External LDAP or AD configuration in the web console
You can configure external LDAP or Active Directory (AD) server using the web console. In
, select either External LDAP or AD and follow the corresponding configuration instructions.See the following topics in the Db2® Warehouse
knowledge center for some preliminary steps that you need to perform on the external directory server.
The following details must be provided in the web console:
External LDAP configuration
- Host name
- Specifies the fully qualified domain name (FQDN) of the LDAP domain controller. Ensure that you define this domain controller in the /etc/hosts file.
- Port
- Specifies the port number of the LDAP server. The default number is 389.
- Group DN
- Specifies the group base distinguished name (DN) for the
bluadmin
andbluusers
groups. An example follows:ou=groups,dc=example,dc=com
- User DN
- Specifies the user base DN for the Db2 Warehouse users. An example follows:
ou=users,dc=example,dc=com
- Searcher DN
- Specifies the DN to use during a search for users and groups. An example
follows:
uid=my_searcher,ou=users,dc=example,dc=com
- Searcher password
- Specifies the password for the searcher DN.
- SSL Method
- Specifies the SSL method.
- StartTLS
- Specifies the StartTLS method. This method is default.
- LDAPS
- Specifies the LDAP over SSL (LDAPS) method.
- Client store
-
Specifies the path to a PKCS #12 file that contains the client certificate and private key. The file must be in the /mnt/clusterfs/scratch directory.
- Client store password
- Specifies the password for the PKCS #12 file.
- Certificate authority certificate
- Specifies the path to the certificate authority (CA) certificate of the PKCS #12 file. The CA certificate must be an X.509 certificate for either the LDAP server itself or the CA that signed the server's certificate.
- Use custom names
- You can change the default groups and default user name.
- Apply to
- Select if you want to apply the settings to Db2Warehouse only, that is, database users, or both, database and platform users.
External Active Directory configuration
- Host name
- Specifies the fully qualified domain name (FQDN) of the Active Directory domain controller. Ensure that you define this domain controller in the /etc/hosts file.
- Port
- Specifies the port number of the LDAP port of the Active Directory server.
- Join AD domain or use LDAP only
- Specifies the type of the server.
- Join AD domain
- Specifies that a Microsoft Active Directory server will be used. Each node joins the AD domain. This type is default.
- LDAP only
- Specifies that a Microsoft Active Directory server will be used but will operate as an external LDAP server. The nodes aren’t joined to the Active Directory domain, and they act as LDAP clients.
- AD administrator user
- Specifies the realm user. The default is Administrator.
- AD administrator password
- Specifies the password for the realm user.
- Group DN
- Specifies the group base distinguished name (DN) for the bluadmin and
bluusers groups. An example
follows:
ou=groups,dc=example,dc=com
- User DN
- Specifies the user base DN for the Db2 Warehouse users. An example follows:
ou=users,dc=example,dc=com
- Searcher DN
- Specifies the DN to use during a search for users and groups. An example
follows:
uid=my_searcher,ou=users,dc=example,dc=com
- Searcher password
- Specifies the password for the searcher DN.
- SSL Method
- Specifies the SSL method.
- StartTLS
- Specifies the StartTLS method. This type is default.
- LDAPS
- Specifies the LDAP over SSL (LDAPS) method.
- Client store
-
Specifies the path to a PKCS #12 file that contains the client certificate and private key. The file must be in the /mnt/clusterfs/scratch directory.
- Client store password
- Specifies the password for the PKCS #12 file.
- Certificate authority certificate
- Specifies the path to the certificate authority (CA) certificate of the PKCS #12 file. The CA certificate must be an X.509 certificate for either the LDAP server itself or the CA that signed the server's certificate.
- Use custom names
- You can change the default groups and default user name.
- Apply to
- Select if you want to apply the settings to Db2Warehouse only, that is, database users, or both, database and platform users.