beautypg.com

Google Apps Directory Sync for Postini Services Administration Guide User Manual

Page 19

background image

Preparation

21

Synchronizing for a very large or complex organization may require special
consideration. This may be the case for two reasons:

A complex deployment may include many different sub-groups which need to
be synchronized using separate rules or message security service
organizations.

A large deployment may be system-intensive and may require special work to
be sure it runs quickly.

A common way to handle a large deployment is to create multiple configuration
files for different parts of your company. This allows greater customization and
may speed up your synchronization.

When you set up multiple configuration files for a large deployment, consider the
following:

If you are scheduling synchronization, schedule each configuration file
separately.

Every configuration file must synchronize to a different organization in the
message security service. If two configuration files affect the same
organization on the message security service, the directory sync utility may
overwrite or delete users.

You must include some kind of LDAP user search in every configuration file.

The directory sync utility can move users from other organizations to
complete synchronization.

One particular way to enhance performance is to separate mailing lists to a
separate search. If a large synchronization is going slowly, consider creating a
separate organization for mailing lists, and running a separate synchronization for
that organization. However, remember that you must include some kind of LDAP
user search in every configuration file; if you’re only synchronizing mailing lists,
add a placeholder LDAP search rule that will not return any results, such as

(objectclass = thisisnotavalidclass)

.

If your organization has multiple LDAP servers, or multiple base DNs, set up
separate XML configuration files and run separate synchronizations. Create a
separate organization in the message security service Administration Console for
each separate LDAP server or base DN.

If you are using multiple configuration files, consider assigning a different
administrator to each. Then, set the permissions for

See also other documents in the category Google Software: