Bug ID 943033: APM PRP LDAP Group Lookup agent has a syntax error in built in VPE expression

Last Modified: Jan 06, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,, 16.0.0,, 16.0.1,,

Fixed In:

Opened: Sep 08, 2020
Severity: 4-Minor


PRP LDAP Group Lookup agent, the expression incorrectly places the 'string tolower' outside the square brackets. This causes an issue in the GUI of the LDAP Group Lookup object where the 'Simple' branch rules do not show up. You see this 'Warning': Warning, this expression was made manually and couldn't be parsed, please use advanced tab.


Tcl expression containing a syntax error prevents the LDAP Group Lookup agent from functioning properly.


Configure PRP with the LDAP Group Lookup agent in the Visual Policy Editor (VPE).


Go to the LDAP Group Lookup agent advanced tab and change this: expr {[string tolower [mcget {session.ldap.last.attr.memberOf}]] contains string tolower["CN=MY_GROUP, CN=USERS, CN=MY_DOMAIN"]} To this: expr {[string tolower [mcget {session.ldap.last.attr.memberOf}]] contains [string tolower "CN=MY_GROUP, CN=USERS, CN=MY_DOMAIN"]} Click finish. Now you can click 'change', and use the 'Simple' tab and the 'Add an expression using presets' option.

Fix Information

The syntax error in built in VPE expression of LDAP Group Lookup agent is fixed

Behavior Change