Bug ID 1136597: LDAP user with admin and operator role gets only operator permissions

Last Modified: Feb 08, 2024

Affected Product(s):
F5OS F5OS(all modules)

Fixed In:
F5OS-C 1.6.0, F5OS-A 1.7.0, F5OS-A 1.5.0, F5OS-A 1.4.0

Opened: Aug 15, 2022

Severity: 2-Critical

Symptoms

An LDAP user configured with groups for both admin and operator roles only receives operator permissions.

Impact

A user with this config would be assigned only operator permissions.

Conditions

LDAP user configured with gidNumber assignments for both admin and operator roles.

Workaround

Only configure the gidNumber for the desired role in LDAP for the user. Do not configure multiple roles for the same user.

Fix Information

There was an error in the NACM rules for ConfD config. The role logic has been fixed.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips