Bug ID 757519: Unable to logon using LDAP authentication with a user-template

Last Modified: Jul 07, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4

Fixed In:
14.1.2.3

Opened: Feb 04, 2019
Severity: 3-Major

Symptoms

Cannot logon using remote LDAP authentication. This occurs because LDAP with user-template configured uses the user-template value as the distinguished name (DN) for the LDAP search, instead of a properly formed X.500 name, for example: cn=xxx,ou=xxx,dc=example,dc=org

Impact

Remote LDAP authentication users are unable to login. Note: The user-template value is not a valid DN.

Conditions

-- LDAP authentication configuration includes the user-template value as the DN. -- Attempt to logon.

Workaround

You can use either of the following workarounds: -- Create a specific user for bind by configuring bind-dn and bind-pw, and remove user-template. -- Switch to local authentication.

Fix Information

None

Behavior Change