[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring LDAP Access to Directory Data

The SRC software stores subscriber, service, persistent login, policy, router, and cached subscriber profiles and session data in a directory. The SAE uses LDAP to store and retrieve the data.

If you do not store data in the local directory, you need to configure the LDAP connections to the directories in which the data is stored. You can also select the filter that the SAE uses to search for subscriptions in the directory and directory eventing parameters for data stored in the directory.

The tasks to configure LDAP access to directory data are:

Configuring Access to Subscriber Data

Use the following configuration statements to configure access to subscriber data:

shared sae configuration ldap subscriber-data {
subscription-loading-filter (subscriberRefFilter | objectClassFilter); 

load-subscriber-schedules; 

login-cache-dn login-cache-dn; 

session-cache-dn session-cache-dn; 

server-address server-address; 

dn dn; 

authentication-dn authentication-dn; 

password password; 

directory-eventing; 

polling-interval polling-interval; 

(ldaps); 
}

To configure SAE access to subscriber data:

  1. From configuration mode, access the configuration statement that configures SAE access to subscriber data in the directory. In this sample procedure, the subscriber data is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap subscriber-data 
    
    
    
  3. Select the filter that the SAE uses to search for subscriptions in the directory when the SAE loads a subscription to a subscriber reference filter.
  4. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set subscription-loading-filter (subscriberRefFilter | objectClassFilter)
    
    
    
  5. (Optional) Enable loading of subscriber schedules.
  6. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set load-subscriber-schedules 
    
    
    
  7. Specify the subtree in the directory in which subscriber information is stored.
  8. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set login-cache-dn login-cache-dn 
    
    
    
  9. Specify the subtree in the directory in which persistent session data is cached.
  10. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set session-cache-dn session-cache-dn 
    
    
    
  11. (Optional) Specify the directory server that stores subscriber information.
  12. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set server-address server-address 
    
    
    
  13. Specify the subtree in the directory where subscriber data is cached.
  14. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set dn dn 
    
    
    
  15. (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
  16. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set authentication-dn authentication-dn 
    
    
    
  17. (Optional) Specify the password used to authenticate access to the directory server.
  18. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set password password 
    
    
    
  19. (Optional) Enable automatic discovery of changes in subscriber profiles.
  20. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set directory-eventing 
    
    
    
  21. Set the frequency for checking the directory for updates.
  22. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set polling-interval polling-interval 
    
    
    
  23. Enable LDAPS as the secure protocol for connections to the server that stores subscriber data.
  24. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# set ldaps
    
    
    
  25. (Optional) Verify your configuration.
  26. [edit shared sae group se-region configuration ldap subscriber-data]
    
    user@host# show
    
    subscription-loading-filter objectClassFilter;
    
    load-subscriber-schedules;
    
    login-cache-dn o=users,<base>;
    
    session-cache-dn o=PersistentSessions,<base>;
    
    server-address 127.0.0.1;
    
    dn o=users,<base>;
    
    authentication-dn cn=ssp,o=components,o=operators,<base>;
    
    password ********;
    
    directory-eventing;
    
    polling-interval 30;
    
    ldaps;
    

Related Information

For additional information, see the following source:

Configuring Access to Service Data

Use the following configuration statements to configure access to service data:

shared sae configuration ldap service-data {
server-address server-address; 

dn dn; 

authentication-dn authentication-dn; 

password password; 

directory-eventing; 

polling-interval polling-interval; 

(ldaps); 
}

To configure SAE access to service data:

  1. From configuration mode, access the configuration statement that configures SAE access to service data in the directory. In this sample procedure, the service data is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap service-data
    
    
    
  3. (Optional) Specify the directory server that stores service data.
  4. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# set server-address server-address 
    
    
    
  5. Specify the subtree in the directory where service data is cached.
  6. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# set dn dn 
    
    
    
  7. (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
  8. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# set authentication-dn authentication-dn 
    
    
    
  9. (Optional) Specify the password used to authenticate access to the directory server.
  10. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# set password password 
    
    
    
  11. (Optional) Enable or disable automatic discovery of changes to service data.
  12. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# set directory-eventing 
    
    
    
  13. Set the frequency for checking the directory for updates.
  14. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# set polling-interval polling-interval 
    
    
    
  15. Enable LDAPS as the secure protocol for connections to the server that stores service data.
  16. edit shared sae group se-region configuration ldap service-data]
    
    user@host# set ldaps
    
    
    
  17. (Optional) Verify your configuration.
  18. [edit shared sae group se-region configuration ldap service-data]
    
    user@host# show 
    
    server-address 10.10.45.3;
    
    dn <base>;
    
    authentication-dn <base>;
    
    password ********;
    
    directory-eventing;
    
    polling-interval 30;
    
    ldaps;
    

Related Information

For additional information, see the following source:

Configuring Access to Policy Data

Use the following configuration statements to configure access to policy data:

shared sae configuration ldap policy-data {
policy-dn policy-dn; 

parameter-dn parameter-dn; 

directory-eventing; 

polling-interval polling-interval; 
}

To configure SAE access to subscriber data:

  1. From configuration mode, access the configuration statement that configures SAE access to policy data in the directory. In this sample procedure, the policy data is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap policy-data 
    
    
    
  3. Specify the subtree in the directory in which policy data stored.
  4. [edit shared sae group se-region configuration ldap policy-data]
    
    user@host# set policy-dn policy-dn 
    
    
    
  5. Specify the subtree in the directory in which policy parameter data is cached.
  6. [edit shared sae group se-region configuration ldap policy-data]
    
    user@host# set parameter-dn parameter-dn 
    
    
    
  7. (Optional) Enable or disable automatic discovery of changes to policy data.
  8. [edit shared sae group se-region configuration ldap policy-data]
    
    user@host# set directory-eventing 
    
    
    
  9. Set the frequency for checking the directory for updates.
  10. [edit shared sae group se-region configuration ldap policy-data]
    
    user@host# set polling-interval polling-interval 
    
    
    
  11. (Optional) Verify your configuration.
  12. [edit shared sae group se-region configuration ldap policy-data]
    
    user@host# show 
    
    policy-dn o=Policy,<base>;
    
    parameter-dn o-Parameters,<base>;
    
    directory-eventing;
    
    polling-interval 30;
    

Related Information

For additional information, see the following source:

Configuring Access to the Persistent Login Cache

Use the following configuration statements to configure access to persistent login cache data:

shared sae configuration ldap persistent-login-cache {
server-address server-address; 

dn dn; 

authentication-dn authentication-dn; 

password password; 

directory-eventing; 

polling-interval polling-interval; 

(ldaps); 
}

To configure SAE access to persistent login cache data:

  1. From configuration mode, access the configuration statement that configures SAE access to persistent login cache data in the directory. In this sample procedure, the persistent login cache data is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap 
    persistent-login-cache 
    
    
    
  3. (Optional) Specify the directory server that stores service data.
  4. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set server-address server-address 
    
    
    
  5. Specify the subtree in the directory where persistent login cache data is cached.
  6. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set dn dn 
    
    
    
  7. (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
  8. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set authentication-dn authentication-dn 
    
    
    
  9. (Optional) Specify the password used to authenticate access to the directory server.
  10. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set password password 
    
    
    
  11. (Optional) Enable automatic discovery of changes to persistent login cache data.
  12. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set directory-eventing 
    
    
    
  13. Set the frequency for checking the directory for updates.
  14. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set polling-interval polling-interval 
    
    
    
  15. Enable LDAPS as the secure protocol for connections to the server that stores persistent login cache data.
  16. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# set ldaps
    
    
    
  17. (Optional) Verify your configuration.
  18. [edit shared sae group se-region configuration ldap persistent-login-cache]
    
    user@host# show 
    
    dn "o=authCache, <base>";
    
    directory-eventing;
    
    polling-interval 30;
    
    ldaps;
    

Related Information

For additional information, see the following source:

Configuring the Location of Network Device Data

Use the following configuration statement to configure access to network device data:

shared sae configuration ldap {
network-dn network-dn; 
}

To configure SAE access to network device data:

  1. From configuration mode, access the configuration statement that configures SAE access to network device data in the directory. In this sample procedure, the network device data is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap 
    
    
    
  3. Specify the subtree in the directory where network device data is stored.
  4. [edit shared sae group se-region configuration ldap]
    
    user@host# set network-dn network-dn 
    
    
    
  5. Verify your configuration.
  6. [edit shared sae group se-region configuration ldap]
    
    user@host# show network-dn 
    
    network-dn o=Network,<base>;
    

Related Information

For additional information, see the following source:

Enabling Automatic Discovery of Changes in SAE Configuration Data

Use the following configuration statement to enable automatic discovery of changes in SAE configuration data:

shared sae configuration ldap {
enable-directory-eventing; 
}

To enable automatic discovery of changes in SAE configuration data:

  1. From configuration mode, access the configuration statement that enables automatic discovery of changes in SAE configuration data in the directory. In this sample procedure, automatic discovery is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap 
    
    
    
  3. Enable automatic discovery of changes to SAE configuration data.
  4. [edit shared sae group se-region configuration ldap]
    
    user@host# enable-directory-eventing 
    

Related Information

For additional information, see the following source:

Setting the Timeout and Number of Events for SAE Directory Eventing

Use the following configuration statements to set the directory eventing timeout and the number of simultaneous events that the SAE can receive from the directory:

shared sae configuration ldap directory-eventing {
timeout timeout; 

dispatcher-pool-size dispatcher-pool-size; 
}

To configure the directory eventing timeout and the number of simultaneous events that the SAE can receive from the directory:

  1. From configuration mode, access the configuration statement that configures SAE directory eventing. In this sample procedure, directory eventing is configured in the se-region group.
  2. user@host# edit shared sae group se-region configuration ldap 
    directory-eventing 
    
    
    
  3. Specify the maximum time that the directory eventing system waits for the directory to respond.
  4. [edit shared sae group se-region configuration ldap directory-eventing]
    
    user@host# set timeout timeout 
    
    
    
  5. Specify the number of events that the SAE can receive from the directory simultaneously.
  6. [edit shared sae group se-region configuration ldap directory-eventing]
    
    user@host# set dispatcher-pool-size dispatcher-pool-size 
    
    
    
  7. (Optional) Verify your configuration.
  8. [edit shared sae group se-region configuration ldap directory-eventing]
    
    user@host# show 
    
    timeout 60;
    
    dispatcher-pool-size 1000;
    

Related Information

For additional information, see the following source:


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]