Last Modified: Sep 14, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4
Fixed In:
15.1.0
Opened: Mar 25, 2019 Severity: 3-Major
Dynamic ACL was not applied. This issue occurs because of a trailing space in session variables, for example, including a trailing space character in the 'session.ldap.last.attr.st' session variable in VPE. When this occurs, the resulting content in /config/bigip.conf (and in the running config) is as follows: apm policy agent dynamic-acl /Common/resource_assign_macromac_1_act_dynamic_acl_ag { entries { 0 { acl /Common/DYNAMIC-ACL source "session.ldap.last.attr.st " } } }
Dynamic ACL is not applied, and it is very difficult to determine the issue.
-- Using Dynamic ACL. -- Creating/editing session variables such that they include training spaces. -- Load the config.
Avoid inputting spaces or tabs in session variables.
Trailing spaces and tabs in session variables are now trimmed.