- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: iLO LDAP integration letting everyone in!?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2016 10:21 AM
тАО07-11-2016 10:21 AM
iLO LDAP integration letting everyone in!?
I have configured iLO with LDAP directory integration. I am able to successfully login to iLO using my AD credentials. However, other AD users are also able to login to iLO. Users who are NOT in the "iloadmins" security group shown below are able to successfully login to iLO.
Settings I am using:
Administration > Security > Directory
"User Directory Default Schema"
Directory Server Address: <FQDN of AD server>
Port: 636
Directory User Context 1: OU=groups,OU=employees,DC=contoso,DC=dc,DC=com
Administration > User Administration
Directory Groups: CN=iloadmins,OU=groups,OU=employees,DC=contoso,DC=dc,DC=com
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2016 10:39 AM
тАО07-12-2016 10:39 AM
Re: iLO LDAP integration letting everyone in!?
Go to "Administration->User Administration" and remove the "Authenticated Users" from the Directory Groups.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2016 10:49 AM
тАО07-12-2016 10:49 AM
Re: iLO LDAP integration letting everyone in!?
Thanks for the suggestion Oscar but that did not resolve my issue. I deleted the Autehnticated Users group all together. Another user was still able to login to iLO.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-14-2016 06:15 AM
тАО07-14-2016 06:15 AM
Re: iLO LDAP integration letting everyone in!?
Any other ideas here? A bug in iLO 4 (version 2.40)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-29-2016 08:45 AM
тАО07-29-2016 08:45 AM
Re: iLO LDAP integration letting everyone in!?
I tried again with the latest iLO 2.44. Still no luck, it's letting everyone in with their domain creds. Oh well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2016 06:51 AM - edited тАО08-03-2016 06:52 AM
тАО08-03-2016 06:51 AM - edited тАО08-03-2016 06:52 AM
Re: iLO LDAP integration letting everyone in!?
Every time we get a case like this, it ends up being caused by a misconfiguration. Like for example, the iLO group you've created is inheriting permissions from other groups or, there are nested groups associated with this iLO group. If user "Bob", for example, is a member of such groups, he will be able to login to iLO.
Please have a hard look at how your AD groups are setup and check for all "effective" permissions user "Bob" has.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!