Is there anyone who has experience with the Google Apps connector in Sun Identity Manager? (see http://wikis.sun.com/display/IdentityConnectors/Google+Apps+Connector)
The documentation on the wiki page is limited. I would like to see an example of a working configuration.
I've used the following configuration:
---- Resource Parameters
Full Domain URL: https://www.google.com/a/feeds/our.test.domain/
Admin and credentials
Left "user provides password on change" off
The configuration test succeeds. Account Attributes
Apart from the mappings firstname --> givenName and lastname --> familyName, I've added the quota (int type) and password attribute (ecrypted type). Identity Template
As the identity template I've used "$accountId$" Identity System Parameters
No changes made, except for the organizations.
When trying to add the resource to a user I get the following message:
org.identityconnectors.framework.common.exceptions.ConnectorException: EntityDoesNotExist(1301): USERNAME com.google.gdata.data.appsforyourdomain.AppsForYourDomainException: AppsForYourDomainException
USERNAME is filled with the accountId.
Debug levels at maximum hardly show anything relevant. Does anyone know how to configure this connector properly?
Hello Menno Pieters,
I have ~1 years exp with running the Google connector on IDM 8.1.
In my instance the Google accountID is not the same as our IDM or Active Directory Resources.
To solve this I developed a correlation rule and algorithm to create and link Google accountID's.
The correlation and algorithm is dependent upon your organizations accountId parameters.
More info would allow me to assist you better.
I am experiencing the same issue.
I get the same error: EntityDoesNotExist(1301):
Would you be able to provide your schema map and Identity template
that got it working for you?
My Schema map looks like this:
givenName <-> givenName
familyName <-> familyName
My Identity template is this:
The Correlation Rule I developed contains an XML condition that is met when a match between the Google accountID and an Active Directory resource attribute.
My Schema is as follows
firstname <-> givenName
lastname <-> familyName
Identity template is as follows
The Google AccountID is generated as an Active Directory attribute.
When Google is then provisioned the connector references the generated Active Directory attribute.
Thank you for your example. I've tried it with accountId as the "ATTRIBUTE_TO_MATCH". We're simply using the accountId as the identifier for both IdM and Google users.
With a role, a correlation rule and the same attribute map, we seem to get a little further (the accountId value actually shows up before saving), but in the end we still get the same error:
org.identityconnectors.framework.common.exceptions.ConnectorException: EntityDoesNotExist(1301): XXXXXXX com.google.gdata.data.appsforyourdomain.AppsForYourDomainException: AppsForYourDomainException
You said, that you've been using it for about a year. Are you using the latest version, or a previous one (only the latest is downloadable now).
I have been looking at the source code and I think I have found the problem.
IDM determines whether to update or create a resource account
by attempting to fetch the user from the resource.
If the user exists then update, otherwise create.
In the code, if the user does not exist, the code throws the
The code then catches this exception
and then returns a null back to IDM,
indicating that the user does not exist.
Well, that is what the code says but this does
not match its actual behaviour....
I then decompiled the actual class (jar) files
and the code there does NOT catch the exception,
so it bubbles up to IDM, which regards it as an error.
Soo, the jar file that is on the website has a bug in it.
The source code in SVN is correct, but it appears
that the jar file was not rebuilt.
I am attempting to rebuild a new version of the jar file...
I've managed to compile the jar myself. This one seems to communicate with Google without error messages. The user seems to get created, updated and even deleted, though I'm unable to find the newly created user in the cpanel interface.
The version in use is 1.0.4455.
I am looking to implement the latest version after we upgrade our IDM instance with Patch 14.
Perhaps if you send me your email I may be able to send you the 1.0.4455.zip.
It turns out that the CPanel isn't updated in real time, but has a delay. Today, I can see a user that I've created yesterday, while I couldn't yesterday afternoon.
So, all in all, the newest version of the Google Apps Connector works as it should. There is only a "minor" problem if you accidentally delete a user and want to recreate it... (http://www.google.com/support/forum/p/Google%20Apps/thread?tid=6063f9f2398922be&hl=en), but that is not a problem of the connector.
Does anyone have experience with placing the newly created user into the correct organization in google apps? It doesn't appear the connector allows for placing in different organizations.
Thanks in advance
I saw the GoogleApps connector is packaged in the latest version of Oracle Waveset 184.108.40.206:
Added new Google Apps connector (ID-12552088)
Alas, it does not work. Google Apps provisioning works for us with the connector Menno compiled, but not with version 1.2.1 which is packaged with patch 4. I get an error on the 1st form when I try to add a resource and test configuration:
Test connection failed for resource:
Any ideas what is wrong? I'm sure my parameters are filled in correctly.
I was wondering what your schema mapping looks like?
What attribute are you using to expose the accountId of the google account?
For Example,I tried:
Thank appears to be incorrect because when I update a user the old value for the accountId (UserName) is always blank.
This suggests improper references to that either the accountId (IDM Side) or the userName on the Google Side.
Any help would be appreciated,