beautypg.com

Configuration best practices, Configuration best practices 51 – Google Apps Directory Sync Administration Guide User Manual

Page 51

background image

Configuration

51

An LDAP query that would return too many results may time out. If this happens,
do not create multiple configuration files to reduce load, because this will actually
slow down performance of Google Apps Directory Sync. Instead, consider using a
single configuration file with multiple LDAP queries. For instance, instead of
looking for all users in an organization with a single query, create two rules, one to
search for users with an address that starts with any letter A through M, and
another that starts with any letter N through Z (plus any numbers or other
supported characters). Splitting up your LDAP query into multiple queries with
fewer results is called sharding. Sharding is a common solution to LDAP timeout
issues for large deployments.

You can also run the same configuration file, and synchronize only groups, or
synchronize only users. For more information on how to do this, see “Command
Line Synchronization” on page 135.

Default Configuration for Active Directory or OpenLDAP

If you’re using GADS with an Active Directory server, you may be able to use
default values provided by Configuration Manager for most of your configuration.
To use the default recommended values on a given page of Configuration
Manager, click the Use defaults button at the bottom of the page (pages without a
Use defaults button do not provide default values). If the Use defaults button is
grayed out, make sure you have selected MS Active Directory or OpenLDAP as
the Server Type on the LDAP Configuration page.

Configuration Best Practices

Follow these best practices to help ensure a speedy and secure GADS
configuration:

Use the 64-bit version of GADS if you plan to install GADS on a 64-bit
compatible server. The 64-bit GADS performs better than other versions.

Access your LDAP server with a user who has minimal permissions.
GADS reads data from your LDAP server but never modifies it, so you can
configure GADS with an LDAP user that only has read access to your LDAP
directory, or even anonymously if your LDAP setup allows that.

Never share your GADS configuration files. Your configuration contains
sensitive information about both your LDAP server and your Google Apps
domain. Don’t share it with anyone who doesn’t need to see it.

Simulate before you sync. Whenever you upgrade GADS or change your
configuration, you should simulate a sync before actually syncing. Failing to
do so may result in unintended consequences, such as account deletion or
lockout.

See also other documents in the category Google Software: