Bug ID 567105: LDAP attributes not fetched for Remote Role Group matching

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Jan 12, 2016
Severity: 3-Major
Related AskF5 Article:
K40128010

Symptoms

Remote role group matching does not function when used with LDAP authentication. Inspection of traffic to the LDAP server shows that attributes needed for matching are not fetched.

Impact

Remote Role Group matching does not work as expected, specifically, less specific groups may match, or nothing may match, and the default remote role will be used.

Conditions

When using remote auth with LDAP, Cert-LDAP, or Active Directory, with a remote role group using the 'memberOf' attribute or other LDAP attributes.

Workaround

None.

Fix Information

LDAP attributes are now correctly fetched for Remote Role Group matching.

Behavior Change