Creating an instance with non-root DB2 privileges automatically by using a script

Before you create a script that creates an instance, you must prepare and configure the environment.

Before you begin

IBM® Security Verify Directory Version 10.0.4 is installed. Prepare the environment by taking the following actions:
1. Create a DB2 prerequisite check skip file.
```
# mkdir -p /opt/IBM/ldap/V10.0.4/install
# touch /opt/IBM/ldap/V10.0.4/install/IBMLDAP_INSTALL_SKIPDB2REQ 
```
2. As a root user, install or upgrade to the latest IBM Security Verify Directory packages, or install the latest fix packs if it is already installed.
  1. If it is not previously installed, enter the following command:
    # idsinstall -i
  2. If it is already installed, enter the following command:
    # idsinstall -u -f
  3. Create the symbolic links:
    # /opt/IBM/ldap/V10.0.4/bin/idslink -i -g -l 64 -s fullsrv -n
DB2 installable must exist for a supported version. For the latest supported version, see the hardware and software requirements.
Valid license files for DB2 must exist on the computer.

About this task

With IBM Security Verify Directory, you can create an ISDS instance with a non-root DB2 instance by using an automated script, idsNonRootDB2Install, which is available in the installer package.

Procedure

Run the idsNonRootDB2Install script with appropriate parameters.
As a root user run idsicrt.
For example,
# /opt/IBM/ldap/V10.0.4/sbin/idsicrt -I nrinst1 -e encrypt_seed -g encrypt_salt -t nrinst1 -l /home/nrinst1 -n
Where nrinst1 is the user_id that is provided in step 1.
Run the following steps as an instance owner.
1. Configure the database.
  
  $ idscfgdb -I nrinst1 -w <user_password> -a nrinst1 -t nrinst1 -l /home/nrinst1 -n
2. Configure the admin DN.
  
  $ idsdnpw -I nrinst1 -u cn=root -p object00 -nCopy
3. Configure the suffix.
  
  $ idscfgsuf -I nrinst1 -s o=sample
4. Load data to the DIT.
  
  $ idsldif2db -I nrinst1 -i /opt/IBM/ldap/V10.0.4/examples/sample.ldif
5. Start the slapd server.
  
  $ ibmslapd -I nrinst1 -n -t
Note:
- If you see the messages in the installation log file /var/idsldap/V10.0.4/idsNonRootDB2Install_<timestamp>.log, ignore the GLPCTL087E and GLPILT003W messages from idsilist.
- When you create an ISDS instance with non-root DB2 privileged by using idsicrt, ensure that the port number is greater than 1024 for both SSL and non-SSL (-p and -s parameters) for idsicrt. If not, server startup might fail with the GLPCOM006E message.
- To convert the ISDS with non-root installation back to ISDS with root installation, map <ISDS_INSTALL_LOCATION>/etc/ldapdb.properties to the root installation and remove the DB2Type parameter. For example,
```
currentDB2InstallPath=<root DB2 install directory>
currentDB2Version=<db2 version>
```
- After you create the ISDS instance with non-root DB2 privileges, you can safely edit the global ldapdb.properties.
- Non-root DB2 is a one instance installation of DB2. To create another instance of ISDS, you must create another user.
- If the wrong password is specified with the -b, the password is overridden with a new password for an existing user.
- idsidrop for any ISDS instance with non-root DB2 privileges does not delete the DB2 instance. DB2 instance deletion is not possible with non-root DB2 privileges. If you must delete the DB2 instance, see Removing non-root DB2 database products using db2_deinstall (Linux and UNIX).