Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Access to Subscriber Data (SRC CLI)

    Use the following configuration statements to configure access to subscriber data:

    shared sae configuration ldap subscriber-data {subscription-loading-filter (subscriberRefFilter | objectClassFilter); load-subscriber-schedules; login-cache-dn login-cache-dn ; session-cache-dn session-cache-dn ; server-address server-address ; dn dn ; authentication-dn authentication-dn ; password password ; directory-eventing; polling-interval polling-interval ; (ldaps); }

    To configure SAE access to subscriber data:

    1. From configuration mode, access the configuration statement that configures SAE access to subscriber data in the directory. In this sample procedure, the subscriber data is configured in the se-region group.
      user@host# edit shared sae group se-region configuration ldap subscriber-data
    2. Select the filter that the SAE uses to search for subscriptions in the directory when the SAE loads a subscription to a subscriber reference filter. By default, the SAE uses subscriber reference filter to search for subscriptions.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set subscription-loading-filter (subscriberRefFilter | objectClassFilter)

      Note: You must define the SubscriberRef attribute in Juniper Networks database when the SAE uses subscriber reference filter for subscriptions; otherwise, the subscriber data is not loaded.

    3. (Optional) Enable loading of subscriber schedules.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set load-subscriber-schedules
    4. Specify the subtree in the directory in which subscriber information is stored.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set login-cache-dn login-cache-dn
    5. Specify the subtree in the directory in which persistent session data is cached.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set session-cache-dn session-cache-dn
    6. (Optional) Specify the directory server that stores subscriber information.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set server-address server-address
    7. Specify the subtree in the directory where subscriber data is cached.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set dn dn
    8. (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set authentication-dn authentication-dn
    9. (Optional) Specify the password used to authenticate access to the directory server.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set password password
    10. (Optional) Enable automatic discovery of changes in subscriber profiles.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set directory-eventing
    11. Set the frequency for checking the directory for updates.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set polling-interval polling-interval
    12. Enable LDAPS as the secure protocol for connections to the server that stores subscriber data.
      [edit shared sae group se-region configuration ldap subscriber-data] user@host# set ldaps
    13. (Optional) Verify your configuration.
      [edit shared sae group se-region configuration ldap subscriber-data]
      user@host# show
      subscription-loading-filter subscriberRefFilter;
      load-subscriber-schedules;
      login-cache-dn o=users,<base>;
      session-cache-dn o=PersistentSessions,<base>;
      server-address 127.0.0.1;
      dn o=users,<base>;
      authentication-dn cn=ssp,o=components,o=operators,<base>;
      password ********;
      directory-eventing;
      polling-interval 30;
      ldaps;

    Published: 2014-12-10