Bug ID 632178: LDAP Query agent creates only two session variables when required attributes list is empty

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1

Fixed In:
13.0.0, 12.1.3.2

Opened: Dec 06, 2016
Severity: 2-Critical

Symptoms

When required attributes list is empty, LDAP Query agent produces only two session variables. in previous releases, the default behavior was - to get all user's attributes and populate those as session variables

Impact

LDAP Query agent failed if branch rule expects to get user's attributes. any other agent in the policy that relies on user's LDAP attributes will also fail.

Conditions

LDAP Query agent configured in an Access Policy. Required attributes list is empty (not any attr is configured)

Workaround

As a workaround you can configure required attributes to be retrieved by LDAP Query agent explicitly

Fix Information

The default behavior is back; when the required attributes list is empty, the LDAP Query Agent will retrieve all user's attributes and populate them as session variables.

Behavior Change