Enabling LDAP support after installation is complete

Before you can use LDAP, you must enable it after the Db2® database product installation is complete.

Procedure

To enable LDAP support:

  1. On any machine that is part of a Windows domain, perform the following steps:
    1. If you did not do so before installing the Db2 database product, you must extend the directory schema if you want to use Microsoft Active Directory.
      For more information, see the Extending the directory schema for Active Directory topic.
    2. Install the LDAP support binary files by running the Db2 Setup program and selecting the LDAP Directory Exploitation support from Custom install.
      The Setup program sets automatically the Db2 registry variable DB2_ENABLE_LDAP to YES which is a required setting to enable LDAP support.
    3. Optional: To use the IBM® LDAP client instead of the Microsoft LDAP client, set the DB2LDAP_CLIENT_PROVIDER registry variable to IBM.
  2. On each LDAP client, perform the following steps:
    1. Specify the TCP/IP host name and optionally the port number of the LDAP server by running the following command: db2set DB2LDAPHOST=base_domain_name[:port_number[:SSL]] where base_domain_name is the TCP/IP host name, and [:port_number] is the port number. If you do not specify a port number, the default LDAP port number 389 is used. For an SSL enabled LDAP server, run the following command: db2set DB2LDAPHOST=base_domain_name:636:SSL where base_domain_name is the TCP/IP host name.
      Db2 objects are located in the LDAP base distinguished name (baseDN). You can configure the baseDN on each machine by running the following command:
         db2set DB2LDAP_BASEDN=baseDN
      where baseDN is the name of the LDAP suffix that is defined at the LDAP server.
    2. Optional: To use LDAP to store Db2 user-specific information, enter the distinguished name (DN) and password of the LDAP user.
  3. If you extended the directory schema after installing the Db2 database product, perform the following steps:
    1. Register the current instance of the Db2 server in LDAP by running the following command: 
      db2 register ldap as node-name protocol tcpip
    2. Register specific databases in LDAP by running the following command: 
      db2 catalog ldap database dbname as alias_dbname

What to do next

You can now register the LDAP entries.
Note: Retrieving catalog information from an LDAP server using SSL is currently an unsupported feature. To ensure data exchanged between the client and server are encrypted with SSL, see Configuring Secure Sockets Layer (SSL) support in the Db2 client for more information.