This section explains the procedure for setting up an environment for the Directory Server linkage facility. The following assumes that the environment for HiRDB is already set up and HiRDB is ready to be started.
Install the Directory Server. For details about installing the Sun Java System Directory Server, see Sun Java System Directory Server.
Register in the Sun Java System Directory Server the users who wish to connect to HiRDB. The HiRDB administrator must also be registered. Defined roles can also be registered. For details about registering users or roles into the Sun Java System Directory Server, see Sun Java System Directory Server.
The users registered into HiRDB can be identified by referencing the SQL_USERS dictionary table; an example follows:
SELECT USER_ID FROM MASTER.SQL_USERS
Use the pdstop command to terminate HiRDB normally.
Install HiRDB LDAP Option and execute the pdopsetup command. For details about installation and executing the pdopsetup command, see the manual HiRDB Version 8 Installation and Design Guide.
After installation is complete, create a HiRDB LDAP Option environment definition file. For details about HiRDB LDAP Option environment definition files, see 24.7 Creating the HiRDB LDAP Option environment definition file.
Specify the pd_directory_server operand to use the Directory Server linkage facility. Then, use the pdstart command to start HiRDB normally.
This task should be performed when HiRDB is installed for the first time. Grant privileges to the users who are registered in Hitachi Directory Server. For the procedure for granting privileges, see 24.4 User privileges setup.
This task should be performed if HiRDB had been installed and operated previously. Because CONNECT privileges are now managed by Hitachi Directory Server, HiRDB's CONNECT privilege management information is no longer needed. Use the REVOKE statement to delete the CONNECT privilege of all users except for the following:
The following SQL example retrieves all users who do not have DBA or schema definition privilege (users who have CONNECT privilege only or CONNECT privilege and table access privileges only):
SELECT USER_ID FROM MASTER.SQL_USERS
WHERE DBA_PRIVILEGE = 'N' AND SCHEMA_PRIVILEGE = 'N'
AND AUDIT_PRIVILEGE <> 'Y'
1 CONNECT privileges of DBA privilege holders and audit privilege holders cannot be deleted.
2 The CONNECT privilege of a user whose schema exists cannot be revoked. Revoking the CONNECT privilege when there is no schema also revokes the schema definition privilege. If a schema definition privilege is revoked inadvertently, grant the schema definition privilege again. Delete a schema only when it is no longer needed.