27 lines
1.4 KiB
Plaintext
27 lines
1.4 KiB
Plaintext
|
---
|
||
|
|
layout: docs
|
||
|
|
page_title: IBM Db2 - Database - Credentials
|
||
|
|
description: |-
|
||
|
|
Manage credentials for IBM Db2 using Vault's OpenLDAP secrets engine.
|
||
|
|
---
|
||
|
|
|
||
|
|
# IBM Db2
|
||
|
|
|
||
|
|
Access to Db2 is managed by facilities that reside outside the Db2 database system. By
|
||
|
|
default, user authentication is completed by a security facility that relies on operating
|
||
|
|
system based authentication of users and passwords. This means that the lifecycle of user
|
||
|
|
identities in Db2 aren't capable of being managed using SQL statements and Vault's
|
||
|
|
database secrets engine.
|
||
|
|
|
||
|
|
To provide flexibility in accommodating authentication needs, Db2 ships with authentication
|
||
|
|
[plugin modules](https://www.ibm.com/docs/en/db2/11.5?topic=ins-ldap-based-authentication-group-lookup-support)
|
||
|
|
for Lightweight Directory Access Protocol (LDAP). This enables the Db2 database manager to
|
||
|
|
authenticate users and obtain group membership defined in an LDAP directory, removing the
|
||
|
|
requirement that users and groups be defined to the operating system.
|
||
|
|
|
||
|
|
Vault's [OpenLDAP secrets engine](/docs/secrets/openldap) can be used to manage the lifecycle
|
||
|
|
of credentials for Db2 environments that have been configured to delegate user authentication
|
||
|
|
and group membership to an LDAP server. A step-by-step guide on using Vault to manage both
|
||
|
|
static and dynamic credentials for access to Db2 can be found in the [IBM Db2 Credential Management](https://learn.hashicorp.com/tutorials/vault/ibm-db2-openldap)
|
||
|
|
learn tutorial.
|