How to define federated access from IBM Db2 database to another IBM Db2 database without password?

Question

On IBM Db2 v11.5.8.0 on Linux x86_64 I have two local databases DB01 and DB02. Both databases individually are configured to use LDAP authentication.

Now I am required to setup a federated access from DB01 to DB02. Looking at CREATE SERVER and CREATE USER MAPPING there is always definition of userid and password. I don't know the userid and password for our users (at least I don't know passwords).

Is it possible to define federated access without specifying userid/password at CREATE SERVER and/or CREATE USER MAPPING?

What I would like is that database:

• passes authentication (userid/password) from DB01 to DB02 or
• database does not perform authentication for federated users, because authentication was already made when user connected to DB01 or
• something similar, but without me required to define userid/password for every user in CREATE SERVER or CREATE USER MAPPING command.

Regards

Answer 1

You don't have to CREATE SERVER or CREATE USER MAPPING for every user. You create it once and then you grant - say - select on the nickname for those users

db2 create db db2
db2 connect to db2
db2 "create table fedtbl ( x int)"
db2 terminate
db2 create db1
db2 connect to db1
db2 "CREATE WRAPPER DRDA OPTIONS( DB2_FENCED 'N')"
db2 "create server db2 type DB2/UDB VERSION 11 WRAPPER DRDA AUTHORIZATION "..." password "..." options( dbname 'db2', password 'Y')"
db2 "CREATE USER MAPPING FOR "${user}" SERVER ${federated} OPTIONS ( REMOTE_AUTHID '${user}', REMOTE_PASSWORD '${password}')
db2 "CREATE NICKNAME db1.fedtbl for db2 FOR db2....fedtble"
db2 grant select on db2.fedtbl to user ...

Untested and from memory, but it should give you some ideas