This article is a supplement to the ServiceNow documentation. For full documentation please refer ServiceNow official website
Checkout our NEW Video Channel you can like and subscribe too!

Introduction

An LDAP integration allows your instance to use your existing LDAP server as the master source of user data.

Directory service

A directory service is like electronic telephone book that stores information of user.

LDAP

LDAP or lightweight directory access protocol is a communications protocol that fetches user information from a directory service. The information is stored in the form of a tree as shown below ldapintegration06052020 (1).png

Where

CN = Common Name

OU = Organizational Unit

DC = Domain Component

DN = Distinguish Name

RDN = Relative distinguished name

SN = Sur Name

So for example, to identify user Mango King in the above example we have to right ldapintegration06052020 (2).png

This lines tell that

  • The (CN) “common name” of the user is Mango King
  • He belongs to people (OU) “organization unit”
  • He belongs to SAP domain (DC)
  • SAP domain parent domain is nctucs(DC)
  • Nctucs parent domain is net (DC)

The object class corresponding to mango king user holds other attributes like firstname lastname telephone etc.

LDAP ServiceNow Integration

SNOW can contact with LDAP server to gather user/group related information. It can collect this information via MID server or directly query the LDAP server. ldapintegration06052020 (3).png So in the as shown in the diagram below

  • We have to create a LDAP server providing the LDAP url
  • Create Data source and import set
  • Create a transform Map to Map the LDAP properties with user/group table in SNOW

Use Case

  1. For our example we will use a free LDAP server hosted in the below site https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ ldapintegration06052020 (4).png
  2. Type LDAP in the left pane and go LDAP server >Create new server ldapintegration06052020 (5).png
  3. In the right pane, give a name of the ldap connection ldapintegration06052020 (6).png
  4. Once saved, this will open up the LDAP form in detail as shown below ldapintegration06052020 (7).png
  5. If we scroll down we can see below options ldapintegration06052020 (8).png We can click on Test Connection to verify if the connection is fine We can also traverse the DIT by clicking browse Further down the form we can see the list of OU that SNOW have identified after test connection is successful ldapintegration06052020 (9).png ldapintegration06052020 (10).png
  6. Click on User and got to the detail page for this User OU ldapintegration06052020 (11).png
  7. create a new data source in the next window ldapintegration06052020 (12).png
  8. To create the transform map, Load 20 records and click on create transform map as usual ldapintegration06052020 (13).png
  9. Scroll down click on Mapping assist ldapintegration06052020 (14).png
  10. Now for demo purpose remove all the mapping fields and keep only two fields say last name and ID as below ldapintegration06052020 (15).png 
     If any one of the properties are missing and coalesce is on for the table mapping, then we will get exception.

    For example: By default, when we create ldap data source the transform map will have coalesce on for ldapintegration06052020 (16).png

  11. So in case this field is not present in the LDAP server properties, it will throw an error as below ldapintegration06052020 (17).png ldapintegration06052020 (18).png
  12. So we have to see properties available both in staging table and target table correctly. Remove/add element based on that from the map ldapintegration06052020 (19).png
  13. Best option is to check available methods exposed by the ldap server properties. In real-world scenario we can ask the LDAP administrator to enable/disable properties that we want to map in snow

Include script

Here we will do one more thing, we will use script import option to update the last name field based on the data that is there in the staging table

For example ldapintegration06052020 (20).png

If name of the person is “Einstein” we will update his last name with “superman” and for rest of the user we will update with normal last name with uid as received from the LDAP server

To do this we have to right a small condition script ldapintegration06052020 (21).png

Whenever we are doing transformation “source” is the staging table and “target” is the destination table.

So here we are going check if the uid property of the staging table is newton ldapintegration06052020 (22).png

If yes, return "super human"
Else return "uid" itself

To create a scripted transform map field we have check the use script checkbox ldapintegration06052020 (23).png And finally map the Target field as last name ldapintegration06052020 (24).png

Run the Load all records now Now let’s see the target table and check if for Einstein we have “superman” in the last name

ldapintegration06052020 (25).png ldapintegration06052020 (26).png

Question : If LDAP server user becomes inactive, how to make user inactive in ServiceNow?

In LDAP ,the userAccountControl property is used to make user active/inactive. So we can write script to check if the userAccountControl property is 512 or not, and based on that update the active field in user table ldapintegration06052020 (27).png ldapintegration06052020 (28).png

    Content