[IAG] AD domain users create a new security group, and domain users cannot associate policies through the security group

Problem Description

AD domain users create a new security group, and domain users cannot associate policies through the security group

Effective troubleshooting steps

1. Use the catkv command to check if the user matches the security group.
2. Click ldap synchronization and find that the synchronization failed
3. Capture the ldap synchronization data packet and prompt size limit exceeded
   

Root cause

AD domain has synchronization size limit

solution

Enable "Use mode extension function" and resynchronize to solve the problem.

111.png (9.64 KB)

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=7982&isOpen=true