Set up communication between LDAP and MID servers

Configure your LDAP and MID servers to communicate with each other.

Before you begin

Role required: admin

About this task

A MID Server connection communicates over HTTP on port 80 by default. This communication channel does not require a certificate. The connection between the MID Server and the instance is over HTTPS (port 443).

An instance can connect to an LDAP server via the MID Server. When you do this, the instance communicates with the MID Server via HTTPS, and the MID Server communicates with the LDAP server via LDAP (port 389). The instance can also connect to the LDAP server directly, using LDAP or LDAPS, either over the internet or through a VPN tunnel.

Note: LDAP cannot communicate via the MID Server with password authentication.

To set connection properties for a specific LDAP server:

Procedure

  1. Navigate to System LDAP > LDAP Servers.
  2. Select the LDAP server to configure.
  3. Set the connection property fields (see table).
  4. Click Update.
    Table 1. LDAP connection properties
    Field Description
    Name Enter the name of the server.
    Active Select this check box if the server is active.
    LDAP Server URLs Enter the URLs of the primary and backup LDAP servers. Servers are first ordered by operational status, with servers that are Up listed first, then ordered by the Order value that you specify. The first server listed is the primary LDAP server. The others are redundant servers.
    Server URL Enter the URL of the server. Configure the form to add this field if necessary. It is a calculated read-only field that shows the list of LDAP servers that you can also see in the LDAP Server URLs field, separated by a space, and ordered by operational status and the order values of the URLs.
    Login distinguished name Enter the distinguished name (DN) of the user authenticating the LDAP connection.
    Login password Enter the server's password.
    Starting search directory Enter the relative distinguished name (RDN) of the default search directory. All queries to this LDAP server will start from this RDN.
    MID Server Select the MID Server you want to use to connect to the LDAP server. Using a MID Server to establish an LDAP connection prevents you from having to expose the LDAP server to external network traffic. It also eliminates the need to establish a VPN tunnel between your LDAP server and ServiceNow data centers.
    Note:
    • The MID Server user must have the user_admin role in order to be able to read LDAP server configuration records.
    • The following are not available with the MID Server:
      • LDAP authentication
      • SSL connection
    Connect timeout Specify the maximum number of seconds that the instance has to establish an LDAP connection. If no connection is made by this time, the connection is terminated.
    Read timeout Specify the number of seconds the integration has to read LDAP data. The integration stops reading LDAP data after the connection exceeds the read timeout. If you enable an SSL connection, you can also set a read timeout value with thecom.glide.ssl.read.timeoutsystem property. If you enter timeout values for both this field and the system property, the lowest timeout value takes precedence.
    SSL Select this check box to require the LDAP server to make an SSL-encrypted connection. For more information, see Enable SSL. If you selected a MID Server, this field is not available.
    Listener Select this check box to enable the integration to periodically poll Microsoft Active Directory servers or LDAP servers that support persistent search request control. Additionally, if you selected a MID Server, the listener functionality is available for that MID Server.
    Listener Select this check box to enable the integration to periodically poll Microsoft Active Directory servers or LDAP servers that support persistent search request control. Additionally, if you selected a MID Server, the listener functionality is available for that MID Server. See LDAP listener and Enable an LDAP listener for more information.
    Listen interval (timeout value) Specify the listener timeout value in the number of minutes that the integration listens for LDAP data with every connection. The integration stops listening for LDAP data after the connection exceeds the listen interval.
    Paging Select this check box to have the LDAP server split up LDAP attribute data into multiple result sets rather than submit multiple queries.