Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.1.0
Opened: Dec 13, 2016 Severity: 3-Major
In APD during AD/LDAP Resource Mapping 'Group' will be ocasionally matched to 'Group1' because CN=Group matches CN=Group1.
Some group mappings are incorrect.
AD/LDAP Resource Mapping.
None.
Now LDAP and AD group matching are performed using a substring match with a trailing comma delimiter to avoid improper group matching. Specifically, "CN=Group," is matched rather than "CN=Group" so "CN=Group1," does not result in an incorrect match.