Last Modified: Jun 04, 2025
Affected Product(s):
F5OS Velos
Known Affected Versions:
F5OS-A 1.0.0, F5OS-A 1.0.1, F5OS-A 1.1.0, F5OS-A 1.1.1, F5OS-C 1.0.0, F5OS-C 1.1.0, F5OS-C 1.1.1, F5OS-C 1.1.2, F5OS-C 1.1.3, F5OS-C 1.1.4, F5OS-C 1.3.0, F5OS-C 1.3.1, F5OS-C 1.3.2, F5OS-C 1.5.0, F5OS-C 1.5.1
Fixed In:
F5OS-C 1.6.0, F5OS-C 1.6.0, F5OS-A 1.3.0, F5OS-A 1.3.0
Opened: Aug 10, 2022 Severity: 2-Critical
By default, our LDAP implementation was set to chase LDAP referrals. This could be expensive and make lookups very slow in large organizations with multiple layers of LDAP servers.
The default of chasing referrals in the above conditions could result in slow LDAP lookups and timeouts.
LDAP enabled in very large LDAP organizations with multiple levels of servers.
None
A chase referrals option was added to LDAP configuration. The default is still enabled, but now it can be easily disabled: system aaa authentication ldap chase-referrals false