2022-03-23 17:08:34 +00:00
|
|
|
---
|
|
|
|
layout: docs
|
|
|
|
page_title: IBM Db2 - Database - Credentials
|
|
|
|
description: |-
|
2022-10-05 20:16:26 +00:00
|
|
|
Manage credentials for IBM Db2 using Vault's LDAP secrets engine.
|
2022-03-23 17:08:34 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# IBM Db2
|
|
|
|
|
|
|
|
Access to Db2 is managed by facilities that reside outside the Db2 database system. By
|
|
|
|
default, user authentication is completed by a security facility that relies on operating
|
|
|
|
system based authentication of users and passwords. This means that the lifecycle of user
|
|
|
|
identities in Db2 aren't capable of being managed using SQL statements and Vault's
|
|
|
|
database secrets engine.
|
|
|
|
|
|
|
|
To provide flexibility in accommodating authentication needs, Db2 ships with authentication
|
|
|
|
[plugin modules](https://www.ibm.com/docs/en/db2/11.5?topic=ins-ldap-based-authentication-group-lookup-support)
|
|
|
|
for Lightweight Directory Access Protocol (LDAP). This enables the Db2 database manager to
|
|
|
|
authenticate users and obtain group membership defined in an LDAP directory, removing the
|
|
|
|
requirement that users and groups be defined to the operating system.
|
|
|
|
|
2022-10-05 20:16:26 +00:00
|
|
|
Vault's [LDAP secrets engine](/docs/secrets/ldap) can be used to manage the lifecycle
|
2022-03-23 17:08:34 +00:00
|
|
|
of credentials for Db2 environments that have been configured to delegate user authentication
|
2022-04-04 17:05:16 +00:00
|
|
|
and group membership to an LDAP server.
|
|
|
|
|
|
|
|
## Tutorial
|
|
|
|
|
|
|
|
Refer to the [IBM Db2 Credential Management](https://learn.hashicorp.com/tutorials/vault/ibm-db2-openldap)
|
|
|
|
tutorial to learn how to use Vault to manage both static and dynamic credentials for access to Db2.
|