Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure the SRX Series Firewall to connect to an LDAP server, so that the server can provide the SRX Series with user-to-group mappings. These mappings are used to implement the integrated user firewall feature. The domain controller acts as the LDAP server in typical customer scenarios.

Most of this statement is optional, because the default communication method is LDAP and most arguments have default values. Only the LDAP keyword and the base are required.



Required. LDAP is the protocol used to access the LDAP server to get user-to-group mappings.

address ip-address

Optional. Specify the IP address of the LDAP server. If no address is specified, the system uses one of the configured Active Directory domain controllers.

port port

Optional. Specify the port number of the LDAP server. If no port number is specified, the system uses port 389 for plaintext or port 636 for encrypted text.


Optional. Specify the algorithm used while the SRX Series communicates with the LDAP server.


Configure simple (plaintext) authentication method.

base base

Required. LDAP base distinguished name (DN).


Optional. Enable Secure Sockets Layer (SSL) to ensure secure transmission with the LDAP server. Disabled by default, which means that the password is sent in plaintext.

user username

Optional. Username of the LDAP account. If no username is specified, the system will use the configured domain controller’s username.

password password

Optional. Specify the password for the account. If no password is specified, the system uses the configured domain controller’s password.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X47-D10.