beautypg.com

Dsml, Ssl with basic authentication, Data flow – Google Postini Directory Sync Configuration Guide User Manual

Page 8: Dsml 8 ssl with basic authentication 8, Data flow 8

background image

8

Configuration Guide for Directory Sync

DSML

DSML (Directory Services Markup Language) is a protocol which uses XML
(Extensible Markup Language), a machine-readable standard format, to encode
LDAP information. DSML allows different applications to share directory
information over the Internet in a standard format. With DSML, applications
usually communicate through HTTP, the protocol used most often for serving web
pages. Directory Sync relies on DSML for all directory information. DSML is freely
available for most directory servers, but requires additional configuration and
setup.

For full information about installing DSML, see “Install and Enable DSML” on
page 12 for Microsoft Active Directory, and “Install DSML” on page 63 for Sun
ONE DS.

SSL with Basic Authentication

SSL (Secure Sockets Layer) is a protocol for communicating securely over the
Internet. Because the user lists gathered by Directory Sync are sensitive
information, only secure connections are used. To accept SSL connections, your
DSML server will need a certificate. Certificates can be assigned by a certificate
authority such as Verisign or THAWTE, but can also be self-signed. Directory
Sync will accept any certificate authority used, including self-signed certificates.
SSL is freely available for directory servers, but you must install a certificate and
configure SSL on your directory server first.

Directory Sync also uses basic authentication to assure that your user lists are
protected. When Directory Sync connects to your directory server, it logs in to the
server, using a user name and password you provide. This user will need to be
able to read information from your directory server, but will not need to modify any
information. You will need to enable basic authentication on your web-accessible
DSML server. If you do not have a user with read privileges for Directory Sync to
use, you will need to create a new user on your directory server with proper
authorizations.

For full information about installing SSL, see “Enable SSL” on page 33 for
Microsoft Active Directory, and “Enable SSL” on page 58 for Sun ONE.

Data Flow

Once your directory server is set up, and Directory Sync is configured with
necessary connection information, the email protection service will be able to
connect to your server and read data.

Directory Sync is initiated by the email protection service.

1. Directory Sync runs when your administrator logs into the Administration

Console and begins synchronization.

See also other documents in the category Google Software: