How to add custom container and system container under Active directory for DB2 LDAP

Active directory (LDAP server from Microsoft) is widely used for storing DB2 catalog and node information centrally at one place. The advantage of storing this information in once place is that each client need not have

to catalog node and database locally and the changes in database/node information can be done at

one place.

But in case while using Active directory , if you experiencing the slow connect or slow searching of LDAP nodes anddatabases for DB2 then the information contained in the following APAR

IY66385 might be useful

The recommended solution in this APAR is to create a separate container

specifically for holding DB2 nodes and database catalog and point DB2LDAP_BASEDN registry variable to that container.

(one need to have administrative right to modify, delete , update container for this operation mentioned in doc)

Download the Active Directory explorer from

There is another tool , Apache directory studio which is eclipse UI based tool which can be used for all LDAP servers for viewing and administraton.

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor.

And AD explorer will be used in this example to create the LUW_DATASERVER container.

Extract the exe and run AD explorer exe . it will pop up the connect dialog box ( or use file->connect)

Give the LDAP Host name , LDAP username and LDAP password preferably of the account who can create/Modify the container in AD .

It may take few minutes to get connected to AD from AD explorer.

Select the container under which you need to create container for holding sytem/IBM/DB2 sub container

Right click the container and select new object from submenu

Select the class as Container – container and click OK.

Edit the name ( in this example CN=LUW_DATASERVER) . You can use any name you want.

There is no need to add any new attributes manually. Just click OK .

You will see LUW_DATASERVER is added under the Domain you selected while creating new object.

You Use tool like Apache directory studio to to view the added container as some times times one need to reconnect the AD explorer to see the added container

Select the LUW_DATASERVER , right click and select new object in submenu.

Select the class as Container – container and click OK,

Edit the name as CN=System. You can need to use System name only though the parent container (e.g LUW_DATASERVER) can be user defined.

There is no need to add any new attributes manually. Just click OK.

Click OK

You can see the System container added

Use tool like Apache directory studio to to view the added container as many times one need to reconnect the AD explorer to see the added container

Configure the profile registry variables (using db2set) that tell the DB2 client to look under the LUW_DATASERVER container.

db2set DB2LDAP_BASEDN=CN=LUW_DATASERVER,DC=d556,DC=torolab,DC=ibm,DC=com

db2set DB2_ENABLE_LDAP=yes

Set the DB2LDAPHOST for the hostname where for Active directory resides and in case of AIX client use the db2ldcfg command if needed.

Give db2 terminate and db2 stop and db2 start commands to take effect of registry variables.

Run the register command

For example only


check In apache directory studio that platoL is created in LUW_DATASERVER under system directory

add the databases under the node

db2 catalog LDAP database prashdb2 as prashdb2 at node PLATOL

db2 catalog LDAP database MYDB as MYDB at node PLATOL

The screenshot after adding node and databases in LUW_DATASERVER

The screenshot from root DSE

If you want to create the customer container OU= UDBSERVER then under the domain controller or AD object where you want this child ..right click select new object submenu

Create the system container OU=UDBSERVER as mentioned in earlier steps and then configure the DB2 client to use the new BASE DN And follow the same steps which have mention for container LUW_DATASERVER.

After all the steps mentioned earlier you can see the example screenshot here


Prashant Kulkarni

DB2 LDAP group

Views: 2788


You need to be a member of ChannelDB2 to add comments!

Join ChannelDB2

Comment by Prashant N Kulkarni on April 19, 2011 at 11:20am

DB2 server  can be installed on AIX/Linux and can be catalogued in Active directory . Use db2ldcfg command to configure AD user name and password on AIX and give appropriate access permission to these AIX machine and users from AD windows machine.

in my case the windows machine where AD is installed and for   DB2 server on AIX they have same domain. 

Comment by Jagdip Singh on April 14, 2011 at 3:21pm



I am trying to figure out how to use AD to store and manage db2 catalogs and i am not sure if db2 server has to be installed on windows server or it can be installed on AIX/Linux. can you please tell me if your installation of db2 server was on windows server or AIX server?

Featured Downloads

Try BLU Acceleration on Cloud

© 2020   Created by channeldb2.   Powered by

Badges  |  Report an Issue  |  Terms of Service