Bug ID 1252197

Bug Tracker
ID 1252197

Bug ID 1252197: F5OS LDAP / Active Directory authentication is case-sensitive (username case must match)

Last Modified: Jun 02, 2025

Affected Product(s):
F5OS F5OS, F5OS-A, F5OS-C, Velos(all modules)

Fixed In:
F5OS-C 1.8.0

Opened: Feb 26, 2023

Severity: 2-Critical

Symptoms

Using LDAP / Active Directory to remotely authenticate to the F5OS system treats usernames in a case-sensitive fashion. If a user attempts to authenticate to the F5OS system and specifies the username in a case that differs from how it is defined in the directory, authentication will fail. For instance, if the Active Directory username is defined in the directory in all caps ("sAMAccountName: USERNAME"), F5OS will not authenticate the user if they attempt to log in with the username as "username". Failed SSH connection attempts will generate system logs similar to the following: hostname sshd[11440]: pam_faillock(sshd:auth): User unknown: username hostname sshd[11440]: pam_unix(sshd:auth): check pass; user unknown hostname sshd[11440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.0.2.1 hostname sshd[11440]: pam_ldap(sshd:auth): username changed from username to USERNAME hostname sshd[11438]: pam_loginuid(sshd:session): error: login user-name 'username' does not exist hostname sshd[11438]: pam_namespace(sshd:session): user unknown 'username' hostname sshd[11438]: pam_keyinit(sshd:session): Unable to look up user "username" hostname sshd[11438]: pam_unix(sshd:session): session opened for user username by (uid=0) hostname sshd[11438]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session hostname sshd[11438]: fatal: login_init_entry: Cannot find user "username" hostname sshd[11438]: fatal: login_init_entry: Cannot find user "username" hostname sshd[11451]: fatal: mm_request_send: write: Broken pipe

Impact

Authentication fails on both the CLI and GUI

Conditions

- Using LDAP or Active Directory authentication for F5OS system authentication - Attempting to log in with username specifying the username with case that differs from how the username is defined in the remote directory.

Workaround

When logging into an F5OS system, specify the username as it exists in the directory.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips