Last Modified: Oct 21, 2024
Affected Product(s):
F5OS Velos
Known Affected Versions:
F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2
Fixed In:
F5OS-A 1.8.0
Opened: Jun 01, 2023 Severity: 3-Major
If a user exists locally (in F5OS) as well as on a remote LDAP server, and LDAP-based authentication is configured as an accepted authentication method, attempting to set the user's local password in F5OS will fail. In the ConfD CLI, an error like the following will be observed: syscon-1-active(config)# system aaa authentication users user ldap_user config set-password Value for 'password' (<string>): **************** Error: Rejected, Configured password-policy: min-length:6 required-differences:8 max-letter-repeat:3 policy applies to root:true It should be emphasized that in the case of such duplicate user definitions locally/remotely, the local user's credentials will need to be used to login even if remote authentication is preferred.
Unable to set the local user's password.
A user exists locally (in F5OS) as well as on a remote LDAP server, and LDAP-based authentication is configured as an accepted authentication method.
Temporarily remove LDAP as an authentication method, set the user's password, and then re-configure the preferred authentication method(s).
Fixed issue with setting a local user's password when an identically named user exists on a remote LDAP server and LDAP is enabled as an authentication method