External LDAP or AD configuration in the web console
You can configure external LDAP or Active Directory (AD) server using the web console. In , select either External LDAP or AD and follow the corresponding configuration instructions.
See the following topics in the Db2® Warehouse
knowledge center for some preliminary steps that you need to perform on the external directory server.
The following details must be provided in the web console:
External LDAP configuration
- Host name
- Specifies the fully qualified domain name (FQDN) of the LDAP domain controller. Ensure that you define this domain controller in the /etc/hosts file.
- Port
- Specifies the port number of the LDAP server. The default number is 389.
- Group DN
- Specifies the group base distinguished name (DN) for the
bluadminandbluusersgroups. An example follows:ou=groups,dc=example,dc=com - User DN
- Specifies the user base DN for the Db2 Warehouse users. An example follows:
ou=users,dc=example,dc=com - Searcher DN
- Specifies the DN to use during a search for users and groups. An example
follows:
uid=my_searcher,ou=users,dc=example,dc=com - Searcher password
- Specifies the password for the searcher DN.
- SSL Method
- Specifies the SSL method.
- StartTLS
- Specifies the StartTLS method. This method is default.
- LDAPS
- Specifies the LDAP over SSL (LDAPS) method.
- Client store
-
Specifies the path to a PKCS #12 file that contains the client certificate and private key. The file must be in the /mnt/clusterfs/scratch directory.
- Client store password
- Specifies the password for the PKCS #12 file.
- Certificate authority certificate
- Specifies the path to the certificate authority (CA) certificate of the PKCS #12 file. The CA certificate must be an X.509 certificate for either the LDAP server itself or the CA that signed the server's certificate.
- Use custom names
- You can change the default groups and default user name.
- Apply to
- Select if you want to apply the settings to Db2Warehouse only, that is, database users, or both, database and platform users.
External Active Directory configuration
- Host name
- Specifies the fully qualified domain name (FQDN) of the Active Directory domain controller. Ensure that you define this domain controller in the /etc/hosts file.
- Port
- Specifies the port number of the LDAP port of the Active Directory server.
- Join AD domain or use LDAP only
- Specifies the type of the server.
- Join AD domain
- Specifies that a Microsoft Active Directory server will be used. Each node joins the AD domain. This type is default.
- LDAP only
- Specifies that a Microsoft Active Directory server will be used but will operate as an external LDAP server. The nodes aren’t joined to the Active Directory domain, and they act as LDAP clients.
- AD administrator user
- Specifies the realm user. The default is Administrator.
- AD administrator password
- Specifies the password for the realm user.
- Group DN
- Specifies the group base distinguished name (DN) for the bluadmin and
bluusers groups. An example
follows:
ou=groups,dc=example,dc=com - User DN
- Specifies the user base DN for the Db2 Warehouse users. An example follows:
ou=users,dc=example,dc=com - Searcher DN
- Specifies the DN to use during a search for users and groups. An example
follows:
uid=my_searcher,ou=users,dc=example,dc=com - Searcher password
- Specifies the password for the searcher DN.
- SSL Method
- Specifies the SSL method.
- StartTLS
- Specifies the StartTLS method. This type is default.
- LDAPS
- Specifies the LDAP over SSL (LDAPS) method.
- Client store
-
Specifies the path to a PKCS #12 file that contains the client certificate and private key. The file must be in the /mnt/clusterfs/scratch directory.
- Client store password
- Specifies the password for the PKCS #12 file.
- Certificate authority certificate
- Specifies the path to the certificate authority (CA) certificate of the PKCS #12 file. The CA certificate must be an X.509 certificate for either the LDAP server itself or the CA that signed the server's certificate.
- Use custom names
- You can change the default groups and default user name.
- Apply to
- Select if you want to apply the settings to Db2Warehouse only, that is, database users, or both, database and platform users.
Note: If you face any database connection issues on the web console after switching to an external
server for user management, run the following command as root user in the dashDB container on node
0101:chown -R db2iadm1 /scratch/home/bluadmin