Last Modified: Nov 07, 2022
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 11.6.4, 11.6.5, 188.8.131.52, 184.108.40.206, 220.127.116.11
Opened: Mar 20, 2015 Severity: 3-Major
In some situations, single value contains delimiters for an AD attribute. Those delimiters are escaped; for example, a memberOf attribute that contains only one group appears like this \| CN=mygroup,OU=myou,DC=mydomain,DC=com \|
No impact unless administrator configured rule filter to match full group DN including delimiters
User is a member of one group only. "fetch nested groups" option is enabled for AD Query.
Now there are no delimiters included if the memberof attribute contains only one group (single value). The new behavior makes the format of a memberOf attribute that contains only one value consistent with the format of other single-value attributes.