LDAP Listener issue

peterw
Kilo Contributor

‎07-15-2015 07:02 AM

Hi guys,

I have recently set up the LDAP server and integration and this works fine on the scheduled loads however, for some reason when I've activated the listener it does not seem to pick up any changes at all. I've looked in the logs but can see no entries for the listener (not even an error), in fact the only reason I can see that it is throwing an error is that the LDAP monitor displays the below from time to time:

Current status   15/07/2015 14:59:18Error
Last info message   15/07/2015 14:59:18Connection error. Waiting 64 seconds to retry
Last change  
Last error   15/07/2015 14:59:18LDAP response read timed out, timeout used:300000000ms.

Has anyone seen this before? Is there something that needs to be configured on the AD server at all?

Many thanks,

PW

Labels:
0 Helpfuls
  • 6,098 Views
15 REPLIES 15

peterw
Kilo Contributor
In response to JBark

‎07-15-2015 08:19 AM

Hi Jeffery Blackwell,



Thanks for the information. We too have limited the number of returned attributes:



sAMAccountName,uol-StaffNumber,title,initials,givenName,sn,displayName,department,departmentNumber,uol-PersonType,l,extensionAttribute1,telephoneNumber,ipPhone,uol-EduPersonScopedAffiliation,lockoutTime,uolLineManager,uolHeadOfDepartment,uolDepartmentHeadOf,extensionAttribute9



Still a few but nowhere near as many as were originally being passed. As for the timeouts, we've just put them to be so high for testing merely because all we are getting is a timeout response so wondered if it was something to do with a smaller time out that we had.


0 Helpfuls

Michael Kaufman
Giga Guru

‎07-15-2015 08:17 AM

Recently we had these occasional timeout issues with LDAP Authentication.   They were errors similar to yours.



We had uploaded a new LDAP Certificate with SSL.   However since our AD Server was so old, the certificate will have occasional errors. In order to fix the errors, ServiceNow had to install a JVM on their side to support the old type of certificate. If you recently uploaded a certificate, this might be the issue.



We always thought the issue was due to a firewall rulle, so we spent a lot of time trying to solve it on the firewall side.   However there was nothing wrong with the firewall settings in this case for us.



FYI, if you are using LDAP for authentication, you can't use a Mid Server with LDAP.   LDAP Integration via MID Server Setup - ServiceNow Wiki



LDAP cannot communicate via the MID Server with password authentication.


Mike




mattarmstrong
Mega Contributor
In response to Michael Kaufman

‎12-04-2015 03:09 PM

Peter did you get this resolved?   I'm having the same issue, mid server is up and running I'm able to restart the server but when I stop or start the listener I receive an error, Error (Shutting down...) or Error connecting.   Extended my timeouts with no luck and tried a few different things with user credentials and config files with no change in response.



I am pulling a small set of properties from AD, and my test instance is working fine which is on the same mid server.


0 Helpfuls

tony_barratt
ServiceNow Employee
ServiceNow Employee
In response to mattarmstrong

‎12-05-2015 01:33 AM

Hi Matt,



What version is your instance?



PRB633319 did address an issue with LDAP Listener when a MID Server is used.


It is fixed in FP6 and EP12.



Best Regards



Tony


0 Helpfuls

mattarmstrong
Mega Contributor
In response to tony_barratt

‎12-07-2015 06:31 AM

FP8 for all 3 instances.


0 Helpfuls