Citrix ADC: Locked LDAP Accounts caused by faulty LDAP Monitor Script with Firmware 13.0 build 82 and 12.1 build 62

The LDAP monitor Perl script sends wrong passwords to the LDAP directory. The result with many LDAP directories is a blocked / deactivated account used with the LDAP monitor. Hopefully you DO NOT use a service account here, which is used in many places and systems … d’oh!

In case you run into this issue and your LDAP load balancer is DOWN after the upgrade to the newest firmware, head over to CTX312196. There, you’ll find a link to download the bug-free script. It’s not as easy as copying the modified Perl script to its /netscaler/monitors directory – as the firmware is extracted from scratch with every reboot of your appliance or VM, the buggy script is copied over. Instead, you need to create / modify good old rc.netscaler script.

The Citrix article shows you the details. Citrix will fix this issue with the next release planned in end of July.

Leave a Reply