Forum Discussion
CirrostratusManagement login via ldap broke on several devices at the same time
Strange issue...I have several F5 devices and they can connect to, communicate with, and see the LDAP servers....however all of these separate devices broke when authenticating to the management interface at the same time. Some are physical, some are virtual...all of them are 13.0+. The only two that did not break at the same time and are on the same network with the exact same config are 11.5.3.
If I disable SSL for ldap it works...however every other service in our network continues to work fine with ldaps including the 11.5.3 devices...
When I try to do a trace with debug on for ldap it just says connection closed by remote host or timed out connecting to ldap servers.
Doing a packet capture for the traffic returns zero packets like they are not even trying to go out...wondering if I'm hitting a bug or something...anyone else seen this or have any ideas?
Ok...for anyone who runs across this I found that if I deleted the 'userCertificate' attribute value on my active directory account it allowed me to login...I never used this for anything so the impact to me was minimal (it was an encrypting file system certificate that was NOT expired and had been there a while)...I will have to research with support why that caused the issue
For whatever reason this was not an issue on 11.5.3 but 13.0 and 13.1 and 13.1.0.3 it wa
JWhitesPro_1928The only two other things strange I'll add is a few of the devices that are an hour or two behind time zone wise broke after the original ones broke...
The other hopefully unrelated thing was I upgraded BIGIQ to 5.4HF2...however only two of the several broken devices are actually managed by BIGIQ...all of the broken ones actually were managed by BIGIQ in the past (they still say managed by BIGIQ in the GUI even though they are not). The two devices that log in fine still were never managed by BIGIQ.
- JWhitesPro_1928
Upon further investigation it appears other users can still login...but just not my account...when SSL is enabled...when it's disabled I can login...when it's enabled only other users can log in.
- JWhitesPro_1928
Ok...for anyone who runs across this I found that if I deleted the 'userCertificate' attribute value on my active directory account it allowed me to login...I never used this for anything so the impact to me was minimal (it was an encrypting file system certificate that was NOT expired and had been there a while)...I will have to research with support why that caused the issue
For whatever reason this was not an issue on 11.5.3 but 13.0 and 13.1 and 13.1.0.3 it wa