PHP API has a Login<http://framework.zend.com/apidoc/core/Zend_Gdata/Zend_Gdata_Gapps_Extension_Login.html>object within the UserEntry<http://framework.zend.com/apidoc/core/Zend_Gdata/Zend_Gdata_Gapps_UserEntry.html>object that is created from the parsed response of a retrieveUser call. In that Login object you can call setHashFunctionName and setPassword, then pass that modified UserEntry back to the updateUser method. That should allow you to save a new SHA-1 hashed password to the account. If you're coding your own change password system, when you set the password in LDAP, you'll have the clear-text password already, and could pass it to Google as well. Since the communication is secure and encrypted, you shouldn't have any issues, but for the absolutely security-minded individual, you can set the password in LDAP, retrieve the hashed version, and send that on to Google. It adds another step where something could go wrong, but the risk and overhead should be minimal.
As for the migration tool, I'm not an expert on it. Maybe the guys over at Google can chime in. The issue I see initially is that you currently can't provision an account with IMAP enabled. So to migrate the mailboxes via IMAP, you'd have to log into each account and manually enable it. However, the Email Migration API doesn't have that restriction. -Ryan On Dec 28, 2007 2:33 AM, Marmina ABDEL-MALEK <[EMAIL PROTECTED]> wrote: > > Dear Rayan, > > I know that the create user method accepts SHA1 passwords. > however, the scenario is that i have already created the account for > the user. however, i want a method/function to update the user's > password at google apps, whenever he changes his password it at our > local systems (our SSO/LDAP). > > What i found in the PHP API docs to update passwords, is to do > the following, retrieve the user in an object, set the new password > (PLAIN TEXT), then save the user object. so what I'm looking for is a > similar way to update the password fild but in SHA1 format. > > > Regarding migration, there is many tools that can do a server-to- > server migration such as IMAPsync (http://www.linux-france.org/prj/ > imapsync/README). if we used this tool, to migrate our local mailboxes > to gmail over IMAP, will it work properly as in the case of any > standard IMAP server. or this is not supported, as google needs to > label the messages with folder names during migration. i.e. if we used > the imapsync, will it give us the same result as using the server-to- > server migration tool in the Google APPS control panel. > > N.B. We want to use the imapsync tool (or any ohter API/tool) to > automate the migration process and allow the user to migrate their > mailboxes through a nice web interface. > > Regards, > Marmina > > On Dec 27, 10:20pm, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: > > 1. If you're using the API, there's a "createUser" method that should > take a > > hash algorithm as one of the parameters (right now, all that is > supported is > > "SHA-1"). So when you create the new account, pass in the hashed > password, > > and the algorithm ("SHA-1"), and it will create the account using the > hashed > > password. All of the APIs provided include a createUser method that > takes > > the hash algorithm (Java, .Net, PHP, and Python). If you don't see this > > method in your API implementation, make sure you're using version 2.0 of > the > > API. > > > > Here's the documentation for Java, but the other languages have > something > > similar: > http://code.google.com/apis/apps/gdata_provisioning_api_v2.0_referenc... > > > > 2) As for mail migration, Gmail does have an API available. Since you're > > already using the Provisioning API, I'm assuming you are either a > Premier or > > Education account, so you should be able to use this API. Here's a link > to > > the documentation: > http://code.google.com/apis/apps/email_migration/developers_guide_pro... > > > > 3) Only SAML 2.0 is supported. > > > > I hope that helps! > > > > -Ryan > > > > On Dec 25, 2007 10:30 AM, Marmina ABDEL-MALEK <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > We currently have around 14,000 users that we plan to migrate to > > > gmail. Therfore, we want to automate the migration process, which > > > includes: > > > - creating account at gmail > > > - setting user password > > > - inititating a server-to-server mailbox migration > > > > > We are currently using the provisioning API (php version), we managed > > > to do the account creation with the initial password setting. however, > > > we didn't find any method in the API for the following: > > > - setting an account password in passwordh hash formay (SHA1) > > > - iniating a server-to-server migraion over IMAP > > > > > We would like know if you have any solution or workaround that can > > > help us in automating the server-to-server migration and sync the > > > users password in hash format. > > > > > I also woud like to know if the Google Apps SSO supports SAML 1.1 or > > > it just supports SAML 2.0?- Hide quoted text - > > > > - Show quoted text - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
