Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Jan 05, 2017 Severity: 3-Major
When an access profile with a secure attribute (for example: AAA AD Auth agent, LDAP Auth agent, RADIUS Auth agent, etc.) is exported and then imported, secret attribute may not be imported properly. During run-time authentication error logs like below may be observed: Nov 30 12:12:12 hostname err apmd[8478]: 01490236:3: /Common/access-policy-name:Common:xxxxxxxx: LDAP Module: Failed to bind with 'cn=yyyy,dc=zzz,dc=xxx'. Invalid credentials.
The APM agent imported in the access profile may not run properly and may end up in wrong branch.
APM access policy agent with a secure attribute (for example: AAA AD Auth agent, LDAP Auth agent, RADIUS Auth agent, etc.) exported and then imported.
After importing the access profile, manually re-configure agents with secure attributes.
Now access policies with secrete attributes can be exported and imported correctly.