Related Tips & Info

Identity Manager Driver for Google Apps

MigrationDeletedUser
0 Likes

Recently there has been a growth of users wanting more e-mail storage, more collaboration and greater client access capabilities. IT professional are stuck administrating a multitude of services and applications. Now with Google Apps, it is possible to have all these features and more, but having your email and collaboration system disconnected from your production environment isn’t the best solution.



With the Identity Manager driver for Google Apps, you can now keep your user accounts in Google Apps connected with the user accounts in your production environment. It will keep passwords and user account details in sync, without extra work required from the IT professional.



Features


The driver only supports one-way synchronization, and thus no data can be retrieved from the Google Apps domain. The driver does not support reading attributes from the Google Apps domain so matching policies will not work.


The following features has been implemented:



  • User creation, updates and deletion.

  • Group creation, updates and deletion.

  • Synchronize passwords to Google Apps Domain



Installation


Before you start make sure that you are running at least IDM 3.6 and that you have enabled the Provisioning API in your Google Apps domain.


Copy the googleDriver.jar file to the relevant location:

Windows: C:\novell\nds\lib

Unix: /opt/novell/eDirectory/lib/dirxml/classes/


Restart the eDirectory


Goto your Identity Manager Driverset and Add a driver.


Import the configuration from the client and select the googleDriver.xml file.

In the driver configuration make sure that the Authentication ID is set to a valid Domain admin and that the Authentication context is set to the Google Apps Domain to be managed. The Application password should be set to the password of the relevant admin.


Eg: Authentication ID: admin@test.domain.com

Authentication context: test.domain.com



Final Word



I urge anybody that used this driver or that wants to use this driver to please post if you require extra functionality. The driver was only created for the current set of features, but I am willing to expand it if necessary.


Labels:

How To-Best Practice
Comment List
Parents
  • besides costs, how does this driver differ from the one offered by CosmosKey? Also, don't you need to enable the Provisioning API in the google admin dashboard?
  • in reply to MigrationDeletedUser
    The driver from CosmosKey was developed before IDM 3.6.1 and thus JAVA 1.5 was not available which is required by the Google API. To solve the problem they used the SOAP interface.
    The driver I developed uses the Java Google API.
    The Provisioning API must be enabled for the driver to work.
  • in reply to MigrationDeletedUser
    The ConneXcloud driver for Google Apps was developed with the latest Google API for IDM 3.6.1. It supports matching and has advanced features for contact lists and groups. If you want a full-functioning driver that always uses the latest Google API, you should check out the ConneXcloud driver.
  • in reply to MigrationDeletedUser
    Trying to understand what this app does, it does not look to me like it is an IDM driver, rather it is its own event engine, and whatnot.

    I can see use cases for both models. I.e. If you have a well developed IDM model in place, one more driver is probably easier than an entire other sync app. Conversely, if you just want this functionality, standalone is quite nice.
  • in reply to MigrationDeletedUser
    Yes, ConneXcloud is a driver for Novell IDM. It is not a stand alone application. A standalone version could be advantageous for several reasons however, it seems like a lot of work to develop an event engine when IDM already does it so well.
  • in reply to MigrationDeletedUser
    The web page does not contain a lot of info about the product, in terms of detailed technical specs. Which is ok, I suppose for a 'sales' web page.

    Do you work for these guys? Or just a satisfied customer? Regardless, do you happen to know what value is used in the DirXML-Association for the @component='path' part of it? I have a list I maintain at:
    www.novell.com/.../open-call-idm-association-values-edirectory-objects

    and I would like to update it with info about this driver, if you happen to have it. (Share the wealth, right?) Also, if you happen to be using it, or associated with the company, do you think you have some time to contribute a doc on how the default driver configuration works for this page?
    wiki.novell.com/.../Detailed_driver_walk_through_collection

  • in reply to MigrationDeletedUser
    Does your driver support reading data from Google Apps?
Comment Children
  • in reply to MigrationDeletedUser
    Sorry for replying sooner.
    Currently the driver has no support for reading data from google, as the provisioning API from google does not support it. I'm am looking at using the reporting API to achieve this functionality. The downside to the reporting API is that it only supports limited search functionality, and thus bandwidth would become an implication, as I would have to retrieve all data, about all users.
    Currently no-one has requested this functionality so I've not given any attention to it.

    Please let me know if you are interested/require this functionality and I'll see if I can fit it into my schedule.
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.