Lightweight Directory Access Protocol (LDAP) is a cross-platform protocol used to manage and access directory services, such as Active Directory, which is used to authenticate users and groups. LDAP follows a client/server model, where an LDAP application requests information from an associated LDAP server. Once authenticated, the database responds to the LDAP server, which in turn sends the response back to the application.
LDAP integration enables ServiceNow to connect with an existing LDAP directory/server for user authentication and data synchronization. The integration works by having the LDAP application request data (acting as the client side) and providing a username and password for authentication. The server verifies these credentials, and if they are valid, the data is transmitted. Notably, the password entered is contained entirely within the HTTPS session, as this integration never stores LDAP passwords.
There are two key aspects to the integration:
1.Data Population
Integration with LDAP servers allows you to quickly and easily populate ServiceNow with user records from the existing LDAP database. Configuration flags are available to either create, ignore, or skip incoming LDAP records to prevent data inconsistencies. You can limit the data imported by specifying LDAP attributes, thereby importing only the data you want to expose to an instance. If no LDAP attributes are specified, the integration imports all available object attributes from the LDAP server.
2.Authentication
In an LDAP-integrated ServiceNow environment, when users try to log in, their credentials are passed to all defined LDAP servers. By authenticating against your LDAP server, users can access the platform with the same credentials they use for other internal resources on your network domain.
LDAP Directories/Structure
LDAP directories are structured as tree entities, where each entity consists of a set of attribute-value pairs describing an object.
Prerequisites for LDAP Integration
.Allow inbound network access through the firewall
.External IP/Name of the LDAP server
.User credentials with read-only access
.The directory services server must be LDAP V3 compliant
.PKI certificate for an LDAP V3 compliant directory services server
LDAP Servers Supported by ServiceNow
.Microsoft Active Directory
.Novell
.Domino
.Open LDAP
How to Set Up and Perform LDAP Integration in ServiceNow
LDAP integration uses a read-only connection that never writes to the LDAP directory/server. The integration's sole purpose is to query for information and update the database accordingly.
1. Search for LDAP in Application Navigator and create a new server:
-For "Type of LDAP Server," leave it as Active Directory (or choose "other" if working with a different server).
-For "Server Name," enter a name (e.g., TestLDAPIntegration).
-For the server URL, use a free LDAP test server found online (e.g., forumsys.com).
-Paste the server URL from the free test server into ServiceNow.
-For "Starting Search Directory," indicate where ServiceNow should begin its search for users and groups.
2. Submit the form:
-You will be taken to a different record containing the information you filled out.
-Provide a Login Distinguished Name and Login Password to allow ServiceNow to access the server/directory. You can find these details on the free test server website.
-Save and submit the form.
3. Verify the connection:
-A message should display indicating that the connection has been successful.
-In the related list under LDAP OU Definitions, click "Users."
-Remove the out-of-the-box (OOB) value displayed in the filter field and replace it with the specific data you are querying (e.g., users with names starting with "e").
-Click the 'Test connection' related link to secure connection and 'Browse' related link to validate and check if the test worked.
4. Import and map data:
-Now that you have fetched the desired user data, populate the data into your ServiceNow database on the sys_user table.
-Under LDAP OU Definition > Users, click on the data included in Data Source to access the import set.
-Click "Load All Records."
-Create a transform map, name it, set the target table to 'sys_user', and automap fields.
-Use the mapping assist to map fields (e.g., UID to UserID).
-Save and transform the data.
-Verify that the users have been populated successfully in the user table.
Congratulations! you have been able to successfully perform LDAP integration on your ServiceNow instance. LDAP integration is a powerful feature that streamlines user management and authentication in ServiceNow, making it easier to maintain consistency and security across your network.
Here are some additional links + documentation to help you sharpen your understanding of LDAP Integration:
•What is ServiceNow Integration:
https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/success/enablement/integration-implementation-faq.pdf
•ServiceNow LDAP : https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/ldap/concept/c_LDAPIntegration.html
•Understanding ServiceNow LDAP :
https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/ldap/reference/r_LDAPIntegrationFAQs.html
•LDAP Test Servers : https://www.google.com/search?q=ldap+test+server&ie=UTF-8&oe=UTF-8&hl=en-us&client=safari
•Configure LDAP in ServiceNow : https://youtu.be/e4c0MgJzwu4?si=GN70OLjLRKIDzvxG
Top comments (0)