Bug ID 550307: ssl_check_peer field of ldap config is inoperative for system-auth

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0

Opened: Oct 03, 2015

Severity: 3-Major

Related Article: K24352211

Symptoms

When using clientcert ldap for system auth, setting the ssl_check_peer field to disabled has no effect. It will always behave as enabled. This setting is not exposed in the GUI; the change can only be made in tmsh, but it has no lasting effect.

Impact

No way to disable ssl_check_peer. User cannot connect. Although you can use tmsh to change the setting to 'no', enabling the user to connect, any time there is a modification to ldap config, the value gets reset to 'yes', and the issue returns.

Conditions

Using clientcert ldap for system auth.

Workaround

None.

Fix Information

Setting the ssl_check_peer field is now effective for system-auth ldap configs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips