Mapping, Roadmap for deployment – Google Apps Directory Sync Administration Guide User Manual

Getting Started

33

passwords.

Because this password may be guessed by other users, this is not generally recommended as a
secure option.

Important:

Be careful of the security considerations of passwords. Also, note that if you use a plaintext

password, be sure to set GADS to synchronize passwords only for new users, and to require new users to
change passwords.

Mapping

Decide how your LDAP directory server data should map to your Google Apps data. You should have a
clear picture of where every user, group, and resource in your LDAP directory server should be
synchronized in your Google Apps data.

For a chart of how your LDAP data maps to Google Apps, see “What Is Synchronized” on page 13.

Note that you may have some users who should not be synchronized, either on your LDAP server or in
Google Apps. Prepare a list of exceptions so that you know what rules to set up.

•

Mapping: For each group of users, decide whether those users should be imported, and where those
users should be imported. You can set up this mapping to a flat hierarchy, an automatic one-to-one
synchronization, or a manual set of custom rules.

•

Exceptions on Google Apps: Are there any exceptions on your Google Apps domain that you don’t
want to synchronize? Your Google Apps account may have users or groups that you don’t want to
synchronize with LDAP. This could include new users not listed in your LDAP directory, pilot test
accounts, shared Google Apps accounts, or other entries that belong in your Google Apps account but
not your LDAP directory. Find out which users and groups you’d like to exclude, and look for any
common pattern that may simplify exception rules.

•

Exceptions on LDAP Directory: Are there any exceptions on your LDAP directory that you don’t
want to synchronize? Your LDAP directory server may have obsolete users, suspended users, test
accounts, printers, defunct mailing lists, or other data that you do not want to import into Google Apps.
In most cases, you can set your LDAP search rules to ignore these users, but in some cases, you may
need to set up manual exception rules to skip specific users, or a pattern of users. Identify any
exceptions that you don’t want to synchronize, and note these so that you can create exceptions
during configuration.

Roadmap for Deployment

The best settings to use for synchronization depend on your situation, server, and stage in the life cycle of
using GADS. The following roadmap suggests likely settings for different stages of a deployment.