Bug ID 601989: Remote LDAP system authenticated username is case sensitive

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP Install/Upgrade, TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.1

Fixed In:
13.0.0, 12.1.2

Opened: Jun 29, 2016

Severity: 3-Major

Related Article: K88516119

Symptoms

Unable to login via ssh, with cause being reported as 'user account has expired'. Wrong role being assigned for remote-user.

Impact

Unable to login via ssh with remote-user or remote-user being assigned incorrect role when multiple accounts exists with the same name and mixed case.

Conditions

The character-case for the username returned from LDAP must match the login username and the configured account name. This can be exposed on an upgrade from 11.6.0 to 12.1.0 or 12.1.1.

Workaround

Avoid configuring the same account username with different case. The authenticated user account in TMOS used to login should exactly match the user account name returned from LDAP.

Fix Information

When logging in to BIG-IP via ssh, the case of the logged-in user name is preserved when authenticating against an LDAP source, and matched in a case-sensitive manner to the appropriate locally defined user role.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips