Bug ID 1267253: LDAP shadowExpire attribute not honored

Last Modified: Feb 08, 2024

Affected Product(s):
F5OS F5OS(all modules)

Known Affected Versions:
F5OS-A 1.4.0

Fixed In:
F5OS-A 1.7.0, F5OS-A 1.5.0

Opened: Mar 02, 2023

Severity: 3-Major


When using LDAP authentication, usage of the shadowExpire and related attributes will not enforce expiration on the F5 device.


User with expired attributes can log into F5 device.


LDAP authentication is configured. LDAP shadowExpire, shadowMax, and related attributes are set such that the user should be expired.


Either remove the user from groups with roles that allow access to the F5 device (for example, F5OS admin role gidNumber) or delete the user.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips