Creating the Db2 database and table spaces for TDBM or GDBM

When using TDBM or Db2-based GDBM, the LDAP server Db2® database must be created by running a SPUFI (SQL Processor Using File Input) script from Db2 Interactive (Db2I). Db2I is a Db2 facility that provides for the running of SQL statements, Db2 (operator) commands, and utility invocation. For more information about how to use Db2I and SPUFI, see Db2 for z/OS in IBM Documentation.A sample Db2 SPUFI script to create the LDAP server Db2 database is provided. The same script is used for both TDBM and GDBM. To use it, follow these steps:
  1. Copy the SPUFI script over to your SPUFI input data set.

    The SPUFI script for creating the database, table spaces, tables, and indexes can be found in GLDHLQ.SGLDSAMP(DSTDBMDB). (GLDHLQ refers to the high-level qualifier that was used to install the LDAP server data sets.)

  2. Determine values for SPUFI script.
    In order to create the Db2 database and table spaces for TDBM or GDBM, you must first decide on certain values within the SPUFI file, as shown in Table 1. (Table 1 lists variables that are used in more than one file or configuration step. Be sure to specify the same values where necessary.) The SPUFI script provides specific instructions and information to help you determine the values to use in the table. The DSTDBMDB SPUFI file shows an example of the file to edit and run in the SPUFI facility.
    Table 1. TDBM value definitions for DSTDBMDB
    Attribute script Suggested value Variable name in SPUFI script
    Database name GLDDB* -DB_NAME-
    Database owner GLDSRV* -DB_USERID-
    User ID running the LDAP server GLDSRV -LDAP_USERID-
    CLI plan name DSNACLI -DB_PLAN-
    Entry table space name ENTRYTS -ENTRYTS-
    Buffer pool name for the LDAP entry table space BP0 -ENTRYTS_BP0-
    Long entry table space name LENTRYTS -LENTRYTS-
    Buffer pool name for the LDAP long entry BP0 -LENTRYTS_BP0-
    Long attribute table space name LATTRTS -LATTRTS-
    Buffer pool name for the LDAP long attribute BP0 -LATTRTS_BP0-
    Miscellaneous-0 table space name MISC0TS -MISC0TS-
    Buffer pool name for the LDAP miscellaneous-0 attribute BP0 -MISC0TS_BP0-
    Miscellaneous-1 table space name MISC1TS -MISC1TS-
    Buffer pool name for the LDAP miscellaneous-1 attribute BP0 -MISC1TS_BP0-
    Miscellaneous-2 table space name MISC2TS -MISC2TS
    Buffer pool name for the LDAP miscellaneous-2 attribute BP0 -MISC2TS_BP0-
    Miscellaneous-3 table space name MISC3TS -MISC3TS-
    Buffer pool name for the LDAP miscellaneous-3 attribute BP0 -MISC3TS_BP0-
    Miscellaneous-4 table space name MISC4TS -MISC4TS-
    Buffer pool name for the LDAP miscellaneous-4 attribute BP0 -MISC4TS_BP0-
    Miscellaneous-5 table space name MISC5TS -MISC5TS-
    Buffer pool name for the LDAP miscellaneous-5 attribute BP0 -MISC5TS_BP0-
    Search table space name SEARCHTS -SEARCHTS-
    Buffer pool name for the LDAP search table BP0 -SEARCHTS_BP0-
    Replica-0 table space name REP0TS -REP0TS-
    Buffer pool name for the LDAP replica-0 attribute BP0 -REP0TS_BP0-
    Replica-1 table space name REP1TS -REP1TS-
    Buffer pool name for the LDAP replica-1 attribute BP0 -REP1TS_BP0-
    Replica-2 table space name REP2TS -REP2TS-
    Buffer pool name for the LDAP replica-2 attribute BP0 -REP2TS_BP0-
    Replica-3 table space name REP3TS -REP3TS-
    Buffer pool name for the LDAP replica-3 attribute BP0 -REP3TS_BP0-
    Replica-4 table space name REP4TS -REP4TS-
    Buffer pool name for the LDAP replica-4 attribute BP0 -REP4TS_BP0-
    Replica-5 table space name REP5TS -REP5TS-
    Buffer pool name for the LDAP replica-5 attribute BP0 -REP5TS_BP0-
    Descendants table space name DESCTS -DESCTS-
    Buffer pool name for the LDAP descendants attribute BP0 -DESCTS_BP0-
    Storage group SYSDEFLT -SYSDEFLT-
    Search column truncation size (VALUE in DIR_SEARCH) 32 -SEARCH_TRUNC_SIZE-
    DN truncation size (DN_TRUNC in DIR_ENTRY)
    32 for GDBM
    64 for TDBM
    -ENTRY_DN_TRUNC_SIZE-
    Maximum size of a DN (DN in DIR_ENTRY) 512 -ENTRY_DN_SIZE-
    Important: * This value must be unique for each database you are creating.
  3. Modify the script. Use the values from Table 1 to modify the script. You must have a unique database name and owner for each database you are creating.
    You should define GDBM backend table spaces to Db2 with row-level locking, but this action is not required. Define the backend by adding LOCKSIZE ROW to each CREATE TABLESPACE statement in the SPUFI script to create a GDBM database.
    CREATE TABLESPACE ttt IN yyy
    USING STOGROUP SYSDEFLT
    PRIQTY 14400
    SECQTY 7200
    LOCKSIZE ROW
    BUFFERPOOL BP0;
    ttt is a table space name that is used in the GDBM SPUFI script and yyy is the database name that is used in the script.
    An existing GDBM database can be updated for row-level locking by running the following statements. Use SPUFI (Db2 Interactive for that task. Change the tables space names if you used different names when you created the database.
    ALTER TABLESPACE yyy.ENTRYTS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.LENTRYTS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.LATTRTS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.SEARCHTS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.DESCTS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.MISC0TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.REP0TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.MISC1TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.REP1TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.MISC2TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.REP2TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.MISC3TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.REP3TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.MISC4TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.REP4TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.MISC5TS LOCKSIZE ROW;
    ALTER TABLESPACE yyy.REP5TS LOCKSIZE ROW;
    where yyy is the database name that is used in the GDBM SPUFI script.
  4. Run the script from Db2I SPUFI.

    Use the Db2 SPUFI (SQL Processor Using File Input) facility to create the database and table spaces.

    Be sure to run the script that was copied and modified in the previous steps under a user ID with Db2 SYSADM authority. When the script completes running, scan the output data set to ensure that it ran successfully.

  5. Grant appropriate Db2 resource authorizations.

    In order to run the LDAP server, ds2ldif, and ldif2ds, certain minimum Db2 resource authorizations must be granted to the user ID or user IDs that are running these programs. Following are the suggested minimums for those user IDs, where xxx is the user ID running the LDAP server, ds2ldif, or ldif2ds, yyy is the database name that is identified in the SPUFI file, and zzz is the CLI plan name as specified in your Db2 CLI initialization file. The grant for execute is only performed once, for the LDAP server. The grant for database administration authority (DBADM) must be done for each TDBM or GDBM backend. Use SPUFI (Db2 Interactive) to run the following statements:

    grant execute on plan zzz to xxx;
    grant dbadm on database yyy to xxx;

    These privileges might be granted by any user ID with SYSADM authority.

    The LDAP server, ds2ldif, and ldif2ds require SELECT access to SYSIBM tables in Db2. If SELECT access to these tables is tightly controlled in your Db2 installation, you might have to grant this access to the user ID under which the LDAP server, ds2ldif, or ldif2ds runs. Grant the action by performing the following operations (either by using SPUFI or another means of issuing SQL commands). These grants are only done once, for the LDAP server.
    grant select on sysibm.syscolumns to xxx;
    grant select on sysibm.syscoldist to xxx;
    grant select on sysibm.systables to xxx;
    grant select on sysibm.systablepart to xxx;
    grant select on sysibm.syskeys to xxx;

    where xxx is the user ID under which the LDAP server runs. If this authority is not granted to the user ID under which the LDAP server runs, the LDAP server fails during start with an SQL -551 return code.