The purpose of this article is ","articleBody":"
Description
The purpose of this article is to provide useful troubleshooting stepsforLDAP connectivity issues. The LDAP Servermight suddenly lose connection after multiple attempts, causingupdates interruption from the Active Directory import process.
\r\nOne of the possible and most likely reasons is the X509 certificates defined in the instance do not match the ones coming in from the SAML response from the Identity Provider.
\r\nThe steps below are required in ordertoretrieve the correct certificate value:
- Navigate tohttps://<instance>.service-now.com/nav_to.do?uri=/syslog_list.do
- Set the list filter: Message starts with SAML Response xml\r\n
- Ref.:https://<instance>.service-now.com/syslog_list.do?sysparm_query=messageSTARTSWITHSAML%20Response%20xml
- Open the latest log record
- The correct certificate value is between xml tags<ds:X509Certificate> and</ds:X509Certificate>
- Copy this value, without the xml tags
- Navigate tohttps://<instance>.service-now.com/nav_to.do?uri=/sys_certificate_list.do
- Create a new certificate
- Fill up the required fields and paste the certificate value in the PEM Certificate box using this template:
-----BEGIN CERTIFICATE-----
\r\n<certificate value>
\r\n
-----END CERTIFICATE-----
- Click Submit
The LDAP server should now connectagain, and the import / update from the AD should work if the issue was an incorrect certificate.
\r\nRelease or Environment
Cause
Resolution
Additional Information
Loading...