Last Modified: Oct 19, 2025
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.8.0, F5OS-A 1.8.3, F5OS-C 1.8.0, F5OS-C 1.8.1, F5OS-C 1.8.2
Opened: May 03, 2024 Severity: 3-Major
If you have set up a 'ldap-group' for a specific role on F5OS, but you did not configure the 'base' for the LDAP search until after it is committed, the role mapping will not appear in ldap-gid-map.txt.
Role mapping is not stored in ldap-gid-map.txt, so users with that mapping will be unable to access the system.
1. Define a 'ldap-group' mapping for a role in F5OS. For example: appliance-1(config-role-admin)# system aaa authentication roles role admin config ldap-group cn=my_group appliance-1(config-role-admin)# commit Commit complete. 2. Configure the LDAP search ‘base’ path *after* step #1. For example: appliance-1(config)# system aaa authentication ldap base ou=Group,dc=local appliance-1(config)# commit Commit complete.
Remove the configuration for 'ldap-group' for the role and then re-configure it after the 'base' has been configured.
None