Bug ID 759654: LDAP remote authentication with remote roles and user-template failing

Last Modified: Nov 08, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 15.0.0, 15.0.1

Opened: Feb 26, 2019
Severity: 3-Major

Symptoms

The directory server that performs authentication requests refuses a query for authorization (user attributes), which prevents the BIG-IP user from logging on with remote authentication. BAD_NAME errors are usually present in LDAP communication.

Impact

The query request sent to the directory server is refused because the password is not included in the request, and the server does not accept an anonymous bind request. The refused request prevents a lookup of the user account attributes on the directory server. As a result, the BIG-IP user cannot logon.

Conditions

-- Configure LDAP remote authentication with remote roles and a user template. -- As a remote user, attempt to logon.

Workaround

Remove user-template. bind-dn must be used to authenticate against LDAP server.

Fix Information

None

Behavior Change