Errors "No DN returned for XXXX" and "No User info... - ServiceNow Community

Has anyone ever seen these errors? Both errors are listed in the LDAP log each time he attempt so login to SN. All other internal systems that uses AD for authentication work fine. Refreshing his user record does not cause an error and changing one of the fields populated by our LDAP feed correctly updates on the next scheduled load.
Our AD admin is stumped and I am not an AD guy, so I have no idea what it could be. Just really looking for clues at this point.

Has anyone ever seen this issue before in their instance?

5,523 Views

7 REPLIES 7

Make sure that the user is visible to service-now. It's possible that there is a filter on the ldap connection preventing the connection from seeing the user record on AD. It's also possible that the service-now user doesn't have rights to see this user account any more. Start by trying to browse from within service-now and make sure you can find it from there.

We are experiencing the same issue here. "No DN returned for ..." and "No user information found in ldap for ...". This is on a two-domain setup, with one LDAP server in ServiceNow for each domain.

We can browse AD just fine and pull up the user's details from within ServiceNow's LDAP browser.

It actually looks like we're having issues using the UPN as a username (user@domain.com) instead of sAMAccountName. If I change the user account in ServiceNow to have a username the same as sAMAccountName instead of userPrincipalName, the issue is resolved. Unfortunately, that fix won't work for us, so we're still looking for another solution.

Our issue is now resolved. We weren't pulling the DN from Active Directory. I added a field on sys_user named u_ldap_dn, added the appropriate transform mapping from "distinguishedname" to "u_ldap_dn" in the LDAP User transform map, and set the "DN Field" on the LDAP Server to the newly created field and everything works as designed.

The wiki hints at this, but doesn't explicitly call out that you'll need to import the DN to a field in order to use the userPrincipalName.

EDIT: The "DN Field" only shows on the advanced view of the LDAP server record. You'll have to click the "Advanced View" ui link to see this field.

I stumbled upon this thread, with the same error.
Aldo this is a long time ago I still want to give the solution.

1) The LDAP Server needs to direct to the Server that can query the user. (which is the sys id of the record ldap server)

2) The source is the DN of the user for instance in my case (ldap:uid=newton,dc=example,dc=com)
I've used a test ldap from this website (https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/) which can even used with the UID.

Here comes the part that fixed is for me:

3) In the LDAP OU Definitions with the Table sys_user must QUERY the User ID from ServiceNow you want.

So the "Query field" must be the field for the 'User ID' in ServiceNow

- sAMAccountName(Default) or UPN or mail

- For my instance I used 'mail' since our User ID's are equal to the 'email' (transform map)

Be sure you define your Transform maps correctly, like filling the DN and LDAP Server of the user.

If the sys property (glide.ldap.user.autoprovision) is set to true, it will insert user when not existing this will be filled in automatically aswel with the use of the transform map given. If not correctly the user can login 'once' and then fail, because of the wrong LDAP Server OR Source.

Hope this helps!

54 KB