Bug ID 530092: AD/LDAP groupmapping is overencoding group names with backslashes

Last Modified: Jan 16, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Jun 26, 2015
Severity: 3-Major

Symptoms

Adding a group value that contains space(s) manually in AD/LDAP Group Resource Assign actions will result in the space(s) being escaped and thus invalidating match attempts. For example, adding group 'Foo Bar' (without the quotes) will result in an expression found in bigip.conf as follows: expression "expr { [mcget -decode {session.ldap.last.attr.memberOf}] contains \"CN=Foo\\\\ Bar\" }" The value '\"CN=Foo\\\\ Bar\"' will not match a memberOf group returned that contains 'CN=Foo Bar,...'.

Impact

Matching for memberOf group will not working.

Conditions

Spaces are encoded with backslashes.

Workaround

N/A

Fix Information

Group name with spaces shall not be encoded with backslashes.

Behavior Change