Authentication options for Db2U
When using the standalone Db2U operator to provision a Db2 instance there are a couple options for user authentication.
- Local OS user authentication. For example, using the db2inst1 user.
- LDAP authentication. For example, using the local LDAP registry that is provisioned with the Db2 instance.
- Get the pod name of the local LDAP service:
oc get pod -n db2u | grep ldap
Sample outputc-db2u-manage-ldap-8469ff9f7b-g4qlp 1/1 Running 0 2m27s
- Create the user in the local LDAP registry:
oc exec -it c-db2u-manage-ldap-8469ff9f7b-g4qlp -n db2u -- /opt/ibm/ldap_scripts/addLdapUser.py -u user1 -r admin -p password
Sample outputNext UID will be 5003 Adding user1 to LDAP server Updating LDAP password for user user1 Added user to LDAP server
- Test that the newly created user can connect to Db2:
oc exec -it c-db2u-manage-db2u-0 -n db2u -c db2u -- su -lc "db2 connect to bludb user user1 using password" db2inst1
Sample outputDatabase Connection Information Database server = DB2/LINUXX8664 11.5.7.0 SQL authorization ID = USER1 Local database alias = BLUDB
Note:
User authentication with an LDAP server will incur extra latency at connection time that is not required when using OS user authentication.