Bug ID 481210: Active Directory Query doesn't populate all values of multi-value attributes

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF4

Opened: Sep 25, 2014

Severity: 3-Major

Related Article: K16426

Symptoms

If some attribute requested by Active Directory (AD) Query contains multiple values (for example, memberOf), then the last value is omitted in the corresponding session variable.

Impact

Access policy may make wrong decision based on session variables registered by AD Query.

Conditions

Active Directory attribute has multiple values.

Workaround

None

Fix Information

All values are now populated as session variables as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips