Maximo Application Suite
Customer-managed

Authentication options for Db2U

When using the standalone Db2U operator to provision a Db2 instance there are a couple options for user authentication.

  1. Local OS user authentication. For example, using the db2inst1 user.
  2. LDAP authentication. For example, using the local LDAP registry that is provisioned with the Db2 instance.
  1. Get the pod name of the local LDAP service:
    
    oc get pod -n db2u | grep ldap
    
    Sample output
  2. Create the user in the local LDAP registry:
    
    oc exec -it c-db2u-manage-ldap-8469ff9f7b-g4qlp -n db2u -- /opt/ibm/ldap_scripts/addLdapUser.py -u user1 -r admin -p password
    
    Sample output
  3. Test that the newly created user can connect to Db2:
    
    oc exec -it c-db2u-manage-db2u-0 -n db2u -c db2u -- su -lc "db2 connect to bludb user user1 using password" db2inst1
    
    Sample output
Note:

User authentication with an LDAP server will incur extra latency at connection time that is not required when using OS user authentication.