Command Reference

CATALOG LDAP DATABASE

Used to register the database in Lightweight Directory Access Protocol (LDAP).

This command is available on Windows NT, Windows 98, Windows 95, AIX, and Solaris only.

Authorization

None

Required Connection

None

Command Syntax

>>-CATALOG LDAP----+-DATABASE-+--database-name------------------>
                   '-DB-------'
 
>-----+------------+---+--------------------+------------------->
      '-AS--alias--'   '-AT NODE--nodename--'
 
>-----+-----------------------+--------------------------------->
      '-GWNODE--gateway-node--'
 
>-----+----------------------------+---+-------------------+---->
      '-PARMS--"parameter-string"--'   '-AR--library-name--'
 
>-----+----------------------------------------------------------------+>
      '-AUTHENTICATION--+-CLIENT------------------------------------+--'
                        +-SERVER------------------------------------+
                        +-SERVER_ENCRYPT----------------------------+
                        +-DCS_ENCRYPT-------------------------------+
                        +-DCS---------------------------------------+
                        +-KERBEROS TARGET PRINCIPAL--principalname--+
                        '-DCE SERVER PRINCIPAL--principalname-------'
 
>-----+-------------------+------------------------------------->
      '-WITH--"comments"--'
 
>-----+------------------------------------------+-------------><
      '-USER--username--+---------------------+--'
                        '-PASSWORD--password--'
 

Command Parameters

DATABASE database-name

Specifies the name of the database to catalog.

AS alias

Specifies an alias as an alternate name for the database being cataloged. If an alias is not specified, the database name is used as the alias.

AT NODE nodename

Specifies the LDAP node name for the database server on which the database resides. This parameter must be specified when registering a database on a remote server.

GWNODE gateway-node

Specifies the LDAP node name for the gateway server.

PARMS "parameter-string"

Specifies a parameter string that is passed to the Application Requester (AR) when accessing DCS databases. For a description of what format DDCS expects for this string, see the DB2 Connect User's Guide.

Note:

The change password sym_dest_name should not be specified in the parameter string. Use the keyword CHGPWDLU to specify the change password LU name when registering the DB2 server in LDAP. For more information, see REGISTER.

AR library-name

Specifies the name of the Application Requester library that is loaded and used to access a remote database listed in the DCS directory.

Note:

If using the DB2 Connect AR, do not specify a library name. The default value will cause DB2 Connect to be invoked.

If not using DB2 Connect, specify the library name of the AR, and place that library on the same path as the database manager libraries. On OS/2 or the Windows operating system, the path is drive:\sqllib\dll. On UNIX based systems, the path is $HOME/sqllib/lib of the instance owner.

AUTHENTICATION

Specifies the authentication level. For detailed information about authentication types, including performance implications, see the Administration Guide. Valid values are:

CLIENT

Specifies that authentication takes place on the node from which the application is invoked.

SERVER

Specifies that authentication takes place on the node containing the target database.

SERVER_ENCRYPT

Specifies that authentication takes place on the node containing the target database, and that passwords are encrypted at the source. Passwords are decrypted at the target, as specified by the authentication type cataloged at the source.

DCS_ENCRYPT

Specifies that authentication takes place on the node containing the target database, except when using DB2 Connect; in that case, authentication takes place at the DRDA application server (AS). Passwords are encrypted at the source, and decrypted at the target, as specified by the authentication type cataloged at the source.

DCS

Specifies that authentication takes place on the node containing the target database, except when using DB2 Connect; in that case, authentication takes place at the DRDA application server (AS).

KERBEROS

Specifies that authentication takes place using Kerberos Security Mechanism. When authentication is Kerberos, and an APPC connection is used for access, only SECURITY=NONE is supported.

TARGET PRINCIPAL principalname

Fully qualified Kerberos principal name for the target server; that is, the logon account of the DB2 server service in the form of userid@xxx.xxx.xxx.com or domain\userid.

Note:

This parameter is valid only on Windows 2000 clients.

DCE

Specifies that authentication takes place using DCE Security Services. When authentication is DCE, and an APPC connection is used for access, only SECURITY=NONE is supported.

SERVER PRINCIPAL principalname

Fully qualified DCE principal name for the target server. This value is also recorded in the keytab file at the target server.

WITH "comments"

Describes the DB2 server. Any comment that helps to describe the server registered in the network directory can be entered. Maximum length is 30 characters. A carriage return or a line feed character is not permitted. The comment text must be enclosed by double quotation marks.

USER username

Specifies the user's LDAP distinguished name (DN). The LDAP user DN must have sufficient authority to create the object in the LDAP directory. If the user's LDAP DN is not specified, the credentials of the current logon user will be used.

Note:

If the user's LDAP DN and password have been specified using db2ldcfg, the user name and password do not have to be specified here. For more information about this command, see db2ldcfg - Configure LDAP Environment.

PASSWORD password

Account password.

Note:

If the user's LDAP DN and password have been specified using db2ldcfg, the user name and password do not have to be specified here. For more information about this command, see db2ldcfg - Configure LDAP Environment.

Usage Notes

If the node name is not specified, DB2 will use the first node in LDAP that represents the DB2 server on the current machine.

It may be necessary to manually register (catalog) the database in LDAP if:

• The database server does not support LDAP. The administrator must manually register each database in LDAP to allow clients that support LDAP to access the database without having to catalog the database locally on each client machine.
• The application wants to use a different name to connect to the database. In this case, the administrator can catalog the database using a different alias name.
• The database resides at the host database server (for example, DB2/390, DB2/400, and so on). In this case, the administrator can register the database in LDAP and specify the gateway node through the GWNODE parameter.
• During CREATE DATABASE IN LDAP the database name already exists in LDAP. The database is still created on the local machine (and can be accessed by local applications), but the existing entry in LDAP will not be modified to reflect the new database. In this case, the administrator can:
  • Remove the existing database entry in LDAP and manually register the new database in LDAP.
  • Register the new database in LDAP using a different alias name.

See Also

CATALOG LDAP NODE

UNCATALOG LDAP DATABASE

UNCATALOG LDAP NODE.