Bug ID 1267253: LDAP shadowExpire attribute not honored

Last Modified: Feb 08, 2024

Affected Product(s):
F5OS F5OS(all modules)

Known Affected Versions:
F5OS-A 1.4.0

Fixed In:
F5OS-A 1.7.0, F5OS-A 1.5.0

Opened: Mar 02, 2023

Severity: 3-Major

Symptoms

When using LDAP authentication, usage of the shadowExpire and related attributes will not enforce expiration on the F5 device.

Impact

User with expired attributes can log into F5 device.

Conditions

LDAP authentication is configured. LDAP shadowExpire, shadowMax, and related attributes are set such that the user should be expired.

Workaround

Either remove the user from groups with roles that allow access to the F5 device (for example, F5OS admin role gidNumber) or delete the user.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips