f5-declarative-onboarding icon indicating copy to clipboard operation
f5-declarative-onboarding copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

AD authentication failed - check-host-attr is enabled by default using DO

Open artgmolina opened this issue 3 years ago • 5 comments

Environment

  • Declarative Onboarding Version: 1.27.0
  • BIG-IP Version: 15.1.5

Summary

active directory authentication fails because DO enable by default the attribute check-host-attr which creates an issue. I think that the bug id https://cdn.f5.com/product/bugtracker/ID880625.html is triggered.

There is not any option to disable such attribute through declarative onboarding API, https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/schema-reference.html#authentication-ldap

Workaround

After disabling the attribute by TMSH, active directory authentication starts working.

artgmolina avatar Jan 27 '22 11:01 artgmolina

Can you provide the tmsh command you used to work around the issue?

dstokesf5 avatar Jan 28 '22 21:01 dstokesf5

modify auth ldap system-auth { check-host-attr disabled }

Babou73 avatar Jan 31 '22 09:01 Babou73

Thank you for your feedback. I have added this issue to our internal product backlog as AUTOTOOL-2981.

dstokesf5 avatar Jan 31 '22 18:01 dstokesf5

@Babou73 Are you currently setting the checkBindPassword property in your DO declaration?

dstokesf5 avatar Mar 17 '22 17:03 dstokesf5

Sorry for this very late reply. I was setting the checkBindPassword yes, tried disabling it, and then it is working fine. Guess this can be closed.

Babou73 avatar Oct 20 '22 09:10 Babou73