beautypg.com

Google Apps Directory Sync for Postini Services Administration Guide User Manual

Page 71

background image

74

Release 1.3.32, October 2009

The proxy environment requires a password challenge for external web access.

The directory sync utility can use a proxy server but cannot respond to password
challenges. To run synchronization, you will need to change your network setup to
allow the directory sync utility to connect without a password challenge, or without
a proxy server.

The base DN information doesn’t seem to be correct.

Check to be sure your base DN doesn’t include any spaces.

How do I find out information about my LDAP server fields?

You will need to download an LDAP browser. An LDAP browser allows you to
browse through an LDAP directory server and identify all fields and values. Most
directory servers do not include a complete LDAP browser.

For information about LDAP browsers, see “Useful LDAP Tools” on page 17.

I cannot simulate a synchronization because the notifications server not
specified.

To run a simulated synchronization, you will need a server capable of sending
mail. If you are running directory sync on a mail server machine, you can use the
IP address 127.0.0.1 for your mail server. Otherwise, contact your mail
administrator for the correct mail information.

How securely are passwords stored?

Google Apps Directory Sync stores passwords using a two-way encryption
scheme. This protects your sensitive information from casual snooping or reverse
engineering.

This is a change from previous versions. Before 1.3.11, passwords were stored
unencrypted in plain text in configuration files.

To convert a configuration file to the new format with encrypted passwords:

1.

Open the file in Configuration Manager.

2.

Save the file again.

You can also upgrade the file with the following command-line executable:

upgrade-config -c [filename]

where

[filename]

is the name of the XML configuration file to upgrade.

Note:

Configuration files for version 1.3.11 or later are not compatible with earlier

versions.

How can I exclude a specific LDAP organization?

You cannot create an LDAP rule to exclude users in a specific LDAP organization.
Instead, limit the authority of the LDAP Administrator you use, removing access to
any OUs you do not want to synchronize.

See also other documents in the category Google Software: