DB2 searches the current LDAP directory partition. In an environment where there are multiple LDAP directory partitions or domains, you can set the search scope. For example, if the information is not found in the current partition or domain, automatic search of all other partitions or domains can be requested. On the other hand, the search scope can be restricted to search only the local machine.
The search scope is controlled through the DB2 profile registry variable, db2ldap_search_scope. To set the search scope value at the global level in LDAP, use the "-gl" option, which means "global in LDAP", on the db2set command:
db2set -gl db2ldap_search_scope=<value>
Possible values include: "local", "domain", or "global". The default value is "domain". Setting the search scope in LDAP allows the setting of the default search scope for the entire enterprise. For example, you may want to initialize the search scope to "global" after a new database is created. This allows any client machine to find a database that is defined in a particular partition or domain. Once the entry has been recorded on each machine after the first connect or attach for each client, the search scope can be changed to "local". Once changed to "local", each client will not scan any partition or domain.
| Note: | The DB2 profile registry variable db2ldap_search_scope is the only registry variable that supports setting the variable at the global level in LDAP. |