Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF3
Opened: Jun 24, 2015 Severity: 3-Major Related Article:
K54135079
In some circumstances LDAP may fail to setup StartTLS on the server-side when instructed by a LDAP client when the LDAP virtual server is in use with a persistence profile.
Serverside does not upgrade to TLS.
- LDAP virtual server with client and server profiles. - LDAP profiles with STARTTLS Activation Mode set to Allow. - Persistence profile (for example, src addr persistence).
Do not use LDAP virtual server in conjunction with persistence.
The BIG-IP system now correctly upgrades the serverside connection of a LDAP virtual server to TLS.