Bug ID 943033: APM PRP LDAP Group Lookup agent has a syntax error in built in VPE expression

Last Modified: Sep 16, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 16.0.0, 16.0.0.1

Opened: Sep 08, 2020
Severity: 4-Minor

Symptoms

PRP LDAP Group Lookup agent, the expression incorrectly places the 'string tolower' outside the square brackets. This causes an issue in the GUI of the LDAP Group Lookup object where the 'Simple' branch rules do not show up. You see this 'Warning': Warning, this expression was made manually and couldn't be parsed, please use advanced tab.

Impact

Tcl expression containing a syntax error prevents the LDAP Group Lookup agent from functioning properly.

Conditions

Configure PRP with the LDAP Group Lookup agent in the Visual Policy Editor (VPE).

Workaround

Go to the LDAP Group Lookup agent advanced tab and change this: expr {[string tolower [mcget {session.ldap.last.attr.memberOf}]] contains string tolower["CN=MY_GROUP, CN=USERS, CN=MY_DOMAIN"]} To this: expr {[string tolower [mcget {session.ldap.last.attr.memberOf}]] contains [string tolower "CN=MY_GROUP, CN=USERS, CN=MY_DOMAIN"]} Click finish. Now you can click 'change', and use the 'Simple' tab and the 'Add an expression using presets' option.

Fix Information

None

Behavior Change