Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 12.1X47-D10.


Configure the SRX Series device to connect to an LDAP server, so that the server can provide the SRX Series with user-to-group mappings. These mappings are used to implement the integrated user firewall feature. The domain controller acts as the LDAP server in typical customer scenarios.

Most of this statement is optional, because the default communication method is LDAP and most arguments have default values. Only the LDAP keyword and the base are required.


ldapRequired. LDAP is the protocol used to access the LDAP server to get user-to-group mappings.
address ip-addressOptional. Specify the IP address of the LDAP server. If no address is specified, the system uses one of the configured Active Directory domain controllers.
port portOptional. Specify the port number of the LDAP server. If no port number is specified, the system uses port 389 for plaintext or port 636 for encrypted text.
authentication-algorithmOptional. Specify the algorithm used while the SRX Series communicates with the LDAP server. The default method is Kerberos.
simpleConfigure simple (plaintext) authentication method.
base baseRequired. LDAP base distinguished name (DN).
sslOptional. Enable Secure Sockets Layer (SSL) to ensure secure transmission with the LDAP server. Disabled by default, which means that the password is sent in plaintext.
user usernameOptional. Username of the LDAP account. If no username is specified, the system will use the configured domain controller’s username.
password passwordOptional. Specify the password for the account. If no password is specified, the system uses the configured domain controller’s password.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.