Thread: DB2 v8 used LDAP User Id/Password on Connect
View Single Post

   
  #4 (permalink)  
Old 02-27-2008, 06:07 AM
Larry
 
Posts: n/a
Default Re: DB2 v8 used LDAP User Id/Password on Connect
Terry Miller wrote:
> Larry wrote:
>
>
>>Terry Miller wrote:
>>
>>
>>>I have DB2 V8.2 loaded on a Redhat Enterprise Linux version 3 (RHEL 3)
>>>box. RHEL is configured to talk to LDAP for authenticaton besides the
>>>local
>>>passwd file. I can verify this by executing an su to a User Id that
>>>exists
>>>in LDAP and not in the local /etc/passwd file. Also verified that the
>>>connection to LDAP is working by ssh into the box.
>>>
>>>The problem I have is when I try to connect to a local DB2 Database using
>>>a User Id and Password in LDAP, I get the following error:
>>>SQL30082N Attempt to establish connection failed with security reason
>>>"24" ("USERNAME AND/OR PASSWORD INVALID") SQLSTATE=08001
>>>
>>>The connection works if I connect to the databas using a local User ID
>>>and Password on the box, but does not work if I use an LDAP User Id and
>>>Password. I know RHEL3 is talking to LDAP because I can su, ssh, etc to
>>>userids that are in LDAP.
>>>
>>>How do I configure DB2 to work with User Ids and Passwords in LDAP?
>>>It appears that it is only using the local /etc/passwd file.
>>>
>>>I have checked the various /etc/pamd.d files and they appear correct.
>>>
>>>Thanks for any help.
>>>
>>
>>In order to get LDAP support in DB2 UDB you must be on at least 8.2 and
>>you must code a PIM exit. See
>>
>>
>
> http://www-128.ibm.com/developerwork.../dm-0512chong/
>
>>Larry Edelstein
>
>
> Thanks for the reponse, I have one more question.
>
> I am running DB2 V8.2.3. Even though the underlying operating system is
> configured and talking to LDAP, DB2 still requires that I could a plug-in
> module to authenticate against LDAP?
>
> I assumed since the OS was configured and talking to LDAP and DB2 uses the
> underlying OS for authentication that it would work.
>
> Terry
Terry, perhaps someone from the lab can comment on this. I could be
wrong, but in the case where the os is using LDAP, DB2 is probably
looking for user/group/pw information in etc/group, etc/passwd. How
would DB2 know to go to an LDAP directory instead ... unless you somehow
"instructed" it to do so by changing it's authentication mechanism ...
and the way one does this is by using the userexit. These are my
assumptions so I'd be interested in someone correcting me if I am wrong.

Larry Edelstein
Reply With Quote