Bug ID 459953: Misleading error message in APM logfile, when LDAP Query executed

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
10.0.0, 10.2.0, 11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.2 HF1, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.6.0, 11.5.1 HF6, 11.4.1 HF6

Opened: Apr 30, 2014

Severity: 4-Minor

Related Article: K16989


In the /var/log/apm logfile there is the error message: err apd[17032]: 01490000:3: modules/Authentication/Ldap/LdapAgent.cpp func: "getLdapUserInput()" line: 718 Msg: 4121b75d: LDAP Agent: getLdapUserInput(): unable to decrypt user password due to NULL ciphertext.


This is a cosmetic error that can safely be ignored, as functionality is not affected.


An LDAP Query is configured in an access policy, and the user password is not retrieved or not necessary, for example an access policy that always gets some object from the LDAP server and does not require the user password.



Fix Information

When an LDAP query runs and the user password is not retrieved or necessary, a misleading error message about NULL cyphertext is no longer logged.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips