LDAP Integration
An LDAP integration allows your instance to use your existing LDAP server as the main source of user data.
STEP1: Define LDAP Server
Option1: LDAP Server with MID Server
This is the most common method as it is the easiest to configure and doesn’t require much effort from a company AD admin.
You’ll need to setup a midserver to use this method. Please note that you can’t authenticate (login) using this method and you can’t use a SSL connection.
For authentication, an SSO connection is often configured. So you use the LDAP Integration to pull in users/groups and SSO to authenticate (login).
Option2: LDAP Server with VPN
For this method, you need to ask ServiceNow for a VPN Request though HI Support. This method isn’t that preferred is that you are relying on the ServiceNow VPN to work and other maintenance concerns.
Option3: External IP Address
For this method, you expose an external IP Address to ServiceNow.
Option4: LDAPS with PKI Certificate
Most companies don’t have LDAPS (note the “S”). However for the companies that do, this is the superior method to connect in my opinion.
STEP2: Create LDAP Server
Left Navigator Bar > Create New Server
Example LDAP Server
Make sure to specify which LDAP Attributes to import. Without specifying the LDAP attributes, the import set creates many fields, which can exceed the row size limit during the import process.
Common Attributes
description,employeeNumber,managedby,department,division,description,dn,employeeID,givenname,mail,manager,member,memberof,mobile,objectguid,physicaldeliveryofficename,samaccountname,sn,source,telephonenumber,thumbnailPhoto,title,useraccountcontrol,userPrincipalName
3. Click Submit
4. When set to Active, the connection is tested. Red is bad. Green is good!
STEP3: LDAP Browse
In the following step, you need to specify the RDN and Filters for the User and Group accounts. The RDN and Filters, tell ServiceNow where to look for the data.
How do you know where the data is stored in LDAP? Every LDAP directory structure is different, so you need to Browse.
In the LDAP Server you setup in the last step, use the Related link Browse to browse the LDAP Server and find the data you want to pull.
STEP3: LDAP OU Definitions
After you determine the data you want to pull you update the LDAP OU Definitions (Located in the LDAP Server record at the bottom of the form).
Click the Browse button on the LDAP OU Definition after you set it up to verify it is going to the right location.
Sometimes you need to setup new extra LDAP OU Definitions if the data is in different directories and not just parent/child directories.
LDAP OU Definition (User)
LDAP OU Definition (Groups)
STEP4: Data Source
Under each LDAP OU Definition, there is a data source. In the data source you can run the import and see where what import set the data is being loaded into.
Click “Load All Records” to load the data into import sets.
STEP5: Import Sets
Import sets are temporary “staging tables” in ServiceNow that data sits before it is “transformed” into actual ServiceNow data. Out-of-the-box, the user import set is ldap_import, and the group import is ldap_group_import.
Go review the import set data and make sure the columns created for the data are big enough. You may need to increase the size of a column in the import set if the data is being truncated.
STEP6: Transform Maps
When you get to the Transform Maps, make sure you are testing this work in development first!
The transform maps convert the data from the import set into actual user an group records.
The LDAP User Import transform map is the one you typically modify. Some common configurations of the user transform map.
Coalesce Match. Important to choose a coalesce in the field map so that you don’t get duplicate user records. Companies often use samaccountname or objectguid for the coalesce field.
Additional fields. If you have additional fields to map, here’s the place.
When you are ready to transform, click the Transform Related Link in the Transform Map.
View the Log after data load to see if any errors occur.
Comments
Post a Comment