- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2015 02:44 PM
Hi,
I have a question about LDAP Integration, we are going to integrate servicenow with our LDAP Server however we need to know if servicenow LDAP Integration could store user credential like user/password. This is because we have been thinking about what happen if we have netowrk issues? If servicenow doesn't reach the LDAP Server Could we access into the servicenow instance?
We already have an agent with office365 and LDAP credentials were replicated into de server. Could servicenow replicate the credentials?
Thanks in advance
Solved! Go to Solution.
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2015 03:05 PM
LDAP integration does not store passwords in Servicenow. It queries the AD for the credentials.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2015 03:05 PM
LDAP integration does not store passwords in Servicenow. It queries the AD for the credentials.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2015 03:13 PM
Add to that, if you update your LDAP query to return the field userPassword it will not return that field or data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-17-2015 02:10 PM
Hi Alberto,
You can specify more than one LDAP server, thereby reducing the chances of losing connectivity to a LDAP Server
LDAP Integration Setup - ServiceNow Wiki
..
4.1 Specify Redundant LDAP Servers
You will still be able to access the instance if you do lose all connectivity to LDAP, with users who are locally defined.
it is good practice to have at least one user with admin role defined locally.
As noted already in this thread, LDAP Integration does not store passwords in ServiceNow.
You can make bulk changes to all users, or a subset of all users, using scripting.
So you could set as many users as you wanted, to locally authenticated, and then allocate them all the same password.
Just because it can be done, of course, does not mean it is good idea.
Especially as reverting back to LDAP authentication, might be a bit more challenging...
Reset Passwords for All Users to Set String - ServiceNow Wiki
The above wiki article explains how to to allocate all users the same password.
Best Regards
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-20-2015 08:12 AM
Agree
My normal LDAP imported account had a password set so I can side_door if needed
As we have a feature to disable AD records either if the record in AD is disabled or if it has not updated for more than 2 weeks, us admins here also have manually created accounts so we can get in incase of our main accounts being disabled.
My other suggestion is that you name your manual account differently to your normal name.
while our userID's are prefixed with our domain details (so a manual account is MAN\ to give clarity), I have found that people will sometimes raise a ticket in my name and instead of picking my AD account (Julian.Poyntz), they will often pick my MAN account (jules.poyntz) - partly as I known as Jules by close colleagues
I notice this as my manual accounts email address is one of my home ones and I suddenly see ticket information come through
For our LDAP imports and our Federation Services, we have a single address for each, but the address is hitting a Netscalar. These in turn are hitting various servers globally.
