On IBM Db2 v11.5.8.0 on Linux x86_64 I have two local databases DB01 and DB02. Both databases individually are configured to use LDAP authentication.
Now I am required to setup a federated access from DB01 to DB02. Looking at CREATE SERVER and CREATE USER MAPPING there is always definition of userid and password. I don't know the userid and password for our users (at least I don't know passwords).
Is it possible to define federated access without specifying userid/password at CREATE SERVER and/or CREATE USER MAPPING?
What I would like is that database:
- passes authentication (userid/password) from DB01 to DB02 or
- database does not perform authentication for federated users, because authentication was already made when user connected to DB01 or
- something similar, but without me required to define userid/password for every user in CREATE SERVER or CREATE USER MAPPING command.
Regards
1 Answer 1
You don't have to CREATE SERVER or CREATE USER MAPPING for every user. You create it once and then you grant - say - select on the nickname for those users
db2 create db db2
db2 connect to db2
db2 "create table fedtbl ( x int)"
db2 terminate
db2 create db1
db2 connect to db1
db2 "CREATE WRAPPER DRDA OPTIONS( DB2_FENCED 'N')"
db2 "create server db2 type DB2/UDB VERSION 11 WRAPPER DRDA AUTHORIZATION \"...\" password \"...\" options( dbname 'db2', password 'Y')"
db2 "CREATE USER MAPPING FOR \"${user}\" SERVER ${federated} OPTIONS ( REMOTE_AUTHID '${user}', REMOTE_PASSWORD '${password}')
db2 "CREATE NICKNAME db1.fedtbl for db2 FOR db2....fedtble"
db2 grant select on db2.fedtbl to user ...
Untested and from memory, but it should give you some ideas
Explore related questions
See similar questions with these tags.