Bug ID 1270837: The Account Locked field on the Edit User page does not lock out users nor display correct locked status

Last Modified: Aug 01, 2024

Affected Product(s):
F5OS Velos(all modules)

Known Affected Versions:
F5OS-A 1.3.2

Fixed In:
F5OS-A 1.7.0, F5OS-A 1.5.2

Opened: Mar 14, 2023

Severity: 3-Major

Symptoms

Changing the Account Locked field on the Edit User page does not lockout a user, nor does the field correctly represent the locked status of a user.

Impact

Users are allowed to log in even if the Account Locked status is changed to True and the account is truly locked. Users are unable to log in even if the Account Locked status is changed to False, and the account is truly unlocked.

Conditions

Using the Account Locked field in the webUI.

Workaround

To lock or unlock a user, use the CLI to set the user's expiry date to 1 for locked and -1 for unlocked. Following is an example: Locked (config)# system aaa authentication users user <username> config expiry-date 1 (config)# commit Un-locked (config)# system aaa authentication users user <username> config expiry-date -1 (config)# commit

Fix Information

On the webUI the "Account Locked" widget will be replaced by the "Expiry Status" configuration which will allow locking the user in a similar fashion as the CLI.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips