This discussion is archived
1 2 Previous Next 18 Replies Latest reply: Sep 5, 2012 3:23 PM by 960258 RSS

Experience with connector for Google Apps?

MennoPieters Newbie
Currently Being Moderated
Is there anyone who has experience with the Google Apps connector in Sun Identity Manager? (see http://wikis.sun.com/display/IdentityConnectors/Google+Apps+Connector)

The documentation on the wiki page is limited. I would like to see an example of a working configuration.

I've used the following configuration:
----
Resource Parameters
Full Domain URL: https://www.google.com/a/feeds/our.test.domain/
Domain: our.test.domain
Admin and credentials
Left "user provides password on change" off

The configuration test succeeds.

Account Attributes
Apart from the mappings firstname --> givenName and lastname --> familyName, I've added the quota (int type) and password attribute (ecrypted type).

Identity Template
As the identity template I've used "$accountId$"

Identity System Parameters
No changes made, except for the organizations.

----
When trying to add the resource to a user I get the following message:

org.identityconnectors.framework.common.exceptions.ConnectorException: EntityDoesNotExist(1301): USERNAME com.google.gdata.data.appsforyourdomain.AppsForYourDomainException: AppsForYourDomainException

USERNAME is filled with the accountId.

Debug levels at maximum hardly show anything relevant. Does anyone know how to configure this connector properly?

Best regards,

Menno Pieters
  • 1. Re: Experience with connector for Google Apps?
    804919 Newbie
    Currently Being Moderated
    Hello Menno Pieters,

    I have ~1 years exp with running the Google connector on IDM 8.1.

    In my instance the Google accountID is not the same as our IDM or Active Directory Resources.

    To solve this I developed a correlation rule and algorithm to create and link Google accountID's.

    The correlation and algorithm is dependent upon your organizations accountId parameters.

    More info would allow me to assist you better.

    -RC
  • 2. Re: Experience with connector for Google Apps?
    MennoPieters Newbie
    Currently Being Moderated
    Thank you for your response. What info do you need in order to help me? Or do you have an example of how to construct the correlation rule?

    Best regards,

    Menno Pieters
  • 3. Re: Experience with connector for Google Apps?
    841714 Newbie
    Currently Being Moderated
    Hi there,

    I am experiencing the same issue.
    I get the same error: EntityDoesNotExist(1301):

    Would you be able to provide your schema map and Identity template
    that got it working for you?

    My Schema map looks like this:

    givenName <-> givenName
    familyName <-> familyName

    My Identity template is this:

    $familyName$

    Thanks,

    John I
  • 4. Re: Experience with connector for Google Apps?
    804919 Newbie
    Currently Being Moderated
    Your Welcome,

    The Correlation Rule I developed contains an XML condition that is met when a match between the Google accountID and an Active Directory resource attribute.

    <cond>
    <ref>account.accountId</ref>
    <list>
    <new class='com.waveset.object.AttributeCondition'>
    <.s>ATTRIBUTE_TO_MATCH<./s>
    <.s>equals<./s>
    <ref>account.accountId</ref>
    </new>
    </list>
    </cond>

    My Schema is as follows

    firstname <-> givenName
    lastname <-> familyName
    ATTRIBUTE_TO_MATCH <->userName

    Identity template is as follows
    $ATTRIBUTE_TO_MATCH$

    The Google AccountID is generated as an Active Directory attribute.
    When Google is then provisioned the connector references the generated Active Directory attribute.

    -     RC
  • 5. Re: Experience with connector for Google Apps?
    MennoPieters Newbie
    Currently Being Moderated
    Hi RC,

    Thank you for your example. I've tried it with accountId as the "ATTRIBUTE_TO_MATCH". We're simply using the accountId as the identifier for both IdM and Google users.

    With a role, a correlation rule and the same attribute map, we seem to get a little further (the accountId value actually shows up before saving), but in the end we still get the same error:

    org.identityconnectors.framework.common.exceptions.ConnectorException: EntityDoesNotExist(1301): XXXXXXX com.google.gdata.data.appsforyourdomain.AppsForYourDomainException: AppsForYourDomainException

    You said, that you've been using it for about a year. Are you using the latest version, or a previous one (only the latest is downloadable now).

    Regards,

    Menno Pieters
  • 6. Re: Experience with connector for Google Apps?
    841714 Newbie
    Currently Being Moderated
    Hi there,

    I have been looking at the source code and I think I have found the problem.

    IDM determines whether to update or create a resource account
    by attempting to fetch the user from the resource.
    If the user exists then update, otherwise create.

    In the code, if the user does not exist, the code throws the
    exception: EntityDoesNotExist(1301)
    The code then catches this exception
    and then returns a null back to IDM,
    indicating that the user does not exist.
    Well, that is what the code says but this does
    not match its actual behaviour....

    I then decompiled the actual class (jar) files
    and the code there does NOT catch the exception,
    so it bubbles up to IDM, which regards it as an error.

    Soo, the jar file that is on the website has a bug in it.
    The source code in SVN is correct, but it appears
    that the jar file was not rebuilt.

    I am attempting to rebuild a new version of the jar file...

    John I
  • 7. Re: Experience with connector for Google Apps?
    MennoPieters Newbie
    Currently Being Moderated
    Thank you. A new jar would be great!
  • 8. Re: Experience with connector for Google Apps?
    MennoPieters Newbie
    Currently Being Moderated
    Hi JohnI,

    I've managed to compile the jar myself. This one seems to communicate with Google without error messages. The user seems to get created, updated and even deleted, though I'm unable to find the newly created user in the cpanel interface.

    Regards,

    Menno Pieters
  • 9. Re: Experience with connector for Google Apps?
    804919 Newbie
    Currently Being Moderated
    Hello,
    The version in use is 1.0.4455.

    I am looking to implement the latest version after we upgrade our IDM instance with Patch 14.

    Perhaps if you send me your email I may be able to send you the 1.0.4455.zip.


    - RC
  • 10. Re: Experience with connector for Google Apps?
    MennoPieters Newbie
    Currently Being Moderated
    Hi, you can download my version at: http://bit.ly/kptEtf
  • 11. Re: Experience with connector for Google Apps?
    MennoPieters Newbie
    Currently Being Moderated
    It turns out that the CPanel isn't updated in real time, but has a delay. Today, I can see a user that I've created yesterday, while I couldn't yesterday afternoon.

    So, all in all, the newest version of the Google Apps Connector works as it should. There is only a "minor" problem if you accidentally delete a user and want to recreate it... (http://www.google.com/support/forum/p/Google%20Apps/thread?tid=6063f9f2398922be&hl=en), but that is not a problem of the connector.

    Best regards,

    Menno Pieters
  • 12. Re: Experience with connector for Google Apps?
    867595 Newbie
    Currently Being Moderated
    Does anyone have experience with placing the newly created user into the correct organization in google apps? It doesn't appear the connector allows for placing in different organizations.

    Thanks in advance
  • 13. Re: Experience with connector for Google Apps?
    811701 Newbie
    Currently Being Moderated
    Hi,

    I saw the GoogleApps connector is packaged in the latest version of Oracle Waveset 8.1.1.4:
    Added new Google Apps connector (ID-12552088)

    Alas, it does not work. Google Apps provisioning works for us with the connector Menno compiled, but not with version 1.2.1 which is packaged with patch 4. I get an error on the 1st form when I try to add a resource and test configuration:

    Test connection failed for resource:

    java.lang.NoClassDefFoundError: com/google/gdata/data/appsforyourdomain/AppsForYourDomainException

    Any ideas what is wrong? I'm sure my parameters are filled in correctly.

    Greetings,
    Marijke
  • 14. Re: Experience with connector for Google Apps?
    804919 Newbie
    Currently Being Moderated
    Hello,

    I was wondering what your schema mapping looks like?
    What attribute are you using to expose the accountId of the google account?

    For Example,I tried:
    firstname<->givenName
    lastname<->familyName
    quota<->quota
    password<->password
    accountId<->userName

    Thank appears to be incorrect because when I update a user the old value for the accountId (UserName) is always blank.
    This suggests improper references to that either the accountId (IDM Side) or the userName on the Google Side.

    Any help would be appreciated,

    Thank you
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points