The documentation for Crowd's Google Apps connector states:
"Usernames must exist in Google Apps as well as Crowd and a person's username must be the same in both Google Apps and Crowd. The Crowd Google Apps connector does not support the automatic adding of users. If a user exists in Crowd but not in Google Apps, then the user will not be able to log in to Google Apps."
If I export from Google a list of my accounts, the CSV file has a column labelled "account_name" where the values are firstname.lastname@example.com.
For Crowd, do I make the cn equal to firstname.lastname only or do I make it equal to firstname.lastname@example.com?
It may be pertinent to state that this is Google Apps for Business, and @example.com is my managed domain.
Thanks.
Hello Philip,
If your username in Google Apps is "firstname.lastname@example.com." (I mean, if this is the username that you use to login into the Google Apps) so the cn for Crowd needs to be "firstname.lastname@example.com". I hope this helps.
Cheers,
LJ.
Hi Luiz
Thank you for this.
Since I am also using LDAP for server logins, the current server configuration won't support full usernames but will work with the bit before the @. This would suggest that I need to have two "cn" entries per user - one with just firstname.lastname and one with firstname.lastname@example.com.
That is quite an administrative overhead and a potential risk of typing mistakes.
Is there any way to get Crowd's Google/SSO implementation to strip or add the bit after "@" so that I only need one cn entry?
Thanks.
Philip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I've now realised that Unix logins will check against the uid attribute so I don't need two cn entries. This means that cn can be firstname.lastname@company.com and uid can just be firstname.lastname.
I've also "discovered" LDAP Account Manager which makes maintaining the underlying LDAP entries a breeze.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.