Bug ID 517564: APM cannot get groups from an LDAP server, when LDAP server is configured to use non-default port

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2

Opened: Apr 10, 2015

Severity: 3-Major

Symptoms

Starting from BIG-IP APM 11.6.0, there is a new feature called LDAP Group Resource Assign agent. The agent relies on a group list that is retrieved at AAA > LDAP Server > Groups configuration page. AAA LDAP Server fails to update the group list when the backend LDAP server is configured to use a port other than 389 (the default port).

Impact

It is impossible to update group list from LDAP server. LDAP Group Resource Assign agent does not provide a list of LDAP groups for easy configuration.

Conditions

Backend LDAP server is configured to use a non-default port (a port other than 389). LDAP Group Resource Assign agent is added to an Access Policy.

Workaround

None

Fix Information

LDAP groups can now be retrieved from an LDAP server that uses a non-default port (a port other than 389).

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips