Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1
Fixed In:
13.0.0, 12.1.3.2
Opened: Dec 06, 2016 Severity: 2-Critical
When required attributes list is empty, LDAP Query agent produces only two session variables. in previous releases, the default behavior was - to get all user's attributes and populate those as session variables
LDAP Query agent failed if branch rule expects to get user's attributes. any other agent in the policy that relies on user's LDAP attributes will also fail.
LDAP Query agent configured in an Access Policy. Required attributes list is empty (not any attr is configured)
As a workaround you can configure required attributes to be retrieved by LDAP Query agent explicitly
The default behavior is back; when the required attributes list is empty, the LDAP Query Agent will retrieve all user's attributes and populate them as session variables.