Bug ID 513547: delimiter is always escaped if memberOf attribute contains only one group

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: Mar 20, 2015

Severity: 3-Major

Symptoms

In some situations, single value contains delimiters for an AD attribute. Those delimiters are escaped; for example, a memberOf attribute that contains only one group appears like this \| CN=mygroup,OU=myou,DC=mydomain,DC=com \|

Impact

No impact unless administrator configured rule filter to match full group DN including delimiters

Conditions

User is a member of one group only. "fetch nested groups" option is enabled for AD Query.

Workaround

None

Fix Information

Now there are no delimiters included if the memberof attribute contains only one group (single value). The new behavior makes the format of a memberOf attribute that contains only one value consistent with the format of other single-value attributes.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips