Release 2023 - DB2 Release Notes
DirectControl for DB2 extends the Authentication Service to DB2 database instances. This solution allows you to use Microsoft Active Directory as the central authentication and access control data store in a heterogeneous environment that contains both Windows and UNIX computers as well as DB2 relational database management systems.
For more information about IBM Security, see IBM Security Announcement.
IBM Security software is protected by U.S. Patents 7,591,005; 8,024,360; 8,321,523; 9,015,103; 9,112,846; 9,197,670; 9,378,391 and 9,442,962. (Ref: CS-44575)
Package Contents
The DirectControl for DB2 bundle package contains the following resources:
- DirectControl for DB2 software package (such as a rpm, or deb file)
Supported Platforms
The DirectControl for DB2 bundle package is available on the following operating systems in this release:
- IBM AIX on PPC
- Oracle Solaris on SPARC
- Red Hat Enterprise Linux on x86_64
- Red Hat Enterprise Linux on S390
- SUSE Linux Enterprise Server on x86_64
- SUSE Linux Enterprise Server on S390
This release supports IBM DB2 v10.5, v11.1 and v11.5.
We will support v10.5 for one more release after this one because IBM has extended their support of that version.
For each supported operating system version for DirectControl for DB2, please refer to the supported operating system version of the matching DirectControl agent package of the corresponding Centrify Authentication Service release. Similarly, DirectControl for DB2 also follows DirectControl’s schedule for End-of-Support platforms and hence please refer to the announcements there.
Also note that we follow IBM's End-of-life schedule for the supported DB2 versions. For details, please refer to https://www.ibm.com/support/pages/db2-distributed-end-support-eos-dates
Feature Changes
- A new parameter "db2.group.zone_enabled.<instance> " is added for DB2 group plug-in. By default, the group plug-in allow DB2 to get all Active Directory groups even if the Active Directory group is not visible in the zone. To optionally constrain the DB2 visibility to zone visible Active Directory groups only, set this parameter to true. (Ref: 469458)
Bugs Fixed
Known Issues
Known Issues on UNIX/Linux
The following sections describe known issues or limitations associated with this release.
-
The DB2 username/password plug-in cannot authenticate any user when the machine is not joined to a zone or DirectControl agent is not running.
The DB2 username/password plug-in uses a new way to authenticate local user, and this relies on the DirectControl agent. Therefore, if the machine is not joined or DirectControl agent is not running, the DB2 username/password does not work. (Ref: 64711).
Known Issues on AIX
-
The single sign on can only work with Active Directory users.
If you have an Active Directory user and local user with the same username and AIX is configured to use LAM, you may not be able to log in as an Active Directory user. If the user is not logged in as the Active Directory user, the DB2 GSSAPI plug-in for single sign on does not work. The DB2 GSSAPI plug-in only works with Active Directory user accounts. To ensure that single sign on always works, rename, or remove the local user account.
Known Issues on RHEL
-
Install error when SELinux enabled – You may receive an error during installation of the Centrify DB2 package if you have SELinux enabled during installation. This may be avoided by one of the following two workarounds:
-
Temporarily disable SELinux. To disable SELinux, modify the /etc/selinux/config file as follows:
SELINUX=disabled
-
Change the file context on the appropriate library:
chcon -t textrel_shlib_t /home/release/335_ESE_LNXAMD26_64_NLV/db2/linux26/install/libimf.so
-
Additional Information and Support
In addition to the documentation provided with this package, see the Verify Privilege Server Suite Knowledge Base for answers to common questions and other information (including any general or platform-specific known limitations), tips, or suggestions. You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone.
The IBM Security Resources web site provides access to a wide range of information including analyst report, best practice brief, case study, datasheet, ebook, white papers, etc., that may help you optimize your use of IBM Security products. For more information, see the IBM Security Resources web site.
You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone. To contact IBM Security Support or to get help with installing or using this software, send email to support@delinea.com or call 1-202-991-0540. For information about purchasing or evaluating IBM Security products, send email to info@delinea.com.