Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3
Fixed In:
15.1.0, 15.0.1.4, 14.1.2.3
Opened: Feb 26, 2019 Severity: 3-Major
The directory server that performs authentication requests refuses a query for authorization (user attributes), which prevents the BIG-IP user from logging on with remote authentication. BAD_NAME errors are usually present in LDAP communication.
The query request sent to the directory server is refused because the password is not included in the request, and the server does not accept an anonymous bind request. The refused request prevents a lookup of the user account attributes on the directory server. As a result, the BIG-IP user cannot logon.
-- Configure LDAP remote authentication with remote roles and a user template. -- As a remote user, attempt to logon.
Remove user-template. bind-dn must be used to authenticate against LDAP server.
None