Bug ID 647114: LDAP login may fail with empty bindUser.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Platform(all modules)

Known Affected Versions:
5.1.0

Opened: Feb 23, 2017

Severity: 3-Major

Symptoms

LDAP Authentication fails. This will most likely occur after an upgrade where it was previously working.

Impact

Authentication requests from the auth provider will try to use the bindUser field to bind to the LDAP server. If the bindUser field is a blank string it will fail causing login attempts to fail.

Conditions

The LDAP auth provider has an empty string or a string with all spaces such as "" or " " for the bindUser field. This is different than null. The LDAP server also does not allow anonymous binding.

Workaround

Set the bindUser field to null.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips