Bug ID 457114: GUI LTM Profile Authentication Configuration SSL CA

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.2.1

Fixed In:
11.6.0

Opened: Apr 14, 2014

Severity: 4-Minor

Symptoms

Creating an LDAPS authentication configuration in the GUI with default values results in error messages.

Impact

Although ldap authentication succeeds, you will see error messages in /var/log/secure: err tamd: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_NEWCTX): Can't contact LDAP server err tamd: pam_ldap: _set_ssl_options failed

Conditions

This occurs when you are creating a ldap authentication object that uses client certificates using the GUI, but the xkuwbr certificate and client key is left at the default. Due to a sorting issue with the client certificate it is set to ca-bundle.crt but the key is set to default.key. The default for the client certificate should be default.crt.

Workaround

Setting the ssl-client-cert value to "default.crt" fixes the issue.

Fix Information

Add the correct certificate to GUI so it is set properly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips