user-group-mapping

Syntax

Hierarchy Level

Description

Configure the SRX Series Firewall to connect to an LDAP server, so that the server can provide the SRX Series with user-to-group mappings. These mappings are used to implement the integrated user firewall feature. The domain controller acts as the LDAP server in typical customer scenarios.

Most of this statement is optional, because the default communication method is LDAP and most arguments have default values. Only the LDAP keyword and the base are required.

Options

ldap

Required. LDAP is the protocol used to access the LDAP server to get user-to-group mappings.

address ip-address

Optional. Specify the IP address of the LDAP server. If no address is specified, the system uses one of the configured Active Directory domain controllers.

port port

Optional. Specify the port number of the LDAP server. If no port number is specified, the system uses port 389 for plaintext or port 636 for encrypted text.

authentication-algorithm

Optional. Specify the algorithm used while the SRX Series communicates with the LDAP server.

simple

Configure simple (plaintext) authentication method.

base base

Required. LDAP base distinguished name (DN).

ssl

Optional. Enable Secure Sockets Layer (SSL) to ensure secure transmission with the LDAP server. Disabled by default, which means that the password is sent in plaintext.

user username

Optional. Username of the LDAP account. If no username is specified, the system will use the configured domain controller’s username.

password password

Optional. Specify the password for the account. If no password is specified, the system uses the configured domain controller’s password.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X47-D10.

ON THIS PAGE