Bug ID 1040817

Bug Tracker
ID 1040817

Bug ID 1040817: Users are shown the prompt to change their password even though the corresponding PSO object fetch from Active Directory fails.

Last Modified: Dec 07, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.1.5, 13.1.5.1

Opened: Aug 16, 2021

Severity: 3-Major

Symptoms

Users are prompted to change their password when they should not be. The following errors are logged into /var/log/apm: Can't get PSO for domain 'TESTDOMAIN.LOCAL' Failed to get maximum password age from domain 'R4.RHA-RRS.CA' for user 'testuser@TESTDOMAIN.LOCAL'

Impact

Users are shown a prompt to change their password.

Conditions

-- An Active Directory AAA server object with an admin account that does not have permissions to the active directory password policy. -- An Active Directory query object configured to warn the user about password expiration -- Attempt to logon to the virtual server with this access policy.

Workaround

Disable the warning configuration from the Active Directory query object in the visual policy editor.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips