LDAPS via MID Server

General Add comments

LDAP is a good way to have your user provisioning in ServiceNow. This helps you to maintain user data in one source where it can be accessed by multiple applications. To transfer the user data securely, ServiceNow supports LDAP via the MID Server. LDAPS is also supported if it is directly into the customers’ network.
However, this is not preferred by most customers. They do not want ServiceNow to enter the customer network directly and this is most of the time not even possible. So, they want ServiceNow to do all communication to the customers’ environment via the MID Server because this is secure. However, this does not count for the internal communication. If LDAP is used via the MID Server, an employee who is already in the customers’ network, the data transferred between the LDAP server and the MID Server is not secure. Therefore, a lot of customers want Servicenow to perform LDAPS via the MID Server. Since this is not supported by Service Now I will explain how this can be done.


Navigate to System LDAP —> LDAP Servers —> Create New

Note that a MID Server should be selected and the URL needs to start with LDAPS and end with the correct port number.
All other related configuration is the same as with a normal LDAP interface.

MID Server

On the MID Server you need to import a certificate from the LDAP Server to make it possible to access the Active directory with ServiceNow. First you need to stop the MID Servers (Do NOT stop them all at once). After this is done you can open the console and enter the following command.

..\MIDServer\agent\jre\bin>keytool -importcert –keystore “..\MIDServer\agent\jre\lib\security\cacerts” -file “..\cert.cer”

If asked for a password, the default password is: changeit. A verification is asked if you trust the certificate and want to import it to the cacerts file. Enter “yes” to import the certificate.

By following above steps you are able to connect ServiceNow through the MID Server to LDAP using LDAPS.

If you have any questions please leave a comment!

Leave a Reply