Novell Access manager policy configuration reports "Too many items to display" while trying to create a group based policy

Document ID:7003963
Creation Date:23-Jul-2009
Modified Date:26-Apr-2012
- Micro Focus Products:
  Access Manager (NAM)

Environment

Novell Access Manager 3.1
Novell Access Manager 3.1 Service Pack 2

Situation

Novell Access Manager has been configured to make use of an MS Active Directory userstore.
While trying to create a group based policy the AC opens a new windows:

"Filter:________________ Query
[Too many items to display]

The Novell Access Manager documentation does not state which syntax is required in order to run the requested filter

Resolution

The following syntax can be used for the filter option:

LDAP Group the query string is "(cn=<strFilter>)"
LDAP OU the query string is "(ou=<strFilter>)"

As another workaround for a Group Policy you can use the following configuration which will read the LDAP"memberof" attribute on the user object and compare this with a"Value Entry Field" storing the Fully Qualified Group name.

Example:

If LDAP Attribute: memberof
comparison: String: Equals
Mode Case: Sensitive
Value: Data Entry Field" CN=Administrators,CN=Builtin,DC=kgast,DC=nam,DC=com
Result on Condition Error: False

Activate Role: AdminUser