LDAP Integration of Active Directory and ServiceNow via SSL

What’s up guys and girls!? If you’re looking to get started with LDAP integration in ServiceNow, here’s how you do it!

To integrate Active Directory and ServiceNow via LDAP through an SSL, we should create a Certificate Authority role on the Windows Server and issue a certificate (X.509) that ServiceNow can use to get access to the AD DS. We are assuming that the Active Directory Domain Server is already setup and is ready with users and groups.

ISSUING CERTIFICATE FROM ACTIVE DIRECTORY CERTIFICATE SERVICES FOR ESTABLISHING SSL: (windows server 2016)

  1. Before we proceed with integrating AD DS on Windows Server 2016 via secured LDAP, we need to first install Active Directory Certificate Services on the server.
  2. During installation, we must configure Certificate Authority Role by selecting a checkbox. Proceed further with default configuration.
  1. Restart the server.
  2. Open Tools –> Certificate Authority –> In the left pane, expand the AS CS –> Select Certificate Templates –> right click and select Manage.
  3. Find Kerberos Authentication in the center pane containing list of templates.
  4. Right click on Kerberos Authentication and click on Duplicate Template. Configure the properties of the new template as follows.
  5. In general tab, change the template display name to something like LDAP_over_SSL.
  6. In request handling tab, select the checkbox “Allow Private Key to be exported”.
  7. Click on OK.
  8. On the left pane, right click on Certificate Templates –> New –> Certificate Templates to issue.
  9. Find the newly created Certificate Template in the list provided.
  10. Click Ok.
  11. Open Run –> Type mmc and press OK.
  12. In the Console, Open File –> Add/remove Snap-in.
  13. Find Certificates in the Available Snap-ins List box. Select it and press Add.
  14. Select Computer Account for “Snap-in will always manage certificates for:”.
  15. Click Next/Finish. In the console, expand Certificates –> Personal in left pane. Right Click on Certificates (local .. ) under Personal.
  16. Select All tasks –> Request new certificate.
  17. Click next –> next and select LDAPoverSSL (your new template) and click enroll.
  18. Open cmd and type certutil -ca.cert ca_name.cer
  19. The private key will be exported to the cmd. Copy it and save it in text file.
  20. Open cmd –> Type LDP and click OK.
  21. Click on Connection –> Connect.
  22. Type localhost for Server and 636 for port. 636 is used for LDAP via SSL whereas 389 is used for LDAP.

SETTING UP LDAP SERVER IN ServiceNow:

  1. Go to System LDAP –> Certificates.
  2. Click on new to create a new X.509 Certificate.
  3. Copy the text of the private key from the server and paste it in PEM Certificate field. Give your certificate a name.
  4. Go to System LDAP –> Create new server.
  5. Give your server an arbitrary name.
  6. Type the server URL in the format ldap://host-name:389/. For example: ldap://13.57.229.43:636/
  7. Give the starting search directory like DC=org,DC=siva,DC=com.
  8. Press submit.
  9. Type your Login Distinguished Name like Administrator@org.siva.com.
  10. Type the relevant password.
  11. Once you are done, click on UPDATE. ServiceNow will test the connection. If successful, you will see:

For reference, please check this video: https://www.youtube.com/watch?v=bmEc5ioc8A0 (A huge thank you to LearnNow channel on YouTube for posting this resourceful video)

Written by

|| Grad Student at ASU || Majoring in Information Technology || Passionate about ServiceNow ||

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade