Bug ID 633384: AD/LDAP Resource Mapping should match against group name with trailing comma

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.1.0

Opened: Dec 13, 2016

Severity: 3-Major

Symptoms

In APD during AD/LDAP Resource Mapping 'Group' will be ocasionally matched to 'Group1' because CN=Group matches CN=Group1.

Impact

Some group mappings are incorrect.

Conditions

AD/LDAP Resource Mapping.

Workaround

None.

Fix Information

Now LDAP and AD group matching are performed using a substring match with a trailing comma delimiter to avoid improper group matching. Specifically, "CN=Group," is matched rather than "CN=Group" so "CN=Group1," does not result in an incorrect match.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips