This article is to describe the steps to be done in order to get active directory (AD) accounts to login to DB2 database.
1) Stop the instance
2) If previously used and installed, disable the DB2 Security plug-in by running the following commands:
db2 update dbm cfg using SRVCON_PW_PLUGIN NULL
db2 update dbm cfg using GROUP_PLUGIN NULL
db2 update dbm cfg using CLNT_PW_PLUGIN NULL
To see if it is installed and configured you can do the following DB commands:
db2 get dbm cfg
3) Setup the Transport LDAP behaviour of DB2 by running the following commands:
4) PAM Configuration files must be setup correctly for the db2 service
For linux systems, making a copy of the file /etc/pam.d/sshd called /etc/pam.d/db2 might be sufficient.
Other systems should already have OTHER set up properly to handle it.
On version 4.0.3 it was necessary to add try_disauth_first to the db2 PAM configuration. If moving from 4.0.3 to 4.1 this should be removed.
5) Start the instance