Server Management - Remote Server Management
1748182 Members
3410 Online
108759 Solutions
New Discussion юеВ

Re: iLO LDAP integration letting everyone in!?

 
wreigle1
Regular Visitor

iLO LDAP integration letting everyone in!?

I have configured iLO with LDAP directory integration. I am able to successfully login to iLO using my AD credentials. However, other AD users are also able to login to iLO. Users who are NOT in the "iloadmins" security group shown below are able to successfully login to iLO.

Settings I am using:
Administration > Security > Directory
"User Directory Default Schema"
Directory Server Address: <FQDN of AD server>
Port: 636
Directory User Context 1: OU=groups,OU=employees,DC=contoso,DC=dc,DC=com

Administration > User Administration
Directory Groups: CN=iloadmins,OU=groups,OU=employees,DC=contoso,DC=dc,DC=com

5 REPLIES 5
Oscar A. Perez
Honored Contributor

Re: iLO LDAP integration letting everyone in!?

Go to "Administration->User Administration"  and remove the "Authenticated Users" from the Directory Groups.




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
wreigle
Occasional Advisor

Re: iLO LDAP integration letting everyone in!?

Thanks for the suggestion Oscar but that did not resolve my issue. I deleted the Autehnticated Users group all together.  Another user was still able to login to iLO.

wreigle
Occasional Advisor

Re: iLO LDAP integration letting everyone in!?

Any other ideas here? A bug in iLO 4 (version 2.40)?

wreigle
Occasional Advisor

Re: iLO LDAP integration letting everyone in!?

I tried again with the latest iLO 2.44. Still no luck, it's letting everyone in with their domain creds. Oh well.

Oscar A. Perez
Honored Contributor

Re: iLO LDAP integration letting everyone in!?

Every time we get a case like this, it ends up being caused by a misconfiguration. Like for example, the iLO group you've created is inheriting permissions from other groups or, there are nested groups associated with this iLO group.   If user "Bob", for example, is a member of such groups, he will be able to login to iLO. 

Please have a hard look at how your AD groups are setup and check for all "effective" permissions user "Bob" has.




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!