LDAP information is subject to change, so it is necessary to refresh the LDAP entries in the local and node directories. The local database and node directories are used to cache the entries in LDAP.
In more detail: A caching mechanism exists so that the client only searches the LDAP directory once in its local directory catalogs. Once the information is retrieved, it is stored or cached on the local machine. Subsequent access to the same information is based on the values of the dir_cache database manager configuration parameter and the DB2LDAPCACHE registry variable.
| Note: | The caching of LDAP information is not applicable to user-level CLI or DB2 profile registry variables. Also, there is an "in-memory" cache for the database, node, and DCS directories. However, there is no such cached for just the node directory. |
To refresh the database entries that refer to LDAP resources, use the following command:
db2 refresh ldap database directory
To refresh the node entries on the local machine that refer to LDAP resources, use the following command:
db2 refresh ldap node directory
As part of the refresh, all the LDAP entries that are saved in the local database and node directories are removed. The next time that the application accesses the database or node, it will read the information directly from LDAP and generate a new entry in the local database or node directory.
To ensure the refresh is done in a timely way, you may want to: