Symptoms

-decoded option is needed.

Impact

in 11.6.0, if you create a rule to match an AD group in an "AD group resource assign" it will create something like this in the bigip.conf: expression "expr { [mcget -decode {session.ad.last.attr.memberOf}] contains \"CN=TEST,\" }" Prior to 11.6.0 the generated config was: expression "expr { [mcget {session.ad.last.attr.memberOf}] contains \"CN=TEST,\" }" The upgrade script does not take care of adding the "-decode" option which result in no groups being displayed in the VPE after an upgrade to 11.6.0

Conditions

upgrade to 11.6.0

Workaround

No workaround

Fix Information

issue resolved, the -decode and lower string comparison added to expressions in AD and LDAP Group Mapping during upgrade.

Behavior Change