Last Modified: Jun 04, 2025
Affected Product(s):
F5OS F5OS-A, F5OS-C
Fixed In:
F5OS-C 1.8.0, F5OS-A 1.8.0
Opened: Sep 18, 2023 Severity: 3-Major
In previous versions of F5OS, when using LDAP for third-party authentication, having uidNumber and gidNumber LDAP attribute mappings was required. These attributes are common on unix systems and unix-based directories, but are optional in Windows environments. In Windows environments (For example, Active Directory), admin may be required to manually add uidNumber attributes to users, and gidNumber attributes to admin/operator groups.
In the above conditions, administrators are required to add uidNumber attributes to users in the directory, and gidNumber attributes to admin/operator groups.
Third-party LDAP authentication using Active Directory or other LDAP directory where uidNumber and gidNumber attributes are not provided by default.
Create uidNumbmer/gidNumber attributes if not present in directory.
A feature was added to map LDAP groups to F5OS roles using LDAP filter (group names) instead of numeric IDs. Additionally, code was added to use objectSid mapping instead of uidNumber/gidNumber to eliminate the need to create missing attributes in Active Directory environments.