In the authentication-providers.xml file, if autoAddUsers="true", when LDAP users login to the Portal, their user will get added to the ACL tables. You can view the users from the Portal. Provided you have the permissions to view users, click Settings, Access Control, Users. Even if you delete the user, if a user is showing up on the Usage Audit Report, then someone is using that deleted user to access DevTest and it will get added back to the ACL tables again.
You will need to have the unauthorized user deleted from the LDAP server.
We also provide authentication to login with the built-in users we deliver with DevTest:
admin, caipower, svpower, tpower, devtest, sysadmin and guest
If you do not want the built-in users to be used and only LDAP users to login to DevTest, then remove, or comment out, this provider from the authentication-providers.xml file:
name="ITKO Authentication Module"