Troubleshooting LDAP integration via MID Server

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Troubleshooting LDAP integration via MID Server

    This guidance helps ServiceNow customers troubleshoot common issues encountered during LDAP integration via the MID Server. It focuses on how to use the External Communication Channel (ECC) Queue to diagnose connectivity, browsing, and data import problems and provides tips on handling LDAP paging and binary data import.

    Show full answer Show less

    Test Connection Issues

    • Use the Test connection related list when defining Organizational Units (OUs) to verify LDAP connectivity.
    • Check the ECC Queue for an output message with the topic LDAPConnectionTesterProbe, followed by an input message of the same topic.
    • A successful test shows the input message Name column as true. Drill into the record to confirm no errors in the payload.

    Browse Issues

    • Use the Browse related list to view LDAP directory records returned by the OU definition.
    • In the ECC Queue, look for an output message with the topic LDAPBrowseProbe, followed by an input message with the same topic.
    • A successful browse shows the input message Name column as true. Inspect the payload for errors.

    Load Import Issues

    • When loading data (e.g., using Test Load 20 Records), monitor the ECC Queue for output messages named LDAPProbe and input messages named LDAPProbe and LDAPProbeCompleted.
    • The Name column in the input messages shows the number of records returned or batch sizes, helping verify complete data retrieval.
    • Multiple LDAPProbe messages may appear if the total records exceed the batch size (default 200).
    • Watch for any LDAPProbeError output messages and click on the Name column link to view detailed error information.

    LDAP Paging

    • LDAP paging fails if the LDAP server’s paging size is less than 1000.
    • Configure the MID Server property glide.ldap.maxresults to be less than or equal to the LDAP server’s paging size to avoid paging issues.

    LDAP Fails to Import Binary Data

    • To import binary data such as user photos, include the binary attribute (for example, jpegphoto) in the MID Server property glide.ldap.binaryattributes.
    • This configuration ensures binary data is correctly retrieved during LDAP imports.

    You may encounter issues in the following areas while integrating LDAP via MID Server.

    You can troubleshoot these issues by viewing the outputs found in the External Communication Channel (ECC) Queue (Discovery > Output and Artifacts > ECC Queue).

    Test Connection Issues

    When defining OUs within the server, there is a Test connection related list that is used to verify the LDAP connection. When you click this link, the ECC Queue should show a single output message with a topic name of LDAPConnectionTesterProbe. After the test has completed on the MID Server, the ECC Queue should show an input message with the same topic name. If the Name column for the input message shows true, the test was successful. Drill down into the record to view the payload and ensure it does not contain error messages.
    Figure 1. Test Connection

    Browse Issues

    When defining OUs within the server, there is a Browse related list that is used to view the LDAP directory records that the OU definition returns. When you click this link, the ECC Queue should show a single output message with a topic name of LDAPBrowseProbe. After data has been returned from the MID Server, the ECC Queue should show an input message with the same topic name. If the Name column for the input message shows true, the test was successful. Drill down into the record to view the payload and ensure it does not contain error messages.

    Load Import Issues

    When uploading data (for example, using the Test Load 20 Records feature), the ECC Queue should show a single output message with a topic name of LDAPProbe.

    After data has been returned from the MID Server, the ECC Queue should show another input message called LDAPProbeCompleted. The Name column for this input message shows the total number of records returned.

    An additional input messages, also named LDAPProbe, is displayed. The Name column for this input message displays the highest record number in the batch. If the total number of records returned is 258 and the batch size is 200 (the default), two LDAPProbe (200, 258) incoming messages will be received, and one LDAPProbeCompleted (258) incoming message will be received.

    Drill down into the record to view the payload and ensure it does not contain error messages.
    Figure 2. Import Load
    Also keep an eye out for an output message called LDAPProbeError.
    Figure 3. Error message

    Click the link in the Name column to view the details of the error.

    LDAP paging

    LDAP paging does not work if the paging size on the LDAP server is less than 1000. Set the MID Server property glide.ldap.max_results to a value less than or equal to the LDAP server paging size.

    LDAP fails to import binary data

    To import binary data via LDAP, such as a user photo, you must include the binary attribute in the MID Server property glide.ldap.binary_attributes. For the user photo example, the attribute may be jpegphoto.