1 2 Previous Next 18 Replies Latest reply: Sep 5, 2012 5:23 PM by 960258 RSS

    Experience with connector for Google Apps?

    MennoPieters
      Is there anyone who has experience with the Google Apps connector in Sun Identity Manager? (see http://wikis.sun.com/display/IdentityConnectors/Google+Apps+Connector)

      The documentation on the wiki page is limited. I would like to see an example of a working configuration.

      I've used the following configuration:
      ----
      Resource Parameters
      Full Domain URL: https://www.google.com/a/feeds/our.test.domain/
      Domain: our.test.domain
      Admin and credentials
      Left "user provides password on change" off

      The configuration test succeeds.

      Account Attributes
      Apart from the mappings firstname --> givenName and lastname --> familyName, I've added the quota (int type) and password attribute (ecrypted type).

      Identity Template
      As the identity template I've used "$accountId$"

      Identity System Parameters
      No changes made, except for the organizations.

      ----
      When trying to add the resource to a user I get the following message:

      org.identityconnectors.framework.common.exceptions.ConnectorException: EntityDoesNotExist(1301): USERNAME com.google.gdata.data.appsforyourdomain.AppsForYourDomainException: AppsForYourDomainException

      USERNAME is filled with the accountId.

      Debug levels at maximum hardly show anything relevant. Does anyone know how to configure this connector properly?

      Best regards,

      Menno Pieters
        • 1. Re: Experience with connector for Google Apps?
          804919
          Hello Menno Pieters,

          I have ~1 years exp with running the Google connector on IDM 8.1.

          In my instance the Google accountID is not the same as our IDM or Active Directory Resources.

          To solve this I developed a correlation rule and algorithm to create and link Google accountID's.

          The correlation and algorithm is dependent upon your organizations accountId parameters.

          More info would allow me to assist you better.

          -RC
          • 2. Re: Experience with connector for Google Apps?
            MennoPieters
            Thank you for your response. What info do you need in order to help me? Or do you have an example of how to construct the correlation rule?

            Best regards,

            Menno Pieters
            • 3. Re: Experience with connector for Google Apps?
              841714
              Hi there,

              I am experiencing the same issue.
              I get the same error: EntityDoesNotExist(1301):

              Would you be able to provide your schema map and Identity template
              that got it working for you?

              My Schema map looks like this:

              givenName <-> givenName
              familyName <-> familyName

              My Identity template is this:

              $familyName$

              Thanks,

              John I
              • 4. Re: Experience with connector for Google Apps?
                804919
                Your Welcome,

                The Correlation Rule I developed contains an XML condition that is met when a match between the Google accountID and an Active Directory resource attribute.

                <cond>
                <ref>account.accountId</ref>
                <list>
                <new class='com.waveset.object.AttributeCondition'>
                <.s>ATTRIBUTE_TO_MATCH<./s>
                <.s>equals<./s>
                <ref>account.accountId</ref>
                </new>
                </list>
                </cond>

                My Schema is as follows

                firstname <-> givenName
                lastname <-> familyName
                ATTRIBUTE_TO_MATCH <->userName

                Identity template is as follows
                $ATTRIBUTE_TO_MATCH$

                The Google AccountID is generated as an Active Directory attribute.
                When Google is then provisioned the connector references the generated Active Directory attribute.

                -     RC
                • 5. Re: Experience with connector for Google Apps?
                  MennoPieters
                  Hi RC,

                  Thank you for your example. I've tried it with accountId as the "ATTRIBUTE_TO_MATCH". We're simply using the accountId as the identifier for both IdM and Google users.

                  With a role, a correlation rule and the same attribute map, we seem to get a little further (the accountId value actually shows up before saving), but in the end we still get the same error:

                  org.identityconnectors.framework.common.exceptions.ConnectorException: EntityDoesNotExist(1301): XXXXXXX com.google.gdata.data.appsforyourdomain.AppsForYourDomainException: AppsForYourDomainException

                  You said, that you've been using it for about a year. Are you using the latest version, or a previous one (only the latest is downloadable now).

                  Regards,

                  Menno Pieters
                  • 6. Re: Experience with connector for Google Apps?
                    841714
                    Hi there,

                    I have been looking at the source code and I think I have found the problem.

                    IDM determines whether to update or create a resource account
                    by attempting to fetch the user from the resource.
                    If the user exists then update, otherwise create.

                    In the code, if the user does not exist, the code throws the
                    exception: EntityDoesNotExist(1301)
                    The code then catches this exception
                    and then returns a null back to IDM,
                    indicating that the user does not exist.
                    Well, that is what the code says but this does
                    not match its actual behaviour....

                    I then decompiled the actual class (jar) files
                    and the code there does NOT catch the exception,
                    so it bubbles up to IDM, which regards it as an error.

                    Soo, the jar file that is on the website has a bug in it.
                    The source code in SVN is correct, but it appears
                    that the jar file was not rebuilt.

                    I am attempting to rebuild a new version of the jar file...

                    John I
                    • 7. Re: Experience with connector for Google Apps?
                      MennoPieters
                      Thank you. A new jar would be great!
                      • 8. Re: Experience with connector for Google Apps?
                        MennoPieters
                        Hi JohnI,

                        I've managed to compile the jar myself. This one seems to communicate with Google without error messages. The user seems to get created, updated and even deleted, though I'm unable to find the newly created user in the cpanel interface.

                        Regards,

                        Menno Pieters
                        • 9. Re: Experience with connector for Google Apps?
                          804919
                          Hello,
                          The version in use is 1.0.4455.

                          I am looking to implement the latest version after we upgrade our IDM instance with Patch 14.

                          Perhaps if you send me your email I may be able to send you the 1.0.4455.zip.


                          - RC
                          • 10. Re: Experience with connector for Google Apps?
                            MennoPieters
                            Hi, you can download my version at: http://bit.ly/kptEtf
                            • 11. Re: Experience with connector for Google Apps?
                              MennoPieters
                              It turns out that the CPanel isn't updated in real time, but has a delay. Today, I can see a user that I've created yesterday, while I couldn't yesterday afternoon.

                              So, all in all, the newest version of the Google Apps Connector works as it should. There is only a "minor" problem if you accidentally delete a user and want to recreate it... (http://www.google.com/support/forum/p/Google%20Apps/thread?tid=6063f9f2398922be&hl=en), but that is not a problem of the connector.

                              Best regards,

                              Menno Pieters
                              • 12. Re: Experience with connector for Google Apps?
                                867595
                                Does anyone have experience with placing the newly created user into the correct organization in google apps? It doesn't appear the connector allows for placing in different organizations.

                                Thanks in advance
                                • 13. Re: Experience with connector for Google Apps?
                                  811701
                                  Hi,

                                  I saw the GoogleApps connector is packaged in the latest version of Oracle Waveset 8.1.1.4:
                                  Added new Google Apps connector (ID-12552088)

                                  Alas, it does not work. Google Apps provisioning works for us with the connector Menno compiled, but not with version 1.2.1 which is packaged with patch 4. I get an error on the 1st form when I try to add a resource and test configuration:

                                  Test connection failed for resource:

                                  java.lang.NoClassDefFoundError: com/google/gdata/data/appsforyourdomain/AppsForYourDomainException

                                  Any ideas what is wrong? I'm sure my parameters are filled in correctly.

                                  Greetings,
                                  Marijke
                                  • 14. Re: Experience with connector for Google Apps?
                                    804919
                                    Hello,

                                    I was wondering what your schema mapping looks like?
                                    What attribute are you using to expose the accountId of the google account?

                                    For Example,I tried:
                                    firstname<->givenName
                                    lastname<->familyName
                                    quota<->quota
                                    password<->password
                                    accountId<->userName

                                    Thank appears to be incorrect because when I update a user the old value for the accountId (UserName) is always blank.
                                    This suggests improper references to that either the accountId (IDM Side) or the userName on the Google Side.

                                    Any help would be appreciated,

                                    Thank you
                                    1 2 Previous Next