Symptom
After a firewall upgrade to 18.1 or higher, LDAP stops working.
The LDAP debug (debug ldap) shows two additional backslash characters added to 'ldap-login-dn' while only one backslash character is configured:
For example:
ldap-login-dn CN=LDAP\
[15] Binding as (LDAP\\\) [CN=LDAP\\\]
Conditions
1. A firewall upgrade to software version 18.1 or higher, or a new deployment with an affected software version.
2. LDAP authentication/authorization used for example by AnyConnect/Secure Client.
3. ldap-login-dn contains a backslash character (\) in CN, e.g. ldap-login-dn CN=LDAP\.
Workaround
1. Downgrade software to the previously used version if the issue appeared after an upgrade.
2. Remove the backslash character from ldap-login-dn CN.
Further Problem Description
The issue was reported on a firewall running 9.18(3)56.
