Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4
Fixed In:
11.6.1 HF1
Opened: Apr 26, 2016 Severity: 3-Major
APD crashes and generate a core file.
Authentication service will be interrupted.
The problem can happen only when the following conditions are met: 1. LDAP Query is used with AD backend. 2. 'Fetch groups to which the user or group belong' is defined for a value other than None (e.g., direct/all). 3. There were previous logons to the BIG-IP system, so a group cache is built and valid. 4. There is a new group created in the domain and assigned as a primary group for the user trying to authenticate.
Administrator should reset the group cache using either GUI (AAA LDAP Server configuration page) or tmsh (apm aaa ldap object). After the cache is reset, the cache will be built from scratch at the time of the next request, and the new group will be added to the cache.
APD no longer crashes if LDAP Query agent fails to retrieve primary group for a user.