That wouldn't work either with the Google Apps Directory Sync tool, because the only alternatives are plain MD5 and SHA-1. The way I addressed this problem was to incorporate in the single sign-on application an attribute that tells me whether it is the user first access or not, if successful authentication and first access then sync the password with google apps through the provisioning API. I store that attribute in the LDAP directory mainly for performance reasons but it could be retrieved from the provisioning API as well, using the agreedToTerms attribute.
Hope that helps, David Cifuentes Eforcers.com Bogotá, Colombia On Mar 16, 3:24 pm, Kristaps <[email protected]> wrote: > Hi, > > Theoretical you can try to > use:http://technet.microsoft.com/lv-lv/library/cc957013(en-us).aspxhttp://support.microsoft.com/kb/289884 > > This whose designed for CHAP and it should theoretical store password > in SHA1. > > I'm not at work so I cant test it. > > Initially test with one user and be advised that you are making > potential security hole in your AD > > Ohh and yes sorry for bad English --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
