Last Modified: Feb 15, 2025
Affected Product(s):
F5OS F5OS, F5OS-A, F5OS-C, Velos
Known Affected Versions:
F5OS-A 1.8.0
Fixed In:
F5OS-C 1.8.0
Opened: Sep 11, 2024 Severity: 3-Major
Configuring an F5OS device to integrate with Active Directory using group names to map to roles rather than requiring unix attributes (uidNumber/gidNumber) in the directory will not work if the LDAP servers are configured to use encryption (TLS/SSL). Log messages similar to the following in platform.log / velos.log: authd[8]: priority="Err" version=1.0 msgid=0x3901000000000101 msg="LDAP API error during : -" oper="bind" code=-1 msg="Can't contact LDAP server". authd[8]: priority="Warn" version=1.0 msgid=0x3901000000000098 msg="Unable to retrieve domain Sid for supplied servers and domains; server will be treated as if it has unix attributes present.".
LDAP authentication functions based on unix attributes in the directory (uidNumber/gidNumber)
- LDAP system authentication configured to authenticate against an Active Directory Server - Under the system Authentication Settings configuration in the Common LDAP Configuration section, "Authenticate with Active Directory" set to True and "Unix Attributes" set to False - LDAP group filters specified for one or more roles
None
None