Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.0.8, 12.1.3.4, 11.6.3.3
Opened: Dec 18, 2017 Severity: 3-Major
LDAP Query agent may fail to resolve nested groups for a user. /var/log/apm logfile contains the following error messages when 'debug' log level is enabled for Access Profile: err apmd[17159]: 014902bb:3: /Common/ldap_access:Common:254fdc14 Failed to process the LDAP search result while getting group membership down with error (No such object.). err apmd[17159]: 014902bb:3: /Common/ldap_access:Common:254fdc14 Failed to process the LDAP search result while querying LDAP with error (No such object.).
LDAP Query agent fails. unable to get user identity. unable to finalize Access Policy.
LDAP Query agent is configured in an Access Policy. 'Fetch groups to which the user or group belong' option is enabled
None
after fix, LDAP Query resolves all nested groups as expected and session.ldap.last.attr.memberOf attributes contains user's groups