beautypg.com

Jxplorer, Step two: collect ldap inventory, Identify ldap resources – Google Apps Directory Sync Administration Guide User Manual

Page 25: Step two: collect ldap inventory 25

background image

Getting Started

25

JXplorer

To download the JXplorer Java Ldap Browser, go to:

http://www.jxplorer.org

Step Two: Collect LDAP Inventory

You can deploy GADS more quickly if you identify your LDAP resources beforehand. Depending on the
size and structure of your organization, you may already know all this information, or you may need to do
some research.

Identify LDAP Resources

Contact your LDAP administrators and collect the following information:

The hostname or IP address of your LDAP server. Note that GADS can only synchronize with one
LDAP server.

Your network access, proxy servers, and outbound connections.

The name and password of an account on your LDAP with “read” and “execute” permissions. If you
want to limit what users and OUs you want to synchronize, you can set up an LDAP administrator with
limited permissions on your directory server. See your directory server documentation for steps on how
to do this.

Confirmation that your chosen LDAP directory has full access to needed resources.

If you have multiple LDAP directories, consider the following:

Consolidate. If you are using multiple directories, consolidate your LDAP data into a “single source of
truth.” Many customers have multiple LDAP directories, either because of different departments,
acquisitions, or subsidiaries. GADS can only pull data from a single LDAP directory.

Test Global Catalog. If you have multiple Microsoft Active Directory domains, a Global Catalog may
help with your synchronization, but only if the catalog is set up with proper replication. If you want to try
using a Global Catalog, be sure to test the catalog thoroughly before relying upon it.

Sample Scenario: Identify LDAP Resources

MobiStep, Inc., is a medium-sized manufacturing company that has moved to Google Apps and is starting
to synchronize an existing LDAP directory server with Google Apps. The Google Apps administrator
contacts the LDAP administrator, who provides the following information:

An LDAP administrator account (with appropriate permissions) created specifically for GADS.

The IP address and hostname of the LDAP server.

The Google Apps administrator confirms with Human Resources that the users on this server are all active
users, and confirms that this is the only LDAP directory server.

The LDAP administrator confirms that GADS will be run within the company’s firewall and that the LDAP
server will not need to be open to the outside.

See also other documents in the category Google Software: