Hi , thanks for the answer.
I've been reading the documentation, I've seen the main identifier is the
uid but I dont get this point right . That means queries on the gapps
domain are carried out using the uid attr instead of the email address?
I've written a simple config to test the Google destination service:
(...)
<propertiesBasedSyncOptions>
<mainIdentifier>"[email protected]"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>KEEP</defaultPolicy>
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<forceValues>
<string>"thisisgonnabeit"</string>
</forceValues>
</dataset>
</propertiesBasedSyncOptions>
(...)
and below you can see the results. I've tried also replacing the mainID by
"uid" instead with a valid uid, but the results are the same.
ago 19 08:31:42 - DEBUG - In object "[email protected]": List
of attributes considered for writing in destination: [uid, mail, sn,
isSuspended, userPassword, givenName, modifyTimestamp, isIpWhitelisted, id,
createTimestamp, quotaInMb, isAgreedToTerms, userPasswordHash, isAdmin]
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "uid" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "uid" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "mail" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "mail" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "sn" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "sn" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isSuspended" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isSuspended" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "userPassword" is in FORCE status
ago 19 08:31:42 - DEBUG - In object "[email protected]": Adding
attribute "userPassword" with values [password]
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "givenName" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "givenName" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "modifyTimestamp" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "modifyTimestamp" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isIpWhitelisted" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isIpWhitelisted" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "id" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "id" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "createTimestamp" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "createTimestamp" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "quotaInMb" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "quotaInMb" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isAgreedToTerms" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isAgreedToTerms" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "userPasswordHash" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "userPasswordHash" will not be written to the destination
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isAdmin" is in KEEP status
ago 19 08:31:42 - DEBUG - In object "[email protected]":
Attribute "isAdmin" will not be written to the destination
ago 19 08:31:43 - ERROR - Error while synchronizing ID mail=
[email protected]: org.lsc.exception.LscServiceException:
com.google.gdata.util.InvalidEntryException: Bad Request
Required extensions are missing.Login@userName, Login@password,
Name@givenName, and Name@familyName are required fields for user creation.
ago 19 08:31:43 - DEBUG - org.lsc.exception.LscServiceException:
com.google.gdata.util.InvalidEntryException: Bad Request
Required extensions are missing.Login@userName, Login@password,
Name@givenName, and Name@familyName are required fields for user creation.
org.lsc.exception.LscServiceException:
com.google.gdata.util.InvalidEntryException: Bad Request
Required extensions are missing.Login@userName, Login@password,
Name@givenName, and Name@familyName are required fields for user creation.
at org.lsc.service.GoogleAppsService.apply(GoogleAppsService.java:328)
~[lsc-core-2.1.1.jar:na]
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:777)
[lsc-core-2.1.1.jar:na]
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:689)
[lsc-core-2.1.1.jar:na]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[na:1.6.0_18]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[na:1.6.0_18]
at java.lang.Thread.run(Thread.java:636) [na:1.6.0_18]
Caused by: com.google.gdata.util.InvalidEntryException: Bad Request
at
com.google.gdata.client.http.HttpGDataRequest.handleErrorResponse(HttpGDataRequest.java:602)
~[gdata-core-1.0-1.47.1.jar:na]
at
com.google.gdata.client.http.GoogleGDataRequest.handleErrorResponse(GoogleGDataRequest.java:564)
~[gdata-core-1.0-1.47.1.jar:na]
at
com.google.gdata.client.http.HttpGDataRequest.checkResponse(HttpGDataRequest.java:560)
~[gdata-core-1.0-1.47.1.jar:na]
at
com.google.gdata.client.http.HttpGDataRequest.execute(HttpGDataRequest.java:538)
~[gdata-core-1.0-1.47.1.jar:na]
at
com.google.gdata.client.http.GoogleGDataRequest.execute(GoogleGDataRequest.java:536)
~[gdata-core-1.0-1.47.1.jar:na]
at com.google.gdata.client.Service.insert(Service.java:1409)
~[gdata-core-1.0-1.47.1.jar:1.47.1]
at com.google.gdata.client.GoogleService.insert(GoogleService.java:613)
~[gdata-core-1.0-1.47.1.jar:1.47.1]
at
com.google.gdata.client.appsforyourdomain.AppsForYourDomainService.insert(AppsForYourDomainService.java:100)
~[gdata-appsforyourdomain-1.0-1.47.1.jar:1.3.1]
at
org.lsc.service.GoogleAppsService.createUser(GoogleAppsService.java:499)
~[lsc-core-2.1.1.jar:na]
at org.lsc.service.GoogleAppsService.apply(GoogleAppsService.java:298)
~[lsc-core-2.1.1.jar:na]
... 5 common frames omitted
# Tue Aug 19 08:31:43 CEST 2014
dn: [email protected]
changetype: add
userPassword: thisisgonnabeit
*Tfn: 957-211157 / 650932877*
2014-08-18 10:34 GMT+02:00 Clément OUDOT <[email protected]>:
>
>
>
> 2014-08-12 11:41 GMT+02:00 Juan Carlos Camargo <[email protected]>:
>
> Hi listers,
>>
>> I'm a total newbie, my apologies in advance.
>> We're using GAPS (Google Apps Password Sync) to keep our users email
>> password updated from Active Directory. AD is the only ldap service
>> supported by the Google product but our goal is to get rid of Microsoft .
>> Does anyone know if LSC can be used with this very same purpose, I mean,
>> sync the password attribute only with a different ldap server, such as
>> 389ds?
>>
>
>
> This should work, as Google Apps should be able to handle SHA encrypted
> passwords. You can give a look to the Google Apps service in LSC to try to
> sync the password.
>
>
> http://lsc-project.org/wiki/documentation/latest/configuration/service/destinationgoogleapps
>
>
> Clément.
>
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
