What is LDAP?
LDAP, or Lightweight Directory Access Protocol, is a network protocol designed for managing directory services. It facilitates the querying and updating of information like user profiles and organizational structures in a distributed network. LDAP is commonly used for tasks such as user authentication, authorization, and maintaining directory information over the Internet.
In ServiceNow, LDAP integration allows your instance to use an existing LDAP server as the primary source of user data.
Why is this an issue?
Leaving the LDAP attribute field empty in the ServiceNow LDAP Server configuration can be an issue for a couple of reasons:
Performance Impact: When the LDAP attribute field is left empty, the ServiceNow system defaults to loading all available attributes for each object it has permission to read from the LDAP server. This can result in unnecessary data retrieval, leading to increased load times and potential performance issues, especially when dealing with a large number of objects or attributes.
Environmental Impact: Leaving the LDAP attribute field empty can increase energy consumption and carbon emissions by retrieving unnecessary data, which requires more computing resources, leading to higher energy usage and a larger carbon footprint.
Security Concerns: Loading all attributes might expose more information than needed. From a security perspective, limiting the attributes to only those necessary for ServiceNow operations reduces the potential exposure of sensitive information.
How do I fix it?
Specify attributes explicitly whenever possible. If there is information that should not be exposed to the instance, exclude the corresponding attribute. To do so, follow these steps:
In the Filter Navigator, type and enter ldap_server_config.list.
On the list view, search and click in the LDAP server record.
Populate the attribute field with the attributes to be shared, separating them by commas without using spaces.