Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Unable to login after changing user from LDAP to local authentication

Go to solution
martinsk
Mega Expert

‎12-04-2018 08:06 AM

Hi

Our instance is configured for LDAP integration - users authenticate via the internal AD server and user records are created / updated from the each AD user object.

I've got a situation where a user's surname has changed in AD, and because the import coalesces on the sAMAccountName, a new user record has been created in ServiceNow. Now that's a bit of issue in itself, but not the one I'm looking to solve right now. The old ServiceNow user account has a number of outstanding approval requests against it. What I'd like to do is change the user account from using LDAP authentication to being a local account (so they can log in, and approve the outstanding requests).

In the user record, I've removed the values from the 'SSO source' and 'LDAP server' fields, and set a new password (the user account has no roles in the system).

However, when I attempt to log in with the user account, I get an 'invalid user or password' error. And when I check the log, there's a 'no DN returned' error against the login attempt, which suggests it's still attempting to authenticate against LDAP.

What am I missing?

Thanks in advance.

Martin

 

0 Helpfuls
  • 2,765 Views
1 ACCEPTED SOLUTION

Go to solution
martinsk
Mega Expert

‎12-06-2018 08:46 AM

OK, so there's another field called 'Source' - this is the field that needs to be cleared, in order for the account to authenticate locally (in ServiceNow), rather than being re-directed to the LDAP server.

Case closed.

 

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Jeff Currier
ServiceNow Employee
ServiceNow Employee

‎12-04-2018 10:24 AM

Do you have the multi-provider SSO plugin enabled?  I believe you need that if you want to do both types of authentication

0 Helpfuls

Go to solution
martinsk
Mega Expert

‎12-06-2018 06:12 AM

Thanks for your reply.

Yes, the plugin is active. We're already using both authentication types, without issue. It only seems to be a problem with accounts created via an LDAP import.

Martin

0 Helpfuls

Go to solution
martinsk
Mega Expert

‎12-06-2018 08:46 AM

OK, so there's another field called 'Source' - this is the field that needs to be cleared, in order for the account to authenticate locally (in ServiceNow), rather than being re-directed to the LDAP server.

Case closed.

 

0 Helpfuls