Useful ldap tools – Google Apps Directory Sync for Postini Services Administration Guide User Manual

Preparation

17

LDAP Structure Information: Gather information about your LDAP directory
server. You will need to know what OUs contain users you want to sync and which
LDAP attributes contain important information. To collect this information, use an
LDAP browser. For more information, see “Useful LDAP Tools” on page 17.

LDAP Base DN: The directory sync utility will use this Base DN as the top level
for all LDAP queries. You can use an LDAP browser to collect this information. If
your LDAP directory server includes OUs that you do not want to sync, consider a
base DN that doesn’t include these OUs. A typical Base DN might be

ou=test,ou=sales,ou=melbourne,dc=ad,dc=mixateria,dc=com

for a domain

called ad.mixteria.com.

Note:

You can use multiple Base DNs in a configuration. You can specify a

separate Base DN for each synchronization rule.

LDAP Administrator: Collect the username and password of an administrator on
your LDAP directory server. Enter the user to use when connecting to the server.
This user should have read and execute permissions for the whole LDAP subtree
you want to synchronize. You can restrict the permissions of the administrator to
match only the OUs you want to synchronize.

LDAP Queries: Decide which users to synchronization from your LDAP directory
server, and create one or more LDAP queries that will find those users. For more
information, see “LDAP Queries” on page 18.

Org Mapping: Plan which users will go into which organizations in the message
security service. You want to be sure that your org hierarchy includes special
organizations for users who should not be synchronized, so those users won’t be
deleted. Decide which users go in which organizations. If you want to specify
different organizations for many different users, you can populate a user attribute
on your LDAP directory server that shows the exact name of the message
security service organization for that user. This requires changing your LDAP
settings.

Mail Server: The SMTP mail server to use for notifications. The directory sync
utility does not include an outbound mail server, and will connect to the mail server
you specify. You will need the domain name or IP address of a mail server that will
relay messages from the directory sync server. If the SMTP server you plan to use
requires SMTP authentication, you will need to find or create a username and
password for SMTP authentication as well.

Once you have collected this information and decided on how you want to
synchronize users in different organizations, you’re ready to begin with
Configuration Manager.

If you begin using Configuration Manager and find you need more information,
save your configuration file. You can return to Configuration Manager and load
your XML file after you collect the needed information.

Useful LDAP Tools

By default, most LDAP directory servers do not include a way to view or modify
your LDAP structure directly. To collect information about your LDAP structure,
download and install an LDAP browser. Two such browsers are listed below.