I was recently on a Postini webinar where they where talking about their sync tool. I asked about the password syncing functionality and the response was: there is A LOT of discussion around how to solve that problem. He told me to stay tuned. So hopefully that'll be the real solution to this problem.
On Feb 9, 12:53 pm, prd <[email protected]> wrote: > We're trying to do the exact same sync you mention here. Were you ever > able to get this working? Basically it's the last thing we need to > iron out before migrating off Exchange 2003. > > Another possible route would be a password filter on the DC(s). > Succesful password change requests would call out to a custom DLL that > MD5/SHA'ed the password and uploaded to Google. Of course this would > require user's changing their passwords before a sync is done, but you > could easily remedy this by a "sign up" form that did the same on a > one-off basis. > > On Dec 19 2008, 7:10 am, ffletch <[email protected]> wrote: > > > Thanks for that! The new LDAP tool looks like it does a lot more than > > the old one. It even looks like it has a field for passwords. > > However there is this sentence in the help for that field: > > > An LDAP attribute that contains each user’s password. If you set this > > attribute, your users’ Google Apps password will be synchronized to > > match your users’ LDAP passwords. > > The password field must be a string, not a sequence of bytes. The > > string is the hex encoding of the hashed password. > > The defaultActiveDirectorypassword userPassword is a binary and > > cannot be used. > > > I have tried a couple of different values for the name of the password > > field and so far nothing has done it. So I'm wondering if its > > possible to get password (or even password hashes) out ofActive > >Directory'sLDAP in the first place. Anyone know if its even > > possible? And if so what's the field name in LDAP or if there is > > another way, how do you do it? > > > On Dec 17, 10:18 am, David Cifuentes <[email protected]> > > wrote: > > > > Hiffletch, > > > > I've two ideas that may help you: > > > > 1. Try the newly released tool for syncing with > > > LDAPhttp://www.google.com/support/a/bin/answer.py?answer=106368 > > > 2. You can send password hashes (SHA1 or MD5) when creating your users > > > with the provisioning API > > > inhttp://code.google.com/intl/es-CO/apis/apps/gdata_provisioning_api_v2... > > > search for "hash" > > > > Hope that helps, > > > > David Cifuentes > > > Eforcers.com > > > Bogotá, Colombia > > > > On 16 dic, 22:13,ffletch<[email protected]> wrote: > > > > > I am in the process of migrating off of an Exchange 2003 server onto > > > > Google Apps for your Domain. One of the features that would be most > > > > desirable to have is for the users to have the same userid and > > > > password that they have for the rest of the network resources (i.e. I > > > > want them to authenticate against theactivedirectory). > > > > > So far I have been able to surmise that I have two choices: the LDAP > > > > sync tool (http://code.google.com/p/google-apps-for-your-domain-ldap- > > > > sync/) and / or the use of an SSO solution using SAML (http:// > > > > code.google.com/p/google-apps-sso-sample/). It appears that the LDAP > > > > sync tool will do exactly what I want except that it won't synchronize > > > > passwords from theActiveDirectory(it does have the ability to > > > > upload passwords but it can't suck them out of theActiveDirecotry). > > > > I have also gotten the ASP .NET sample SSO solution working and it > > > > appears that it will do everything I need except that users who need > > > > IMAP or POP access will not be able to use it. So here are my > > > > questions: > > > > > 1) Does anyone know how to get either clear text passwords or password > > > > hashes out of theActiveDirectoryor does anyone know of any other > > > > free solution (other than the LDAP sync tool) that can get passwords > > > > out of theActiveDirectoryfor uploading to Google? > > > > > 2) Does anyone know how to make it so that a users who need IMAP or > > > > POP access can be forced to use the same user id and password that > > > > they would when logging in via SAML? > > > > > 3) Does anyone know of any other free solution(s) other than the two I > > > > mentioned above that will accomplish the same task? > > > > > Thanks in advance for any ideas. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
