If you happen to have F5’s BIG-IP LTMs in your environment and have gone to upgrade the software to the latest-and-greatest release 12.0 (to address some of the discovered vulnerabilities), you may have noticed that AD authentication against Remote Role Groups fails with “Login failed” error:
Well, that’s a bug, alright. As with most of the bugs, there’s a workaround, so follow these steps:
- Login to the LTM’s WebUI with your local admin account
- Go to System -> Users -> Remote Role Groups
- For all Remote Role Groups that contain space character in the Attribute String (that is, there’s a space in the DN of a group), replace space with ‘\20’.
Original: memberOf=CN=LTM_Admins,OU=Some Groups,OU=Some Org Unit,DC=Domain,DC=com
That should be it!