Configuring LDAP Access to Directory Data
The SRC software stores subscriber, service, persistent login, policy, router, and cached subscriber profiles and session data in a directory. The SAE uses LDAP to store and retrieve the data.
If you do not store data in the local directory, you need to configure the LDAP connections to the directories in which the data is stored. You can also select the filter that the SAE uses to search for subscriptions in the directory and directory eventing parameters for data stored in the directory.
The tasks to configure LDAP access to directory data are:
- Configuring Access to Subscriber Data
- Configuring Access to Service Data
- Configuring Access to Policy Data
- Configuring Access to the Persistent Login Cache
- Configuring the Location of Network Device Data
- Enabling Automatic Discovery of Changes in SAE Configuration Data
- Setting the Timeout and Number of Events for SAE Directory Eventing
Configuring Access to Subscriber Data
Use the following configuration statements to configure access to subscriber data:
shared sae configuration ldap subscriber-data {subscription-loading-filter (subscriberRefFilter | objectClassFilter); load-subscriber-schedules; login-cache-dnlogin-cache-dn
; session-cache-dnsession-cache-dn
; server-addressserver-address
; dndn
; authentication-dnauthentication-dn
; passwordpassword
; directory-eventing; polling-intervalpolling-interval
; (ldaps);}To configure SAE access to subscriber data:
- From configuration mode, access the configuration statement that configures SAE access to subscriber data in the directory. In this sample procedure, the subscriber data is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap subscriber-data
- Select the filter that the SAE uses to search for subscriptions in the directory when the SAE loads a subscription to a subscriber reference filter.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#
set subscription-loading-filter
(subscriberRefFilter | objectClassFilter)- (Optional) Enable loading of subscriber schedules.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#
set load-subscriber-schedules
- Specify the subtree in the directory in which subscriber information is stored.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set login-cache-dn
login-cache-dn
- Specify the subtree in the directory in which persistent session data is cached.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set session-cache-dn
session-cache-dn
- (Optional) Specify the directory server that stores subscriber information.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set server-address
server-address
- Specify the subtree in the directory where subscriber data is cached.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set dn
dn
- (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set authentication-dn
authentication-dn
- (Optional) Specify the password used to authenticate access to the directory server.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set password
password
- (Optional) Enable automatic discovery of changes in subscriber profiles.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set directory-eventing
- Set the frequency for checking the directory for updates.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set polling-interval
polling-interval
- Enable LDAPS as the secure protocol for connections to the server that stores subscriber data.
[
edit shared sae group se-region configuration ldap subscriber-data]
user@host#set ldaps
- (Optional) Verify your configuration.
[edit shared sae group se-region configuration ldap subscriber-data]user@host#show
subscription-loading-filter objectClassFilter;load-subscriber-schedules;login-cache-dn o=users,<base>;session-cache-dn o=PersistentSessions,<base>;server-address 127.0.0.1;dn o=users,<base>;authentication-dn cn=ssp,o=components,o=operators,<base>;password ********;directory-eventing;polling-interval 30;ldaps;Related Information
For additional information, see the following source:
- For information about setting up SAE groups, see SRC-PE Getting Started Guide, Chapter 16, Setting Up an SAE with the SRC CLI.
Configuring Access to Service Data
Use the following configuration statements to configure access to service data:
shared sae configuration ldap service-data {server-addressserver-address
; dn dn; authentication-dnauthentication-dn
; passwordpassword
; directory-eventing; polling-intervalpolling-interval
; (ldaps);}To configure SAE access to service data:
- From configuration mode, access the configuration statement that configures SAE access to service data in the directory. In this sample procedure, the service data is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap service-data
- (Optional) Specify the directory server that stores service data.
[edit shared sae group se-region configuration ldap service-data]
user@host#set server-address
server-address
- Specify the subtree in the directory where service data is cached.
[edit shared sae group se-region configuration ldap service-data]
user@host#set dn
dn
- (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
[edit shared sae group se-region configuration ldap service-data]
user@host#set authentication-dn
authentication-dn
- (Optional) Specify the password used to authenticate access to the directory server.
[edit shared sae group se-region configuration ldap service-data]
user@host#set password
password
- (Optional) Enable or disable automatic discovery of changes to service data.
[edit shared sae group se-region configuration ldap service-data]
user@host#set directory-eventing
- Set the frequency for checking the directory for updates.
[edit shared sae group se-region configuration ldap service-data]
user@host#set polling-interval
polling-interval
- Enable LDAPS as the secure protocol for connections to the server that stores service data.
edit shared sae group se-region configuration ldap service-data]
user@host#set ldaps
- (Optional) Verify your configuration.
[edit shared sae group se-region configuration ldap service-data]user@host#show
server-address 10.10.45.3;dn <base>;authentication-dn <base>;password ********;directory-eventing;polling-interval 30;ldaps;Related Information
For additional information, see the following source:
- For information about setting up SAE groups, see SRC-PE Getting Started Guide, Chapter 16, Setting Up an SAE with the SRC CLI.
Configuring Access to Policy Data
Use the following configuration statements to configure access to policy data:
shared sae configuration ldap policy-data {policy-dnpolicy-dn
; parameter-dnparameter-dn
; directory-eventing; polling-intervalpolling-interval
;}To configure SAE access to subscriber data:
- From configuration mode, access the configuration statement that configures SAE access to policy data in the directory. In this sample procedure, the policy data is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap policy-data
- Specify the subtree in the directory in which policy data stored.
[edit shared sae group se-region configuration ldap policy-data]
user@host#set policy-dn
policy-dn
- Specify the subtree in the directory in which policy parameter data is cached.
[edit shared sae group se-region configuration ldap policy-data]
user@host#set parameter-dn
parameter-dn
- (Optional) Enable or disable automatic discovery of changes to policy data.
[edit shared sae group se-region configuration ldap policy-data]
user@host#set directory-eventing
- Set the frequency for checking the directory for updates.
[edit shared sae group se-region configuration ldap policy-data]
user@host#set polling-interval
polling-interval
- (Optional) Verify your configuration.
[edit shared sae group se-region configuration ldap policy-data]user@host#show
policy-dn o=Policy,<base>;parameter-dn o-Parameters,<base>;directory-eventing;polling-interval 30;Related Information
For additional information, see the following source:
- For information about setting up SAE groups, see SRC-PE Getting Started Guide, Chapter 16, Setting Up an SAE with the SRC CLI.
Configuring Access to the Persistent Login Cache
Use the following configuration statements to configure access to persistent login cache data:
shared sae configuration ldap persistent-login-cache {server-addressserver-address
; dn dn; authentication-dnauthentication-dn
; passwordpassword
; directory-eventing; polling-intervalpolling-interval
; (ldaps);}To configure SAE access to persistent login cache data:
- From configuration mode, access the configuration statement that configures SAE access to persistent login cache data in the directory. In this sample procedure, the persistent login cache data is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap persistent-login-cache
- (Optional) Specify the directory server that stores service data.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set server-address
server-address
- Specify the subtree in the directory where persistent login cache data is cached.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set dn
dn
- (Optional) Specify the DN that the SAE uses to authenticate access to the directory server.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set authentication-dn
authentication-dn
- (Optional) Specify the password used to authenticate access to the directory server.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set password
password
- (Optional) Enable automatic discovery of changes to persistent login cache data.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set directory-eventing
- Set the frequency for checking the directory for updates.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set polling-interval
polling-interval
- Enable LDAPS as the secure protocol for connections to the server that stores persistent login cache data.
[edit shared sae group se-region configuration ldap persistent-login-cache]
user@host#set ldaps
- (Optional) Verify your configuration.
[edit shared sae group se-region configuration ldap persistent-login-cache]user@host#show
dn "o=authCache, <base>";directory-eventing;polling-interval 30;ldaps;Related Information
For additional information, see the following source:
- For information about setting up SAE groups, see SRC-PE Getting Started Guide, Chapter 16, Setting Up an SAE with the SRC CLI.
Configuring the Location of Network Device Data
Use the following configuration statement to configure access to network device data:
shared sae configuration ldap {network-dnnetwork-dn
;}To configure SAE access to network device data:
- From configuration mode, access the configuration statement that configures SAE access to network device data in the directory. In this sample procedure, the network device data is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap
- Specify the subtree in the directory where network device data is stored.
[edit shared sae group se-region configuration ldap]
user@host#set network-dn
network-dn
- Verify your configuration.
[edit shared sae group se-region configuration ldap]user@host#show network-dn
network-dn o=Network,<base>;Related Information
For additional information, see the following source:
- For information about setting up SAE groups, see SRC-PE Getting Started Guide, Chapter 16, Setting Up an SAE with the SRC CLI.
Enabling Automatic Discovery of Changes in SAE Configuration Data
Use the following configuration statement to enable automatic discovery of changes in SAE configuration data:
shared sae configuration ldap {enable-directory-eventing;}To enable automatic discovery of changes in SAE configuration data:
- From configuration mode, access the configuration statement that enables automatic discovery of changes in SAE configuration data in the directory. In this sample procedure, automatic discovery is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap
- Enable automatic discovery of changes to SAE configuration data.
[edit shared sae group se-region configuration ldap]user@host#enable-directory-eventing
Related Information
For additional information, see the following source:
- For information about setting up SAE groups, see SRC-PE Getting Started Guide, Chapter 16, Setting Up an SAE with the SRC CLI.
Setting the Timeout and Number of Events for SAE Directory Eventing
Use the following configuration statements to set the directory eventing timeout and the number of simultaneous events that the SAE can receive from the directory:
shared sae configuration ldap directory-eventing {timeouttimeout
; dispatcher-pool-sizedispatcher-pool-size
;}To configure the directory eventing timeout and the number of simultaneous events that the SAE can receive from the directory:
- From configuration mode, access the configuration statement that configures SAE directory eventing. In this sample procedure, directory eventing is configured in the se-region group.
user@host#edit shared sae group se-region configuration ldap directory-eventing
- Specify the maximum time that the directory eventing system waits for the directory to respond.
[edit shared sae group se-region configuration ldap directory-eventing]
user@host#set timeout
timeout
- Specify the number of events that the SAE can receive from the directory simultaneously.
[edit shared sae group se-region configuration ldap directory-eventing]
user@host#set dispatcher-pool-size
dispatcher-pool-size
- (Optional) Verify your configuration.
[edit shared sae group se-region configuration ldap directory-eventing]user@host#show
timeout 60;dispatcher-pool-size 1000;Related Information