Bug ID 610961: pre-define default list of required attributes for AD Query

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1

Fixed In:
13.0.0

Opened: Aug 15, 2016
Severity: 3-Major

Symptoms

AD Query agent does not have any pre-defined required attributes. by default it fetches (*) all attributes from AD for a user. in some cases the response may contain huge attributes that cause vcmp synchronization and other issues

Impact

tmm may crash on vcmp

Conditions

AD Query is configured with default (empty) required attributes list

Workaround

limit the list of attributes to be fetched from AD by AD Query agent (define required attributes in the list)

Fix Information

some important attributes pre-defined for a newle created AD Query agent. the list is: "cn","displayName","distinguishedName","dn","employeeID","givenName","homeMDB","mail","memberOf","mobile","msDS-ResultantPSO","name","objectGUID","otherMobile","pager","primaryGroupID","pwdLastSet","sAMAccountName","sn","telephoneNumber","userAccountControl","userPrincipalName"

Behavior Change