Last Modified: Jul 16, 2019
See more info
Known Affected Versions:
14.1.0, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 15.0.0
Opened: Feb 26, 2019
The directory server that performs authentication requests refuses a query for authorization (user attributes), which prevents the BIG-IP user from logging on with remote authentication. BAD_NAME errors are usually present in LDAP communication.
The query request sent to the directory server is refused because the password is not included in the request, and the server does not accept an anonymous bind request. The refused request prevents a lookup of the user account attributes on the directory server. As a result, the BIG-IP user cannot logon.
-- Configure LDAP remote authentication with remote roles and a user template. -- As a remote user, attempt to logon.
Remove user-template and use bind-dn to authenticate against LDAP server.