Bug ID 609988: LDAP remote auth group mapping not working under certain conditions

Last Modified: Jul 22, 2020

Bug Tracker

Affected Product:  See more info
BIG-IQ Platform(all modules)

Fixed In:
5.1.0

Opened: Aug 10, 2016
Severity: 3-Major

Symptoms

A BIG-IQ is configured for LDAP authentication and roles are assigned to different groups. When a user tries to log in, the authentication is successful but the user does not get the role specified for its group.

Impact

The BIG-IQ user logged in via ldap is got getting the role it should be based on its ldap group membership.

Conditions

BIG-IQ is using an ldap server that is not not allow the user to request its group membership.

Workaround

The BIG-IQ can assign the role directly to the user, rather than via the ldap group.

Fix Information

BIG-IQ has changed the way it binds to the ldap server such that it no longer requires that the user has visibility into its group membership.

Behavior Change