Bug ID 530092: AD/LDAP groupmapping is overencoding group names with backslashes

Last Modified: Mar 17, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:

Opened: Jun 26, 2015
Severity: 3-Major


Adding a group value that contains space(s) manually in AD/LDAP Group Resource Assign actions will result in the space(s) being escaped and thus invalidating match attempts. For example, adding group 'Foo Bar' (without the quotes) will result in an expression found in bigip.conf as follows: expression "expr { [mcget -decode {session.ldap.last.attr.memberOf}] contains \"CN=Foo\\\\ Bar\" }" The value '\"CN=Foo\\\\ Bar\"' will not match a memberOf group returned that contains 'CN=Foo Bar,...'.


Matching for memberOf group will not working.


Spaces are encoded with backslashes.



Fix Information

Group name with spaces shall not be encoded with backslashes.

Behavior Change