAP2' is not found in the configuration file named 
'C:\Documents and Settings\All Users\Application Data\IBM\DB2\DB2COPY1\cfg\db2dsdriver.cfg'. 

DB250015I: CLPPlus successfully established a connection with LDAP directory server 'ipv6lab7.torolab.ibm.com:389'

DB250016E: DSN alias 'DBLDAP2' was not found in LDAP directory server 'ipv6lab7.torolab.ibm.com:389'. 
'DBLDAP2' is used as the database name in the subsequent interactive CLPPlus connect attempt.

Enter HOSTNAME [localhost]: 9.128.34.89
Enter PORT [50000]: 50003
Enter ID: db2admin
Enter password:*******

Database Connection Information :
---------------------------------
Hostname = 9.128.34.89
Database server = DB2/NT  SQL09075
SQL authorization ID = db2admin
Local database alias = DBLDAP2
Port = 50003

The following example connects to the DBLDAP2 DSN from the CLPPlus session in the VERBOSE mode:

SQL> connect
DB250001I: CLPPlus has successfully read the configuration file named 
'C:\Documents and Settings\All Users\Application data\IBM\DB2\DB2COPY1\cfg\db2dsdriver.cfg'.

Enter DATABASE NAME [SAMPLE]: DBLDAP2

DB250014I: DSN alias 'DBLDAP2' is not found in the configuration file named 
'C:\Documents and Settings\All Users\Application Data\IBM\DB2\DB2COPY1\cfg\db2dsdriver.cfg'. 

DB250017E: CLPPlus failed to establish a connection with LDAP 
directory server 'ipv6lab7.torolab.ibm.com:389'. 'DBLDAP2' is 
used as the database name in an interactive connect attempt.

Enter HOSTNAME [localhost]: 9.128.34.89
Enter PORT [50000]: 50003
Enter ID: db2admin
Enter password:*******

Database Connection Information :
---------------------------------
Hostname = 9.128.34.89
Database server = DB2/NT  SQL09075
SQL authorization ID = db2admin
Local database alias = DBLDAP2
Port = 50003

Consider the following modified version of the IBM data server driver configuration file. The IBM data server driver configuration file does not include the UserID and Password parameters for the LDAP directory server configuration. The LDAP directory server ipv6lab7.torolab.ibm is specified.

<configuration>
	<dsncollection>
		<dsn alias="alias1" name="name1" host="server1.net1.com" port="50001"/>
	</dsncollection>

	<databases>

		<database name="name1" host="server1.net1.com" port="50001">
			<parameter name="CurrentSchema" value="OWNER1"/>
			<wlb>
				<parameter name="enableWLB" value="true"/>
				<parameter name="maxTransports" value="50"/>
			</wlb>
			<acr>
				<parameter name="enableACR" value="true"/>
			</acr>
		</database>

	</databases>

	<ldapserver>
		<parameter name="EnableLDAP" value="YES"/>
		<parameter name="LDAPServerHost" value="ipv6lab7.torolab.ibm.com"/>
		<parameter name="LDAPServerPort" value="389"/>
		<parameter name="BaseDN" value="O=IBM"/>
		<parameter name="Authentication" value="simple"/>
	</ldapserver>
</configuration>

Using the updated IBM data server driver configuration file, a connection to alias name SAMPLE32 is attempted. The alias name is not found in the IBM data server driver configuration file. When the user ID and password to the LDAP directory server are entered interactively, as shown in the following example, the CLPPlus interface connects to the ipv6lab7.torolab.ibm LDAP directory server. The LDAP directory server is successfully searched for the SAMPLE32 DSN alias, and the host, port, and database information is retrieved. A CLPPlus connection is established with the database information that is retrieved from the LDAP server. In the following example, the CLPPlus session is not running in the VERBOSE mode.

C:\Documents and Settings>clpplus /@SAMPLE32

CLPPlus: Version 1.4
Copyright (c) 2009, 2011, IBM CORPORATION.  All rights reserved.

Connecting to LDAP server '9.234.67.89:389'.
Enter LDAP server user ID: root
Enter LDAP server password: ********

Enter password: **********

Database Connection Information :
---------------------------------
Hostname = 9.128.32.149
Database server = DB2/NT  SQL09075
SQL authorization ID = db2admin
Local database alias = SAMPLE32
Port = 50002