Bug ID 550307: ssl_check_peer field of ldap config is inoperative for system-auth

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Oct 03, 2015
Severity: 3-Major
Related Article:
K24352211

Symptoms

When using clientcert ldap for system auth, setting the ssl_check_peer field to disabled has no effect. It will always behave as enabled. This setting is not exposed in the GUI; the change can only be made in tmsh, but it has no lasting effect.

Impact

No way to disable ssl_check_peer. User cannot connect. Although you can use tmsh to change the setting to 'no', enabling the user to connect, any time there is a modification to ldap config, the value gets reset to 'yes', and the issue returns.

Conditions

Using clientcert ldap for system auth.

Workaround

None.

Fix Information

Setting the ssl_check_peer field is now effective for system-auth ldap configs.

Behavior Change