Configuring Access to Subscriber Data

Use the following configuration statements to configure access to subscriber data:

shared sae configuration ldap subscriber-data {
subscription-loading-filter (subscriberRefFilter | objectClassFilter);
load-subscriber-schedules;
login-cache-dn login-cache-dn ;
session-cache-dn session-cache-dn ;
server-address server-address ;
dn dn ;
authentication-dn authentication-dn ;
password password ;
directory-eventing;
polling-interval polling-interval ;
(ldaps);
}

To configure SAE access to subscriber data:

  1. From configuration mode, access the configuration statement that configures SAE access to subscriber data in the directory. In this sample procedure, the subscriber data is configured in the se-region group.
    user@host# edit shared sae group se-region configuration ldap subscriber-data
  2. Select the filter that the SAE uses to search for subscriptions in the directory when the SAE loads a subscription to a subscriber reference filter.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set subscription-loading-filter (subscriberRefFilter | objectClassFilter)
  3. (Optional) Enable loading of subscriber schedules.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set load-subscriber-schedules
  4. Specify the subtree in the directory in which subscriber information is stored.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set login-cache-dn login-cache-dn
  5. Specify the subtree in the directory in which persistent session data is cached.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set session-cache-dn session-cache-dn
  6. (Optional) Specify the directory server that stores subscriber information.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set server-address server-address
  7. Specify the subtree in the directory where subscriber data is cached.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set dn dn
  8. (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set authentication-dn authentication-dn
  9. (Optional) Specify the password used to authenticate access to the directory server.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set password password
  10. (Optional) Enable automatic discovery of changes in subscriber profiles.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set directory-eventing
  11. Set the frequency for checking the directory for updates.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set polling-interval polling-interval
  12. Enable LDAPS as the secure protocol for connections to the server that stores subscriber data.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# set ldaps
  13. (Optional) Verify your configuration.
    [edit shared sae group se-region configuration ldap subscriber-data]
user@host# show
subscription-loading-filter objectClassFilter;
load-subscriber-schedules;
login-cache-dn o=users,<base>;
session-cache-dn o=PersistentSessions,<base>;
server-address 127.0.0.1;
dn o=users,<base>;
authentication-dn cn=ssp,o=components,o=operators,<base>;
password ********;
directory-eventing;
polling-interval 30;
ldaps;

Published: 2009-09-15

Copyright © 2009, Juniper Networks, Inc. All rights reservedTrademark Notice.