We're trying to do the exact same sync you mention here. Were you ever able to get this working? Basically it's the last thing we need to iron out before migrating off Exchange 2003.
Another possible route would be a password filter on the DC(s). Succesful password change requests would call out to a custom DLL that MD5/SHA'ed the password and uploaded to Google. Of course this would require user's changing their passwords before a sync is done, but you could easily remedy this by a "sign up" form that did the same on a one-off basis. On Dec 19 2008, 7:10 am, ffletch <[email protected]> wrote: > Thanks for that! The new LDAP tool looks like it does a lot more than > the old one. It even looks like it has a field for passwords. > However there is this sentence in the help for that field: > > An LDAP attribute that contains each user’s password. If you set this > attribute, your users’ Google Apps password will be synchronized to > match your users’ LDAP passwords. > The password field must be a string, not a sequence of bytes. The > string is the hex encoding of the hashed password. > The default Active Directory password userPassword is a binary and > cannot be used. > > I have tried a couple of different values for the name of the password > field and so far nothing has done it. So I'm wondering if its > possible to get password (or even password hashes) out of Active > Directory's LDAP in the first place. Anyone know if its even > possible? And if so what's the field name in LDAP or if there is > another way, how do you do it? > > On Dec 17, 10:18 am, David Cifuentes <[email protected]> > wrote: > > > Hiffletch, > > > I've two ideas that may help you: > > > 1. Try the newly released tool for syncing with > > LDAPhttp://www.google.com/support/a/bin/answer.py?answer=106368 > > 2. You can send password hashes (SHA1 or MD5) when creating your users > > with the provisioning API > > inhttp://code.google.com/intl/es-CO/apis/apps/gdata_provisioning_api_v2... > > search for "hash" > > > Hope that helps, > > > David Cifuentes > > Eforcers.com > > Bogotá, Colombia > > > On 16 dic, 22:13,ffletch<[email protected]> wrote: > > > > I am in the process of migrating off of an Exchange 2003 server onto > > > Google Apps for your Domain. One of the features that would be most > > > desirable to have is for the users to have the same userid and > > > password that they have for the rest of the network resources (i.e. I > > > want them to authenticate against the active directory). > > > > So far I have been able to surmise that I have two choices: the LDAP > > > sync tool (http://code.google.com/p/google-apps-for-your-domain-ldap- > > > sync/) and / or the use of an SSO solution using SAML (http:// > > > code.google.com/p/google-apps-sso-sample/). It appears that the LDAP > > > sync tool will do exactly what I want except that it won't synchronize > > > passwords from the Active Directory (it does have the ability to > > > upload passwords but it can't suck them out of the Active Direcotry). > > > I have also gotten the ASP .NET sample SSO solution working and it > > > appears that it will do everything I need except that users who need > > > IMAP or POP access will not be able to use it. So here are my > > > questions: > > > > 1) Does anyone know how to get either clear text passwords or password > > > hashes out of the Active Directory or does anyone know of any other > > > free solution (other than the LDAP sync tool) that can get passwords > > > out of the Active Directory for uploading to Google? > > > > 2) Does anyone know how to make it so that a users who need IMAP or > > > POP access can be forced to use the same user id and password that > > > they would when logging in via SAML? > > > > 3) Does anyone know of any other free solution(s) other than the two I > > > mentioned above that will accomplish the same task? > > > > Thanks in advance for any ideas. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
