Mark google apps users in ldap – Google Apps Directory Sync Administration Guide User Manual

Getting Started

27

When conducting LDAP cleanup, consider the following actions.

•

Identify users. Identify which users you want to synchronize with Google Apps. You may need to
consult with your human resources department to confirm that your user list is the correct list of users
to synchronize.

•

Populate Password Attribute (Optional). If you are using a password field in GADS, create a custom
attribute in your LDAP for your Google Apps users, and populate the attribute with a password setting.
Generate random passwords and add them to a custom attribute. For more information about
Passwords, see “Passwords” on page 32.

•

Set Naming Conventions (Optional). Identify any email naming conventions you want to use, and
update any users to fit these naming conventions. This is optional: you do not need to set any
particular naming convention for GADS, but some companies use the transition to Google Apps as an
opportunity to change naming standards.

•

Mail-Enabled Groups. Identify mail-enabled groups to synchronize with Google Apps. This includes
only mail-enabled groups that operate as mailing lists, not security groups. Note also that you can set
Google Apps to allow users to create and manage their own groups; these are not affected by
synchronization.

•

Plan Resource Naming Conventions. If you are planning to synchronize calendar resources, you
can take this opportunity to plan a naming convention in Google Apps. For more information on this
calendar resource naming, see the Google Code site article Developing a naming strategy for your
calendar resources.

Sample Scenario: Clean Up LDAP Data

The MobiStep LDAP Administrator cleans up the MobiStep LDAP database to get ready for
synchronization.

The administrator uses an LDAP browser to identify users and mail-enabled groups. The existing names
already follow a standard naming convention, and the administrator decides to keep that naming
convention.

The LDAP administrator also creates a custom attribute for one-time passwords. Later, this will be used to
hold randomly generated passwords for new users.

Mark Google Apps Users In LDAP

One of the most effective ways to simplify your synchronization is to mark Google Apps users beforehand
in your LDAP directory. The benefit of marking your Google Apps users in LDAP is that it will simplify your
LDAP queries, make your transition to Google Apps clear and visible, and possibly bypass any
complications with your existing LDAP directory structure.

When you first clean up your LDAP directory structure, mark the users you plan to move into Google Apps
with an OU, group, or custom attribute. Use a descriptive name like “GoogleAppsUsers.” Use this to mark
all users whom you plan to move into Google Apps.

Then, once you begin synchronization, mark active Google Apps users. Create an OU, group, or custom
attribute with a name like “GoogleAppsActiveUsers.” You can then configure Directory Sync to synchronize
based on this OU, group, or custom attribute, then activate new users in Google Apps by updating your
LDAP server.