Bug ID 495273: LDAP extended error info only available at debug log level which could affect Branch rules

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Dec 08, 2014

Severity: 3-Major

Symptoms

LDAP session variable contains only simple error message at INFO log level and requires DEBUG log level to display the full error message. This variable is displayed in the logon page after logon failure.

Impact

Branch rules in visual policy editor based on extended error message will not work correctly in 11.6.

Conditions

LDAP Auth/Query is configured and there is need for extended error details at NON debug log level.

Workaround

None

Fix Information

A new session variable is introduced: session.ldap.last.errmsgext which contains extended error information at any log level. The existing session.ldap.last.errmsg variable contains only simple error message (decoded error code).

Behavior Change

A new session variable is introduced, session.ldap.last.errmsgext, which contains extended error information at any log level. The existing session.ldap.last.errmsg variable now contains only a simple error message (decoded error code). Branch rules in visual policy editor based on extended error message will not work correctly.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks