Last Modified: Oct 21, 2024
Affected Product(s):
F5OS F5OS, Velos
Known Affected Versions:
F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-C 1.6.2
Fixed In:
F5OS-A 1.8.0, F5OS-A 1.7.0
Opened: Oct 19, 2023 Severity: 3-Major
LDAP external authentication (e.g. REST API or GUI; but not ssh) fails in the following scenario: - User is defined in external auth system (e.g. LDAP) - User has a primary GID assigned - There is no group definition for user's primary GID While this is legal, because the numeric GID should be sufficient, when we try to look up the group info and fail, this short circuits authentication resulting in an error.
Externally defined users may not be able to log in.
- User is defined in external auth system (e.g. LDAP) - User has a primary GID assigned - There is no group definition for user's primary GID
Define a group for the user's primary group ID. system aaa authentication roles role <group name> config remote-gid <group ID>
LDAP external authentication no longer fails if there is no group definition for user's primary GID. The numeric GID is sufficient.