Last Modified: May 14, 2019
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2
12.1.0, 12.0.0 HF3
Opened: Jun 24, 2015
Related AskF5 Article: K54135079
In some circumstances LDAP may fail to setup StartTLS on the server-side when instructed by a LDAP client when the LDAP virtual server is in use with a persistence profile.
Serverside does not upgrade to TLS.
- LDAP virtual server with client and server profiles. - LDAP profiles with STARTTLS Activation Mode set to Allow. - Persistence profile (for example, src addr persistence).
Do not use LDAP virtual server in conjunction with persistence.
The BIG-IP system now correctly upgrades the serverside connection of a LDAP virtual server to TLS.