LDAPs Integration enable port 636

Supriya B
Tera Contributor

‎05-23-2023 02:59 AM - edited ‎05-23-2023 03:04 AM

Hi All,

 

We are converting from LDAP to LDAPs. Please answer my below queries.

1. I want to enable the port 636, what should be the source and destination IP addresses? In my view, the source is where LDAP is installed and the destination is where AD is installed.

2. How to make LDAP request from Service now? 

3. How can I confirm If LDAPs is securely connected or not?

Please let me know the best practices for converting from LDAP to LDAPs.

 

Thanks,

Supriya.

0 Helpfuls
  • 998 Views
5 REPLIES 5

Richard Hine
Tera Guru
Tera Guru

‎05-23-2023 09:42 AM

Supriya,

 

Regarding your questions,

1. I would expect you are using a MID server to communicate with AD, so the source IP addresses would be the IPs of the MID servers, the destination IP would be the AD server.

2. The LDAP connection should already be defined if you have it set up already in SN, you just need to modify the URL and port.

3. Communication should only work if everything is configured correctly, your network people should be able to confirm.

 

For your reference, here is the support page : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0825425

 

Thanks and Regards,

 

Richard

0 Helpfuls

Supriya B
Tera Contributor
In response to Richard Hine

‎05-23-2023 09:54 AM

Hi Richard,

 

Thanks for the reply.

We are not using MID server to communicate with AD. we are having standard LDAP integration which communicates over TCP port 389.

 

Thanks,

Supriya.

0 Helpfuls

Richard Hine
Tera Guru
Tera Guru
In response to Supriya B

‎05-24-2023 03:25 AM

Supriya,

 

If you are not using a MID server, you will need to update the Firewall rules on your external boundary to add port 636 to the existing rules for your ServiceNow emergent IP addresses.

You will likely need to store the public certificate for your AD in your SN instance.

 

Once you have transitioned to LDAPS I would suggest you might want to remove port 389 from those firewall rules to avoid leaving the door open.

 

Hope this helps,

 

Richard

0 Helpfuls

Supriya B
Tera Contributor
In response to Richard Hine

‎05-24-2023 03:39 AM

Hi Richard,

 

We had installed the SSL certificate in our instance. Can you please elaborate more on external boundary? Please confirm what is the source and destination IP addresses used here?

 

Thanks,

Supriya.

0 Helpfuls