User has a large number of groups (more than 1000) in a single OU on the LDAP server. The user navigates to Device > User Identification > Group Mapping Settings > (select the group-mapping profile) > Group Include List and expands the OU with the large number of groups. The list that appears shows approximately 200 groups and the last option on the list is "more...". When the user clicks on "more...", nothing happens. The list does not expand to show all (or more) groups.
This restricts the user to add the groups to the include list from the WebUI.
Resolution
Option “More” is not to view more groups. It indicates that there are more entries/groups. In order to view more groups, use filter to see more entries. Users will have to enter a more specific filter to see the entries.
Add groups to the include list from the CLI. The following commands are given with sample field values.
For group names without spaces:
# set group-mapping AD server-profile AD group-include-list [cn=testgroup333,ou=tactesting,DC=pantac2003,DC=com]
# commit force
For group names with spaces:
# set group-mapping AD server-profile AD group-include-list [<space>"cn=allow group mapping for users,ou=tactesting,DC=pantac2003,DC=com"<space>]