beautypg.com

Research ldap structure, Clean up ldap data – Google Apps Directory Sync Administration Guide User Manual

Page 26

background image

26

Release 4.0.2

Research LDAP Structure

Use an LDAP browser to collect information about your LDAP server and structure.

You may find, while preparing for synchronization, that you have unexpected or non-standard data in your
LDAP directory server. It is always better to find and address this before you begin synchronizing.

Be sure to collect the following key information:

LDAP Base DN: GADS will use this Base DN as the top level for all LDAP queries. You can use an
LDAP browser to collect this information. If your LDAP directory server includes OUs that you do not
want to sync, consider a Base DN that doesn’t include these OUs. Since GADS searches for both
users and groups from the Base DN, specify a Base DN on a level that includes the users and groups
you want to synchronize.

Note:

You can use multiple Base DNs in a configuration. You can specify a separate Base DN for each

synchronization rule. For more information, see “User Search Rules” on page 84.

LDAP Structure Information: You need to know which OUs contain users and other resources you
want to sync and which LDAP attributes contain important information. Look through your LDAP
directory structure with an LDAP browser, then examine some sample users and other resources to
identify the LDAP attributes.

In many cases, the LDAP attribute that contains a user’s mail address, which will become the
username in Google Apps, is the

mail

attribute. Confirm the LDAP attribute you want to use for mail

addresses.

Check your LDAP directory server to find out which attributes contain the data you need. In some
cases, this data may include spaces.

Once you have collected this information, you are ready to start making decisions about your
synchronization.

Sample Scenario: Research LDAP Structure

MobiStep’s administrator downloads an LDAP browser and look through the directory structure. The
administrator finds that the Base DN to use for the domain

ad.mobistep.com

is:

ou=users,ou=headquarters,dc=ad,dc=mobistep,dc=com

Then, the administrator looks more closely at the structure, and finds that the OUs are divided up by
department function. Each department function is a separate OU under the Base DN. Department OUs
include:

sales

,

manufacturing

,

it

,

genadmin

,

hr

,

contractors

, and

exec

.

Clean Up LDAP Data

While you are identifying your LDAP data, be aware that you may need to clean up your LDAP directory
server data to synchronize with Google Apps. Begin cleaning up your LDAP data early, to avoid data
cleanup blocking your schedule for synchronization.

See also other documents in the category Google Software: