Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
Fixed In:
11.6.0 HF6
Opened: Apr 16, 2015 Severity: 3-Major
-decoded option is needed.
in 11.6.0, if you create a rule to match an AD group in an "AD group resource assign" it will create something like this in the bigip.conf: expression "expr { [mcget -decode {session.ad.last.attr.memberOf}] contains \"CN=TEST,\" }" Prior to 11.6.0 the generated config was: expression "expr { [mcget {session.ad.last.attr.memberOf}] contains \"CN=TEST,\" }" The upgrade script does not take care of adding the "-decode" option which result in no groups being displayed in the VPE after an upgrade to 11.6.0
upgrade to 11.6.0
No workaround
issue resolved, the -decode and lower string comparison added to expressions in AD and LDAP Group Mapping during upgrade.