From our docs, here is some good info:"

An LDAP integration enables the ServiceNow ® instance to quickly and easily populate user records from your existing LDAP database.

Administrators integrate with a Lightweight Directory Access Protocol (LDAP) directory to streamline the user login process and to automate administrative tasks such as creating users and assigning them roles. An LDAP integration allows the system to use your existing LDAP server as the master source of user data. Typically, an LDAP integration is also part of a single sign-on implementation.

The integration uses the LDAP service account credentials to retrieve the user distinguished name (DN) from the LDAP server. Given the DN value for the user, the integration then rebinds with LDAP with the user's DN and password. The password that the user enters is contained entirely in the HTTPS session. The integration never stores LDAP passwords.

The integration uses a read-only connection that never writes to the LDAP directory. The integration only queries for information, and then updates its internal database accordingly.

Note: If your instance is using an LDAP integration and the Active Directory settings require users to reset their password upon login, your users will not be able to log in the instance. The instance cannot change any user's active directory password.

Authentication

When one of your users enters their domain credentials in the login page, the application passes those credentials to the defined LDAP server(s). The LDAP server responds with an authorized or unauthorized message which the application uses to determine if access should be granted. By authenticating against your LDAP server, users use the same credentials for the application that they use for other internal resources on your domain. Also, you can leverage any existing password and security policies that are already in place (for example: account lockout after a number of failed logins and password expiration dates). Because the application is receiving a "yes" or "no" from the LDAP server, these policies are enforced."

You can use either a mid server or a web call and a certificate to authenticate, here is the steps how: https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/integrate/ldap/concept/c_LDAPInt...