Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: Mar 13, 2015 Severity: 3-Major
if the option "fetch primary group" is enabled for AD Query AND some attributes are configured as "required attributes" then AD Query request only those configured attributes for a user during logon process. If the required attributes missing primaryGroupID attribute, then AD Query will fail as it cannot find primary group DN for the user
AD Query fails
the option "fetch primary group" is enabled for AD Query AND some attributes are configured as "required attributes" AND required attributes missing primaryGroupID attribute
add primaryGroupID attribute to the list of required attributes. it's not necessary if "required attributes" list is empty - in this case, bigip retrieves all attributes for a user including primaryGroupID
None