We use GADS (Google Apps Directory Sync) to sync our Active Directory structure with our Google apps setup. We wanted to start syncing groups, however the users we wanted to be part of the group were nested within other groups. A new version (v4.2.1) of Google Apps Directory Sync (GADS) is now available: What’s Fixed. Fixed an issue where GADS wasn't updating the a user’s primary organization value, when the primary organization previously existed but didn't originate from GADS. The exclusion list is managed with the [:gads][:google][:exclude] Array. In the array, is a:Hash with three keys::match,:type, and:filter. For an explanation of the exclude behavior and types, see the Google Apps for Domains documentation. Google offers a free tool called Google Apps Directory Sync. This is a program which can be installed on any system in your internal network (Windows XP/7/2003/2008, Linux or Solaris.
Installs and configures Google Apps Directory Sync in a Linux environment. In addition, will perform the encryption steps required in the latest versions of Google Apps for Domains Sync.
Requirements
The
gads::default cookbook will install the one dependency gem, greenletters which is used to automate interaction with the installation script and the password encryption script.
cookbooks
Attributes
gads::default
Ti 84 plus doom game. +-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| Attribute | Type | Default |++++|
[:gads][:download_url] | String | http://dl.google.com/dirsync/dirsync-linux64.sh |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:create_symlinks] | Boolean | true |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:install_path] | String | /opt/GoogleAppsDirSync |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:synlinks_path] | String | /usr/local/bin |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:config_path] | String | /usr/local/etc/gads.xml |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:features] | Array | * CACHE_PASSWORD_TIMESTAMPS || | | * ALIAS_SYNCHRONIZATION || | | * USER_PROFILES || | | * SKIP_CALENDAR_RESOURCES || | | * GROUP_DESCRIPTION || | | * GROUP_OWNER || | | * SUSPEND_USERS || | | * NON_ADDRESS_PRIMARY_KEY || | | * GOOGLE_ORGUNITS || | | * SHA1_PASSWORD || | | * MULTIDOMAIN || | | * SKIP_SUSPENDING_ADMINS || | | * FAMILY_NAME || | | * GIVEN_NAME || | | * SHARED_CONTACTS || | | * GROUPS |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:logging][:file] | String | /var/log/google/gads.log |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:logging][:format] | String | [%d{ISO8601}] [%t] [%p] [%C{3}] %m%n |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:logging][:level] | String | INFO |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:logging][:max_bytes] | Number | 4294967296 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:logging][:max_files] | Number | 1 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:notification][:smtp_relay] | String | localhost |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:notification][:from_address] | String | [email protected] |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:notification][:to_address] | String | [email protected] |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:notification][:ignore_errors] | Boolean | false |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:notification][:ignore_info] | Boolean | false |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:notification][:ignore_warnings] | Boolean | false |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:limit][:delete_calendar_percent] | Number | 5 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:limit][:delete_contact_percent] | Number | 5 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:limit][:delete_group_percent] | Number | 5 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:limit][:delete_ou_percent] | Number | 5 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:limit][:delete_user_percent] | Number | 5 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:limit][:suspend_user_percent] | Number | 5 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:cache_lifetime] | Number | 691200 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:admin_email] | String | [email protected] |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:admin_password] | String | your-password-value |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:domain] | String | your-gapps-domain.com |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:threads][:contact_sync] | Number | 15 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:threads][:profile_sync] | Number | 30 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:threads][:user_sync] | Number | 30 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:config_id] | Unknown | Digest::MD5.hexdigest(node[:gads][:google][:domain]) |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:google][:exclude] | Unknown | [] - See Usage information below for this data structure |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:type] | String | OPENLDAP |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:connect_method] | String | STANDARD |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:hostname] | String | your-ldap-server |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:port] | Number | 389 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:basedn] | String | dc=foo,dc=com |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:auth_type] | String | SIMPLE |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:auth_user] | String | cn=Manager,dc=foo,dc=com |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:auth_password] | String | bind dn password value |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:primary_key] | String | cn |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:attr][:email] | String | mail |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:attr][:email_alias] | String | mailLocalAddress |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:attr][:given_name] | String | givenName |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:attr][:family_name] | String | sn |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:attr][:sha1_password] | String | userPassword |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:attr][:password_last_set] | String | pwdChangedTime |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:generated_password_length] | Number | 8 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:results_page_size] | Number | 1000 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:priority] | Number | 1 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:basedn] | String | ou=Groups,#{node[:gads][:ldap][:basedn]} |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:scope] | String | SUBTREE |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:filter] | String | objectClass=groupOfNames |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:attr][:description] | String | description |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:attr][:display_name] | String | cn |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:attr][:member] | String | member |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:attr][:name] | String | mailRoutingAddress |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:groups][:search][:attr][:owner_dn] | String | owner |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:mapping][:dn] | String | ou=People,#{node[:gads][:ldap][:basedn]} |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:mapping][:name] | String | / |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:search][:priority] | Number | 1 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:search][:basedn] | String | ou=People,#{node[:gads][:ldap][:basedn]} |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:search][:scope] | String | SUBTREE |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:search][:filter] | String | objectClass=organizationalUnit |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:orgunits][:search][:attr][:description] | String | ou |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:priority] | Number | 1 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:basedn] | String | ou=People,#{node[:gads][:ldap][:basedn]} |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:suspended] | Boolean | false |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:scope] | String | SUBTREE |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:filter] | String | objectClass=organizationalUnit |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:org_mapping] | String | |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:company_name] | Number | 0 |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:department] | String | department |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:title] | String | title |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:full_name] | String | displayName |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:assistant] | String | secretary |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:manager] | String | manager |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:sync_key] | String | cn |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:street_address] | String | street |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:pobox] | String | postOfficeBox |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:city] | String | l |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:state] | String | st |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:postal_code] | String | postalCode |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:email] | String | mail |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:employee_id] | String | employeeNumber |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:fax] | String | faxsimileTelephoneNumber |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:home_phone] | String | homePhone |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:mobile_phone] | String | mobile |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:work_phone] | String | telephoneNumber |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+| [:gads][:ldap][:users][:search][:attr][:description] | String | description |+-----------------------------------------------------------------+---------+------------------------------------------------------------------------------------------+
UsageGoogle Active Directory Sync Tool
gads::default
Just include gads and java in your node's
run_list :
. code-block:: python
Managing the exclusion list
The exclusion list is managed with the
[:gads][:google][:exclude] Array. In the array, is a :Hash with three keys: :match , :type , and :filter . For an explanation of the exclude behavior and types, see the Google Apps for Domains documentation.
Example:
. code-block:: python
Primer premier 5 keygen. [{:match => 'USER_NAME',:type => 'EXACT',:filter => '[email protected]'},{:match => 'USER_NAME',:type => 'SUBSTRING',:filter => 'txt.att.net'},{:match => 'GROUP_NAME',:type => 'EXACT',:filter => '[email protected]'}]
Run control
Installation will toggle node attributes that control subsequent runs:
+---------------------------------------------+---------+---------------------------------------------------------------------------------------------+-----------+| Key | Type | Description | Value * |+++++|
[:run_once][:gads][:installed] | Boolean | If true, will prevent gads from being re-downloaded and re-installed. | true |+---------------------------------------------+---------+---------------------------------------------------------------------------------------------+-----------+
License and Authors
Author:: Gavin M. Roy ([email protected]) Copyright:: 2013, MeetMe, Inc
Copyright (c) 2013, MeetMe, Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.Neither the name of the MeetMe, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Posted by6 years ago
Archived
I've setup Google Apps Directory Sync (GADS) to sync with my AD and its working flawlessly syncing all my users.
Base DN:
OU=Lunchbox,DC=office,DC=lbox,DC=com
Org Unit LDAP Mapping:
OU=Lunchbox,dc=office,dc=lbox,dc=com to Users
Org Unit Search Rule:
objectclass=organizationalunit
User Accounts:
Active : (&(objectClass=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
User Accounts:
Suspended : (&(objectClass=Person)((userAccountControl:1.2.840.113556.1.4.803:=2)))
The issue is I only want users that are members of the group 'GoogleAppsUser' to be added to Google Apps. Changing the following added the users as Active users if they were a member of
GoogleAppsUser and added the user as Suspended if they were NOT a member.
User Accounts:
Active : (&(objectClass=Person)(memberOf=GoogleAppsUser)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
User Accounts:
Suspended : (&(objectClass=Person)(memberOf=GoogleAppsUser)((userAccountControl:1.2.840.113556.1.4.803:=2)))
I also tried changing following:
Google Apps Directory Sync
Org Unit Search Rule:
memberOf=GoogleAppsUser
But that resulting in it syncing distribution groups as users too.
Any suggestions on how to get GADS to listen to me when I tell it to only sync users that are a member of the
GoogleAppsUser group?
Google Apps Directory Sync Tool
10 comments
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |