Driving Google Apps with LDAP

Boyd Duffee

Keele University

Abstract

After signing up to Google Apps for Education, Keele has progressed from using LDAP as our identity management tool to creating data-driven Google Groups and resources for Google Calendar.

LDAP acts as the single point of truth for the data that we sync with Google using their GADS tool. It provides many options for selecting entries and populating fields for their most popular applications, yet these data mappings require care. Their idiosyncrasies are not immediately apparent and can affect your LDAP design. We have uncovered issues that necessitated adding fields to our LDAP schema to accommodate Google’s data structure.

By running Google Groups through GADS, you lose the option of devolving group membership management through Google’s web interface. To reduce the workload on the systems group, I wrote tools to streamline managing the groups inside LDAP with an eye towards providing an authenticated web front-end to the group management tools. Written in Perl and built on top of Net::LDAP, these tools take advantage of the built-in test suite for modules, addressing quality issues, and facilitated steady progress in a disruptive environment.

Warnings and workflows will be shared to save you from the same pitfalls and runarounds we’ve worked around.

Presentation

Driving Goole apps with LDAP – slides