Bug ID 632178: LDAP Query agent creates only two session variables when required attributes list is empty

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.1.2, 12.1.3,

Fixed In:

Opened: Dec 06, 2016

Severity: 2-Critical


When required attributes list is empty, LDAP Query agent produces only two session variables. in previous releases, the default behavior was - to get all user's attributes and populate those as session variables


LDAP Query agent failed if branch rule expects to get user's attributes. any other agent in the policy that relies on user's LDAP attributes will also fail.


LDAP Query agent configured in an Access Policy. Required attributes list is empty (not any attr is configured)


As a workaround you can configure required attributes to be retrieved by LDAP Query agent explicitly

Fix Information

The default behavior is back; when the required attributes list is empty, the LDAP Query Agent will retrieve all user's attributes and populate them as session variables.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips