Bug ID 633384: AD/LDAP Resource Mapping should match against group name with trailing comma

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Fixed In:

Opened: Dec 13, 2016

Severity: 3-Major


In APD during AD/LDAP Resource Mapping 'Group' will be ocasionally matched to 'Group1' because CN=Group matches CN=Group1.


Some group mappings are incorrect.


AD/LDAP Resource Mapping.



Fix Information

Now LDAP and AD group matching are performed using a substring match with a trailing comma delimiter to avoid improper group matching. Specifically, "CN=Group," is matched rather than "CN=Group" so "CN=Group1," does not result in an incorrect match.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips