When attempting to connect an LDAP group to an ACL from the 'Set LDAP Group' option of the Security->Manage Access Control List dialogue opened from Infrastructure Manager (IM), not all of the available groups in the LDAP group container configured in the hub probe appear in the list.
No errors similar to the following appear in the hub.log file when testing the LDAP configuration from the hub probe's Configure GUI:
You man see errors similar to the following in IM after selecting the 'Set LDAP Group' option:
The group container (XXX) contains more than 100 groups. You should for performance reasons consider to use a Group Container with fewer groups.
UIM/UMP Release : 9.2.0 or later
Component : UIM - HUB 9.20HF11 or later
When there are several hundred entries in the LDAP group container configured in the hub probe, it is possible for IM to display the full list of groups found in the configured group container, but if there are several thousand entries, IM cannot build the full list of groups. IM is considered legacy code which will eventually be replaced with Admin Console so this issue will not be corrected in IM.
When there are several thousand entries in the configured LDAP group container and it is not possible to create a smaller group container on the LDAP server to hold a smaller number of groups of users that are to be granted access to UIM, then it is possible to connect an LDAP group to an ACL through the Account Admin portlet in the UMP portal as documented in the Add or Modify Users with Account Admin->Edit an ACL->LDAP techdoc:
If 50 or fewer LDAP groups exist, the drop-down list for
is displayed in the right-hand pane. Select a group name from this drop-down list.
If more than 50 LDAP groups exist, no drop-down list will appear and you must enter the name of the LDAP group. The name must match an LDAP group name; an error will be displayed until the names match. If the LDAP group name or spelling is unknown, refer to the list of groups on the LDAP server and copy the name into the input field.