External LDAP or AD configuration in the web console

You can configure external LDAP or Active Directory (AD) server using the web console. In Settings > External User Management, select either External LDAP or AD and follow the corresponding configuration instructions.

See the following topics in the Db2® Warehouse knowledge center for some preliminary steps that you need to perform on the external directory server.

The following details must be provided in the web console:

External LDAP configuration

Host name
Specifies the fully qualified domain name (FQDN) of the LDAP domain controller. Ensure that you define this domain controller in the /etc/hosts file.
Port
Specifies the port number of the LDAP server. The default number is 389.
Group DN
Specifies the group base distinguished name (DN) for the bluadmin and bluusers groups. An example follows:
ou=groups,dc=example,dc=com
User DN
Specifies the user base DN for the Db2 Warehouse users. An example follows:
ou=users,dc=example,dc=com
Searcher DN
Specifies the DN to use during a search for users and groups. An example follows:
uid=my_searcher,ou=users,dc=example,dc=com
Searcher password
Specifies the password for the searcher DN.
SSL Method
Specifies the SSL method.
StartTLS
Specifies the StartTLS method. This method is default.
LDAPS
Specifies the LDAP over SSL (LDAPS) method.
Client store

Specifies the path to a PKCS #12 file that contains the client certificate and private key. The file must be in the /mnt/clusterfs/scratch directory.

Client store password
Specifies the password for the PKCS #12 file.
Certificate authority certificate
Specifies the path to the certificate authority (CA) certificate of the PKCS #12 file. The CA certificate must be an X.509 certificate for either the LDAP server itself or the CA that signed the server's certificate.
Use custom names
You can change the default groups and default user name.
Apply to
Select if you want to apply the settings to Db2Warehouse only, that is, database users, or both, database and platform users.

External Active Directory configuration

Host name
Specifies the fully qualified domain name (FQDN) of the Active Directory domain controller. Ensure that you define this domain controller in the /etc/hosts file.
Port
Specifies the port number of the LDAP port of the Active Directory server.
Join AD domain or use LDAP only
Specifies the type of the server.
Join AD domain
Specifies that a Microsoft Active Directory server will be used. Each node joins the AD domain. This type is default.
LDAP only
Specifies that a Microsoft Active Directory server will be used but will operate as an external LDAP server. The nodes aren’t joined to the Active Directory domain, and they act as LDAP clients.
AD administrator user
Specifies the realm user. The default is Administrator.
AD administrator password
Specifies the password for the realm user.
Group DN
Specifies the group base distinguished name (DN) for the bluadmin and bluusers groups. An example follows:
ou=groups,dc=example,dc=com
User DN
Specifies the user base DN for the Db2 Warehouse users. An example follows:
ou=users,dc=example,dc=com
Searcher DN
Specifies the DN to use during a search for users and groups. An example follows:
uid=my_searcher,ou=users,dc=example,dc=com
Searcher password
Specifies the password for the searcher DN.
SSL Method
Specifies the SSL method.
StartTLS
Specifies the StartTLS method. This type is default.
LDAPS
Specifies the LDAP over SSL (LDAPS) method.
Client store

Specifies the path to a PKCS #12 file that contains the client certificate and private key. The file must be in the /mnt/clusterfs/scratch directory.

Client store password
Specifies the password for the PKCS #12 file.
Certificate authority certificate
Specifies the path to the certificate authority (CA) certificate of the PKCS #12 file. The CA certificate must be an X.509 certificate for either the LDAP server itself or the CA that signed the server's certificate.
Use custom names
You can change the default groups and default user name.
Apply to
Select if you want to apply the settings to Db2Warehouse only, that is, database users, or both, database and platform users.