Active directory (LDAP server from Microsoft) is widely used for storing DB2 catalog and node information centrally at one place. The advantage of storing this information in once place is that each client need not have
to catalog node and database locally and the changes in database/node information can be done at
But in case while using Active directory , if you experiencing the slow connect or slow searching of LDAP nodes anddatabases for DB2 then the information contained in the following APAR
IY66385 might be useful
The recommended solution in this APAR is to create a separate container
specifically for holding DB2 nodes and database catalog and point DB2LDAP_BASEDN registry variable to that container.
(one need to have administrative right to modify, delete , update container for this operation mentioned in doc)
Download the Active Directory explorer from
There is another tool , Apache directory studio which is eclipse UI based tool which can be used for all LDAP servers for viewing and administraton.
Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor.
And AD explorer will be used in this example to create the LUW_DATASERVER container.
Extract the exe and run AD explorer exe . it will pop up the connect dialog box ( or use file->connect)
Give the LDAP Host name , LDAP username and LDAP password preferably of the account who can create/Modify the container in AD .
It may take few minutes to get connected to AD from AD explorer.
Select the container under which you need to create container for holding sytem/IBM/DB2 sub container
Right click the container and select new object from submenu
Select the class as Container – container and click OK.
Edit the name ( in this example CN=LUW_DATASERVER) . You can use any name you want.
There is no need to add any new attributes manually. Just click OK .
You will see LUW_DATASERVER is added under the Domain you selected while creating new object.
You Use tool like Apache directory studio to to view the added container as some times times one need to reconnect the AD explorer to see the added container
Select the LUW_DATASERVER , right click and select new object in submenu.
Select the class as Container – container and click OK,
Edit the name as CN=System. You can need to use System name only though the parent container (e.g LUW_DATASERVER) can be user defined.
There is no need to add any new attributes manually. Just click OK.
You can see the System container added
Use tool like Apache directory studio to to view the added container as many times one need to reconnect the AD explorer to see the added container
Configure the profile registry variables (using db2set) that tell the DB2 client to look under the LUW_DATASERVER container.
Set the DB2LDAPHOST for the hostname where for Active directory resides and in case of AIX client use the db2ldcfg command if needed.
Give db2 terminate and db2 stop and db2 start commands to take effect of registry variables.
Run the register command
For example only
db2 REGISTER LDAP NODE platoL PROTOCOL TCPIP HOSTNAME mynode.ibm.com SVCENAME 56001 REMOTE platoL INSTANCE prnkulka
check In apache directory studio that platoL is created in LUW_DATASERVER under system directory
add the databases under the node
db2 catalog LDAP database prashdb2 as prashdb2 at node PLATOL
db2 catalog LDAP database MYDB as MYDB at node PLATOL
The screenshot after adding node and databases in LUW_DATASERVER
The screenshot from root DSE
If you want to create the customer container OU= UDBSERVER then under the domain controller or AD object where you want this child ..right click select new object submenu
Create the system container OU=UDBSERVER as mentioned in earlier steps and then configure the DB2 client to use the new BASE DN And follow the same steps which have mention for container LUW_DATASERVER.
After all the steps mentioned earlier you can see the example screenshot here
DB2 LDAP group