Changing Access to the Directory that Stores SRC Configuration Data

Use the following configuration statements to change connection properties for the directory that stores SRC configuration data:

system ldap client {base-dn base-dn ; url url ; backup-urls [ backup-urls ...]; principal principal ; credentials credentials ;timeout timeout ; time-limit time-limit ; }

Note: Before you change directory connection properties, make sure that all configuration changes have been committed.

To change connection information to the directory that stores SRC configuration information:

  1. From configuration mode, access the configuration statement that configures the directory connection.
    [edit]user@host# edit system ldap client
  2. (Optional) Change the DN of the root directory to store SRC configuration information. You can use the default root o=umc.
    [edit system ldap client]user@host# set base-dn base-dn
  3. (Optional) Change the URL that identifies the location of the primary directory server.
    [edit system ldap client]user@host# set url url
  4. (Optional) Specify URLs that identify the locations of backup directory servers.
    [edit system ldap client]user@host# set backup-urls backup-url-n backup-url-n2

    Backup servers are used if the primary directory server is not accessible.

  5. (Optional) Change the DN that defines the username with which an SRC component accesses the directory.
    [edit system ldap client]user@host# set principal principal

    For example:

    [edit system ldap client]user@host# set principal-dn cn=area1,o=Operators,o=umc
  6. (Optional) Change the password used for authentication with the directory server.
    [edit system ldap client]user@host# set credentials credentials
  7. (Optional) Specify the maximum amount of time during which the directory must respond to a connection request.
    [edit system ldap client]user@host# set timeout timeout
  8. (Optional) Specify the length of time to wait for a connection to the directory to be established. If you set the value to 0, there is no time limit.
    [edit system ldap client]user@host# set time-limit time-limit
  9. (Optional) Change directory eventing properties for the CLI.

    Note: Do not change the value for the enable-eventing, polling-interval, connection-manager-id, dispatcher-pool-size, or event-base-dn statements unless instructed to do so by Juniper Networks.

    The eventing statement is enabled by default.

In most cases, you use the default configuration for directory eventing properties.

Related Documentation