Last Modified: Jun 25, 2026
Affected Product(s):
F5OS F5OS, F5OS-A, F5OS-C
Fixed In:
F5OS-A 1.8.4
Opened: Mar 31, 2026 Severity: 2-Critical
With Basic LDAP or Secure LDAP (LDAPS) integrated with Windows Active Directory, toggling the active_directory and unix_attributes flags causes LDAP authentication to stop working. Specifically: 1. The Windows AD Domain SID is not recreated after the toggle. 2. LDAP-authenticated users receive a 403 Forbidden error when accessing the REST API.
All remote LDAP users cannot authenticate via LDAP, and LDAP-authenticated users lose access to the management CLI and REST API.
1. F5OS-A/C is configured with Windows AD LDAP or Secure LDAP (LDAPS) authentication. 2. LDAP roles are mapped to AD groups using system aaa authentication roles. The active_directory flag is toggled from true -> false (and unix_attributes from false -> true), then toggled back.
None.
The issue is fixed on F5OS-2.0.0 and F5OS-A-1.8.4