Configuring Access to Subscriber Data (SRC CLI)

Use the following configuration statements to configure access to subscriber data:

shared sae configuration ldap subscriber-data {subscription-loading-filter (subscriberRefFilter | objectClassFilter); load-subscriber-schedules; login-cache-dn login-cache-dn ; session-cache-dn session-cache-dn ; server-address server-address ; dn dn ; authentication-dn authentication-dn ; password password ; directory-eventing; polling-interval polling-interval ; (ldaps); }

To configure SAE access to subscriber data:

  1. From configuration mode, access the configuration statement that configures SAE access to subscriber data in the directory. In this sample procedure, the subscriber data is configured in the se-region group.
    user@host# edit shared sae group se-region configuration ldap subscriber-data
  2. Select the filter that the SAE uses to search for subscriptions in the directory when the SAE loads a subscription to a subscriber reference filter. By default, the SAE uses subscriber reference filter to search for subscriptions.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set subscription-loading-filter (subscriberRefFilter | objectClassFilter)

    Note: You must define the SubscriberRef attribute in Juniper Networks database when the SAE uses subscriber reference filter for subscriptions; otherwise, the subscriber data is not loaded.

  3. (Optional) Enable loading of subscriber schedules.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set load-subscriber-schedules
  4. Specify the subtree in the directory in which subscriber information is stored.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set login-cache-dn login-cache-dn
  5. Specify the subtree in the directory in which persistent session data is cached.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set session-cache-dn session-cache-dn
  6. (Optional) Specify the directory server that stores subscriber information.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set server-address server-address
  7. Specify the subtree in the directory where subscriber data is cached.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set dn dn
  8. (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set authentication-dn authentication-dn
  9. (Optional) Specify the password used to authenticate access to the directory server.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set password password
  10. (Optional) Enable automatic discovery of changes in subscriber profiles.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set directory-eventing
  11. Set the frequency for checking the directory for updates.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set polling-interval polling-interval
  12. Enable LDAPS as the secure protocol for connections to the server that stores subscriber data.
    [edit shared sae group se-region configuration ldap subscriber-data] user@host# set ldaps
  13. (Optional) Verify your configuration.
    [edit shared sae group se-region configuration ldap subscriber-data]
    user@host# show
    subscription-loading-filter subscriberRefFilter;
    load-subscriber-schedules;
    login-cache-dn o=users,<base>;
    session-cache-dn o=PersistentSessions,<base>;
    server-address 127.0.0.1;
    dn o=users,<base>;
    authentication-dn cn=ssp,o=components,o=operators,<base>;
    password ********;
    directory-eventing;
    polling-interval 30;
    ldaps;

Related Documentation