- Enable LDAPS (port 636) protocol on your LDAP directory (i.e, AD LDS) on server in DMZ. (simply generate a self-signed SSL certificate on your DMZ server and use it with LDAP directory).
- Get the SSL certificate in DER format from your server, used by LDAPS and upload it to ServiceNow. Uploading a Certificate (ServiceNow)
- Make sure that you create a very low previlleged account in LDAP directory. This account will be used from ServiceNow for reading data in LDAP directory on DMZ server.
- Do a NAT (route a public IP to the DMZ server) and punch a hole in firewall for port 636 on client's side. For this you will have to ask ServiceNow support that what is the rang of IPs which will be used by ServiceNow's LDAP Server Module to make calls to your DMZ server (running LDAPS).
After all the above mentioned tasks are done. Just configure ServiceNow's LDAP Server Module like:
- Name: <of your choice>
- Login distinguished name: CN=localaccountindirectory,OU=LocalAccounts,DC=abc,DC=local
- Password: <password>
- Active: true
- Server URL: ldap://123,123.123.123:636
- Starting Search Directory: DC=abc,DC=local
- SSL: true
Read more about LDAP Integration
No comments:
Post a Comment
Your comments are highly appreciated!