Changing the Directory Access Configuration for the CLI
On Solaris platforms, configure the CLI to use the directory that stores SRC configuration data.
Configuration Statements for CLI Directory Access
Use the following configuration statements to change the connection to the directory that stores SRC configuration information. You enter the system ldap client statement at the
[edit]
hierarchy level:system ldap client {base-dnbase-dn
;urlurl
;backup-urlsbackup-urls
;authentication-dnauthentication-dn
;credentialscredentials
;connect-timeoutconnect-timeout
;time-limittime-limit
;eventing;polling-intervalpolling-interval
;connection-manager-idconnection-manager-id
;dispatcher-pool-sizedispatcher-pool-size
;event-base-dnevent-base-dn
;signature-dnsignature-dn
;blacklist;}
NOTE: Do not change the value for the
enable-eventing
,polling-interval
,connection-manager-id
,dispatcher-pool-size
, orevent-base-dn
statements unless instructed to do so by Juniper Networks.Changing Directory Access Properties
Use the following configuration statements to change connection properties for the directory that stores SRC configuration data:
system ldap client {base-dnbase-dn
;urlurl
;backup-urls [backup-urls
...];principalprincipal
;credentialscredentials
;timeouttimeout
;time-limittime-limit
;}
NOTE: Before you change directory connection properties, make sure that all configuration changes have been committed.
To change connection information to the directory that stores SRC configuration information:
- From configuration mode, access the configuration statement that configures the directory connection.
[edit]user@host#edit system ldap client
- (Optional) Change the DN of the root directory to store SRC configuration information. You can use the default root o=umc.
[edit system ldap client]user@host#set base-dn
base-dn
- (Optional) Change the URL that identifies the location of the primary directory server.
[edit system ldap client]user@host#set url
url
- (Optional) Specify URLs that identify the locations of backup directory servers.
[edit system ldap client]user@host#set backup-urls
backup-url-n backup-url-n2
Backup servers are used if the primary directory server is not accessible.
- (Optional) Change the DN that defines the username with which an SRC component accesses the directory.
[edit system ldap client]user@host#set principal
principal
[edit system ldap client]user@host#set principal-dn cn=area1,o=Operators,o=umc
- (Optional) Change the password used for authentication with the directory server.
[edit system ldap client]user@host#set credentials
credentials
- (Optional) Specify the maximum amount of time during which the directory must respond to a connection request.
[edit system ldap client]user@host#set timeout
timeout
- (Optional) Specify the length of time to wait for a connection to the directory to be established. If you set the value to 0, there is no time limit.
[edit system ldap client]user@host#set time-limit
time-limit
- (Optional) Change directory eventing properties for the CLI.
NOTE: Do not change the value for the
enable-eventing
,polling-interval
,connection-manager-id
,dispatcher-pool-size
, orevent-base-dn
statements unless instructed to do so by Juniper Networks.
.In most cases, you use the default configuration for directory eventing properties. For information about changing directory eventing properties, see Chapter 25, Configuring Local Properties with the SRC CLI.
Verifying the Configuration for Directory Access
To verify the configuration for directory connections:
- From configuration mode, access the configuration statement that configures the directory connection for the CLI.
[edit]user@host#edit system ldap client
- Run the
show
command. For example:[edit system ldap client]user@host#show
base-dn o=UMC;url ldap://127.0.0.1;principal cn=cli,ou=components,o=operators,<base>;credentials ********;timeout 10;time-limit 5000;eventing;polling-interval 30;connection-manager-id CLI_DATA_MANAGER;dispatcher-pool-size 1;event-base-dn o=UMC;signature-dn o=UMC;blacklist;