https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6883497#M7812 <P>I tried again with the latest iLO 2.44. Still no luck, it's letting everyone in with their domain creds. Oh well.</P> Fri, 29 Jul 2016 15:45:34 GMT wreigle 2016-07-29T15:45:34Z https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6877140#M7804 <P>I have configured iLO with LDAP directory integration. I am able to successfully login to iLO using my AD credentials. However, other AD users are also able to login to iLO. Users who are NOT in the "iloadmins" security group shown below are able to successfully login to iLO.</P><P>Settings I am using:<BR />Administration &gt; Security &gt; Directory<BR />"User Directory Default Schema"<BR />Directory Server Address: &lt;FQDN of AD server&gt;<BR />Port: 636<BR />Directory User Context 1:&nbsp;OU=groups,OU=employees,DC=contoso,DC=dc,DC=com</P><P><SPAN>Administration &gt; User Administration<BR />Directory Groups:&nbsp;CN=iloadmins,OU=groups,OU=employees,DC=<SPAN>contoso</SPAN><SPAN>,DC=</SPAN><SPAN>dc</SPAN><SPAN>,DC=com</SPAN></SPAN></P> Mon, 11 Jul 2016 17:21:12 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6877140#M7804 wreigle1 2016-07-11T17:21:12Z https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6877576#M7805 <P>Go to "<SPAN>Administration-&gt;User Administration" &nbsp;and remove the "Authenticated Users" from the Directory Groups.</SPAN></P> Tue, 12 Jul 2016 17:39:21 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6877576#M7805 Oscar A. Perez 2016-07-12T17:39:21Z https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6877580#M7806 <P>Thanks for the suggestion Oscar but that did not resolve my issue. I deleted the Autehnticated Users group all together. &nbsp;Another user was still able to login to iLO.</P> Tue, 12 Jul 2016 17:49:55 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6877580#M7806 wreigle 2016-07-12T17:49:55Z https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6878314#M7807 <P>Any other ideas here? A bug in iLO 4 (version 2.40)?</P> Thu, 14 Jul 2016 13:15:20 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6878314#M7807 wreigle 2016-07-14T13:15:20Z https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6883497#M7812 <P>I tried again with the latest iLO 2.44. Still no luck, it's letting everyone in with their domain creds. Oh well.</P> Fri, 29 Jul 2016 15:45:34 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6883497#M7812 wreigle 2016-07-29T15:45:34Z https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6884998#M7813 <P>Every time we get a case like this, it ends up being caused by a misconfiguration. Like for example, the&nbsp;iLO&nbsp;group you've created is inheriting permissions from other groups or, there are nested groups associated with this iLO group. &nbsp; If user "Bob", for example, is a member of such groups, he will be able to login to iLO.&nbsp;</P><P>Please have a hard look at how your AD groups are setup and check for all "effective"&nbsp;permissions user "Bob" has.</P> Wed, 03 Aug 2016 13:52:03 GMT https://community.hpe.com/t5/server-management-remote-server/ilo-ldap-integration-letting-everyone-in/m-p/6884998#M7813 Oscar A. Perez 2016-08-03T13:52:03Z