ProxySG & Advanced Secure Gateway

Hi ,

Client have Proxy ASG running version 6.6.5.9 deployed in explicit mode.. Authentication relam configured as IWA Direct method.

While browsing the AD users in VPM, it's not listing all the users. Only limitied users are displayed in the list.

Has any one faced similar issue ?? Kindly help.

Thanks in Advance

Hi Sriram,

                I have seen an issue in a case where the response from the AD was limited to X numbers and hence the list was not getting populated. You can confirm this by running below command on ASG against your IWA realm

Login to SSH-Console and from enable mode, execute below command

show xml-realm-search user Realm Searchpath

Realm is the name that you have used.

Searchpath is the domain directory

In the example below, my realm name is DIRECT and Searchpath is BCBLRLAB

The command would be show xml-realm-search user DIRECT BCBLRLAB and give and output as below

Try with this command and see whether the list you are getting is shorter that the expected or not.

FYI, I don't recommend this command on a LARGE domain as it will enumerate all users and could create a heavy load on the DCs.

Aravind, do you know how to limt the search path to a specific OU in AD? 

Harry

Hi Harry,

                This command that we are running is going to have the same effect when you use the VPM Browser option. When you try in VPM, this command is what getting executed in the backend (from Proxy to DC). So if you are using the VPM browser already, you can use the command to safely.

                 The command is not giving me an option to search inside an OU alone. Tests in lab is not giving me positive results.