Author Topic: Google cloud directory service (GCDS) password synchronization  (Read 2257 times)

Lapin-Blanc

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Hi !
I'm testing zentyal development edition (5.0.1 amd64) on virtualbox 5.2.8. Configured it as a PDC (DHCP, DNS, PDC)
My goal is to have my active directory users synced with google through GCDS.
I got nearly everything to work. Actually, everything is synced (organizational units, profiles, etc.) except passwords  :(

I figured out that GCDS only updates passwords found in ldap attributes, and with certain types (SHA1, MD5, plaintext, ...)
Btw Zentyal seems to manage authentication through Kerberos (correct me if I'm wrong...)
I've made a test adding a userPassword attribute to one of the users through ldap browser, and syncing to google, everything worked fine.

Now I'm trying to find a way to have google passwords synced with my users passwords. As those passwords (or hashes) are not found in LDAP, I thought about using hooks in kerberos and/or slapd to update a userPassword field in ldap when changing it. I came across https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/smbk5pwd wich looked promising.
But my whole zentyal samba got broken when I tried to use it...
So I'm still trying to find a way to synchronize... :o

Any help would be greatly appreciated :D

dvanremortel

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Google cloud directory service (GCDS) password synchronization
« Reply #1 on: November 16, 2018, 01:33:35 am »
Hi there, was curious if you got anywhere with this?

Neustradamus

  • Zen Monk
  • **
  • Posts: 92
  • Karma: +0/-5
    • View Profile
Re: Google cloud directory service (GCDS) password synchronization
« Reply #2 on: November 19, 2018, 04:19:20 pm »
Curious too :)

desperados

  • Zen Monk
  • **
  • Posts: 64
  • Karma: +4/-0
    • View Profile
Re: Google cloud directory service (GCDS) password synchronization
« Reply #3 on: March 04, 2019, 01:41:06 pm »
also interested