Suggestions for using Active Directory credentials (user name/password) with Google Apps?
Solution 1
Check out " Google Apps Directory Sync" from Google it is included in the educational version at no charge. This will only sync the acutual accounts and groups: http://googleenterprise.blogspot.com/2009/04/sync-google-apps-user-accounts-with.html
You will need to work on something like google SSO to provided access to you LDAP server for authentication.
Google Apps Marketplace has several products available that snap into place and will provide what you are looking for. Here are some examples.
Intient GConnect - http://www.google.com/enterprise/marketplace/viewListing?productListingId=4284199+8229018775854408052
SecureAuth - http://www.google.com/enterprise/marketplace/viewListing?productListingId=3806839+12543887358898980350
Hope that helps!
Solution 2
Google just released a new password sync product called "Google Apps Password Sync (GAPS)"
http://support.google.com/a/bin/answer.py?hl=en&answer=2611859&topic=2611858&ctx=topic
Solution 3
Microsoft Active Directory (MAD) supports a function called password filters. Basically these are a DLL that runs on every domain controller, when a user/admin requests a password change the filter can capture the password before MAD encrypts and stores the password in the MAD database. Lucky for you someone has already written a filter for you that works perfectly (I use it on a Windows 2003 SP1 MAD domain controller). Have a look at http://code.google.com/p/sha1hexfltr/wiki/installation
It captures the users new password whiles its plain text, creates a sha1 hash of the password and stores that in the "division" attribute in MAD. Google Apps Directory Sync (GADS) can then sync the password to Google Apps. Works for user creation and every password change post.
Good luck
Solution 4
Here is a password filter that solves the synch problem. http://code.google.com/p/sha1hexfltr/
Related videos on Youtube
Corey
Updated on September 17, 2022Comments
-
Corey over 1 year
I run a small college network with approximately 150 user accounts both in my Active Directory and in Google Apps. I'm looking to link AD with G-Apps. Currently my users are required to maintain separate passwords for each. Obviously this is not really the ideal situation. I know Google provides APIs for this type of thing, but not the actual software. I've looked at a few commercial products and seem to be leaning toward Crowd (atlassian.com). I'm also interested in the ability for users to reset there own passwords or receive randomly generated passwords via TXT message. Single Sign On would be nice, but not really necessary if I simply had a way for the passwords to be synchronized.
Optimally, when I create a user in AD, it will automatically show up in Google Apps, and when a user changes there password via Windows (or a web page if necessary) that change will be reflected in both AD and G-Apps.
I also use Moodle, Joomla and a few other products that have the ability to authenticate against LDAP.
I have Win2k3 DCs, and one Ubuntu webserver. I can add a server if necessary.
Has anyone else done this, or something similar? Are there any other products or technologies I should be looking at. I tend to gravitate towards something Windows based with a GUI due to my lack of experience with Linux/CLI. I'm not a programmer, so I need something that will work out of the box (or as close as possible).
-
Corey about 13 yearsI answered this question with a detailed description of my final solution
-
-
Corey almost 15 yearsYes, I've already looked at that, and unfortunately it does not have the ability to read the passwords held in AD, and therefore can not be used to sync passwords.
-
Corey over 12 yearsThey have now added the Google Apps feature to the stock product.
-
Corey almost 12 yearsGoogle has released a password sync product called "Google Apps Password Sync (GAPS)" I put a link in my answer below.