Novell Access manager policy configuration reports "Too many items to display" while trying to create a group based policy

  • 7003963
  • 23-Jul-2009
  • 26-Apr-2012


Novell Access Manager 3.1
Novell Access Manager 3.1 Service Pack 2


Novell Access Manager has been configured to make use of an MS Active Directory userstore.
While trying to create a group based policy the AC opens a new windows:

"Filter:________________ Query
[Too many items to display]

The Novell Access Manager documentation does not state which syntax is required in order to run the requested filter


The following syntax can be used for the filter option:
  • LDAP Group the query string is "(cn=<strFilter>)"
  • LDAP OU the query string is "(ou=<strFilter>)"
As another workaround for a Group Policy you can use the following configuration which will read the LDAP"memberof" attribute on the user object and compare this with a"Value Entry Field" storing the Fully Qualified Group name.


If LDAP Attribute: memberof
comparison: String: Equals
Mode Case: Sensitive
Value: Data Entry Field" CN=Administrators,CN=Builtin,DC=kgast,DC=nam,DC=com
Result on Condition Error: False

Activate Role: AdminUser