By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,991 Members | 1,887 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,991 IT Pros & Developers. It's quick & easy.

DB2 v8 used LDAP User Id/Password on Connect

P: n/a
I have DB2 V8.2 loaded on a Redhat Enterprise Linux version 3 (RHEL 3) box.
RHEL is configured to talk to LDAP for authenticaton besides the local
passwd file. I can verify this by executing an su to a User Id that exists
in LDAP and not in the local /etc/passwd file. Also verified that the
connection to LDAP is working by ssh into the box.

The problem I have is when I try to connect to a local DB2 Database using a
User Id and Password in LDAP, I get the following error:
SQL30082N Attempt to establish connection failed with security reason
"24" ("USERNAME AND/OR PASSWORD INVALID") SQLSTATE=08001

The connection works if I connect to the databas using a local User ID and
Password on the box, but does not work if I use an LDAP User Id and
Password. I know RHEL3 is talking to LDAP because I can su, ssh, etc to
userids that are in LDAP.

How do I configure DB2 to work with User Ids and Passwords in LDAP?
It appears that it is only using the local /etc/passwd file.

I have checked the various /etc/pamd.d files and they appear correct.

Thanks for any help.

Feb 16 '06 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Terry Miller wrote:
I have DB2 V8.2 loaded on a Redhat Enterprise Linux version 3 (RHEL 3) box.
RHEL is configured to talk to LDAP for authenticaton besides the local
passwd file. I can verify this by executing an su to a User Id that exists
in LDAP and not in the local /etc/passwd file. Also verified that the
connection to LDAP is working by ssh into the box.

The problem I have is when I try to connect to a local DB2 Database using a
User Id and Password in LDAP, I get the following error:
SQL30082N Attempt to establish connection failed with security reason
"24" ("USERNAME AND/OR PASSWORD INVALID") SQLSTATE=08001

The connection works if I connect to the databas using a local User ID and
Password on the box, but does not work if I use an LDAP User Id and
Password. I know RHEL3 is talking to LDAP because I can su, ssh, etc to
userids that are in LDAP.

How do I configure DB2 to work with User Ids and Passwords in LDAP?
It appears that it is only using the local /etc/passwd file.

I have checked the various /etc/pamd.d files and they appear correct.

Thanks for any help.

In order to get LDAP support in DB2 UDB you must be on at least 8.2 and
you must code a PIM exit. See

http://www-128.ibm.com/developerwork.../dm-0512chong/

Larry Edelstein
Feb 17 '06 #2

P: n/a
Larry wrote:
Terry Miller wrote:
I have DB2 V8.2 loaded on a Redhat Enterprise Linux version 3 (RHEL 3)
box. RHEL is configured to talk to LDAP for authenticaton besides the
local
passwd file. I can verify this by executing an su to a User Id that
exists
in LDAP and not in the local /etc/passwd file. Also verified that the
connection to LDAP is working by ssh into the box.

The problem I have is when I try to connect to a local DB2 Database using
a User Id and Password in LDAP, I get the following error:
SQL30082N Attempt to establish connection failed with security reason
"24" ("USERNAME AND/OR PASSWORD INVALID") SQLSTATE=08001

The connection works if I connect to the databas using a local User ID
and Password on the box, but does not work if I use an LDAP User Id and
Password. I know RHEL3 is talking to LDAP because I can su, ssh, etc to
userids that are in LDAP.

How do I configure DB2 to work with User Ids and Passwords in LDAP?
It appears that it is only using the local /etc/passwd file.

I have checked the various /etc/pamd.d files and they appear correct.

Thanks for any help.
In order to get LDAP support in DB2 UDB you must be on at least 8.2 and
you must code a PIM exit. See

http://www-128.ibm.com/developerwork.../dm-0512chong/
Larry Edelstein


Thanks for the reponse, I have one more question.

I am running DB2 V8.2.3. Even though the underlying operating system is
configured and talking to LDAP, DB2 still requires that I could a plug-in
module to authenticate against LDAP?

I assumed since the OS was configured and talking to LDAP and DB2 uses the
underlying OS for authentication that it would work.

Terry
Feb 17 '06 #3

P: n/a
Terry Miller wrote:
Larry wrote:

Terry Miller wrote:

I have DB2 V8.2 loaded on a Redhat Enterprise Linux version 3 (RHEL 3)
box. RHEL is configured to talk to LDAP for authenticaton besides the
local
passwd file. I can verify this by executing an su to a User Id that
exists
in LDAP and not in the local /etc/passwd file. Also verified that the
connection to LDAP is working by ssh into the box.

The problem I have is when I try to connect to a local DB2 Database using
a User Id and Password in LDAP, I get the following error:
SQL30082N Attempt to establish connection failed with security reason
"24" ("USERNAME AND/OR PASSWORD INVALID") SQLSTATE=08001

The connection works if I connect to the databas using a local User ID
and Password on the box, but does not work if I use an LDAP User Id and
Password. I know RHEL3 is talking to LDAP because I can su, ssh, etc to
userids that are in LDAP.

How do I configure DB2 to work with User Ids and Passwords in LDAP?
It appears that it is only using the local /etc/passwd file.

I have checked the various /etc/pamd.d files and they appear correct.

Thanks for any help.


In order to get LDAP support in DB2 UDB you must be on at least 8.2 and
you must code a PIM exit. See


http://www-128.ibm.com/developerwork.../dm-0512chong/
Larry Edelstein

Thanks for the reponse, I have one more question.

I am running DB2 V8.2.3. Even though the underlying operating system is
configured and talking to LDAP, DB2 still requires that I could a plug-in
module to authenticate against LDAP?

I assumed since the OS was configured and talking to LDAP and DB2 uses the
underlying OS for authentication that it would work.

Terry

Terry, perhaps someone from the lab can comment on this. I could be
wrong, but in the case where the os is using LDAP, DB2 is probably
looking for user/group/pw information in etc/group, etc/passwd. How
would DB2 know to go to an LDAP directory instead ... unless you somehow
"instructed" it to do so by changing it's authentication mechanism ...
and the way one does this is by using the userexit. These are my
assumptions so I'd be interested in someone correcting me if I am wrong.

Larry Edelstein
Feb 18 '06 #4

P: n/a
Ian
Terry Miller wrote:
I am running DB2 V8.2.3. Even though the underlying operating system is
configured and talking to LDAP, DB2 still requires that I could a plug-in
module to authenticate against LDAP?

I assumed since the OS was configured and talking to LDAP and DB2 uses the
underlying OS for authentication that it would work.


You configured the system to allow LDAP authentication via PAM. Most
of the normal system utilities (e.g., passwd) have all been made
PAM-aware on Linux distributions.

However, DB2 in not PAM-aware out of the box (presumably it uses the
"old" getpwXXX functions), thus you have to use a custom plug-in to
make DB2 use PAM.

FYI, I think that there is an open-source PAM plugin for DB2 available
on the net.
Feb 21 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.