Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

iLO LDAP integration letting everyone in!?

Occasional Visitor

iLO LDAP integration letting everyone in!?

I have configured iLO with LDAP directory integration. I am able to successfully login to iLO using my AD credentials. However, other AD users are also able to login to iLO. Users who are NOT in the "iloadmins" security group shown below are able to successfully login to iLO.

Settings I am using:
Administration > Security > Directory
"User Directory Default Schema"
Directory Server Address: <FQDN of AD server>
Port: 636
Directory User Context 1: OU=groups,OU=employees,DC=contoso,DC=dc,DC=com

Administration > User Administration
Directory Groups: CN=iloadmins,OU=groups,OU=employees,DC=contoso,DC=dc,DC=com

5 REPLIES
Honored Contributor

Re: iLO LDAP integration letting everyone in!?

Go to "Administration->User Administration"  and remove the "Authenticated Users" from the Directory Groups.




__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
Occasional Advisor

Re: iLO LDAP integration letting everyone in!?

Thanks for the suggestion Oscar but that did not resolve my issue. I deleted the Autehnticated Users group all together.  Another user was still able to login to iLO.

Occasional Advisor

Re: iLO LDAP integration letting everyone in!?

Any other ideas here? A bug in iLO 4 (version 2.40)?

Occasional Advisor

Re: iLO LDAP integration letting everyone in!?

I tried again with the latest iLO 2.44. Still no luck, it's letting everyone in with their domain creds. Oh well.

Honored Contributor

Re: iLO LDAP integration letting everyone in!?

[ Edited ]

Every time we get a case like this, it ends up being caused by a misconfiguration. Like for example, the iLO group you've created is inheriting permissions from other groups or, there are nested groups associated with this iLO group.   If user "Bob", for example, is a member of such groups, he will be able to login to iLO. 

Please have a hard look at how your AD groups are setup and check for all "effective" permissions user "Bob" has.




__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!