Bug ID 636866: Access Policy with a secure attribute object can fail at runtime for users, if admins perform AP export/import at the same time

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Jan 05, 2017

Severity: 3-Major

Symptoms

When an access profile with a secure attribute (for example: AAA AD Auth agent, LDAP Auth agent, RADIUS Auth agent, etc.) is exported and then imported, secret attribute may not be imported properly. During run-time authentication error logs like below may be observed: Nov 30 12:12:12 hostname err apmd[8478]: 01490236:3: /Common/access-policy-name:Common:xxxxxxxx: LDAP Module: Failed to bind with 'cn=yyyy,dc=zzz,dc=xxx'. Invalid credentials.

Impact

The APM agent imported in the access profile may not run properly and may end up in wrong branch.

Conditions

APM access policy agent with a secure attribute (for example: AAA AD Auth agent, LDAP Auth agent, RADIUS Auth agent, etc.) exported and then imported.

Workaround

After importing the access profile, manually re-configure agents with secure attributes.

Fix Information

Now access policies with secrete attributes can be exported and imported correctly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips