Symptoms

Processing nested groups might cause an infinite loop.

Impact

User cannot pass access policy that contains the affected agent. The apd process must be restarted to re-initialize LDAP agent.

Conditions

LDAP query is configured to get group membership using 'member' attribute. On the LDAP server, group1 has group2 as a member and group2 has group1 as a membermember (membership loop), then the LDAP Query falls into an infinite loop trying to resolve nested groups.

Workaround

None.

Fix Information

The LDAP Query resolves group membership including nested groups as expected.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips