Google Apps Directory Sync for Postini Services Administr Manuale Utente

Google Apps Directory Sync for Postini ServicesAdministration GuideRelease 1.3.35 - November 2009• Google Message Filtering• Google Message Security•

Introduction 11ArchitectureGoogle Apps Directory Sync runs on your server and updates the message security service to match your LDAP server. The di

12 Release 1.3.32, October 2009 3. The directory sync utility compares the two lists, and generates a list of changes.4. The directory sync utility t

Introduction 13Utility OverviewThe directory sync utility includes several components, designed to work together. These components are:• Configurati

Chapter 3 Preparation 15PreparationChapter 3About PreparationSuccessful deployment of Google Apps Directory Sync requires planning.Many steps in the

16 Release 1.3.32, October 2009 Checklist: Before You BeginBefore you configure synchronization, gather the information you need from the message sec

Preparation 17LDAP Structure Information: Gather information about your LDAP directory server. You will need to know what OUs contain users you want

18 Release 1.3.32, October 2009 Note that these are third-party browsers, and this document does not include instructions or support on the use of an

Preparation 19For examples of how these operators are used, see the common LDAP queries below.Common LDAP QueriesThe examples below show the most co

20 Release 1.3.32, October 2009 All user objects except for ones with primary email addresses that contain the word “test”(&(&(objectclass=us

Preparation 21Synchronizing for a very large or complex organization may require special consideration. This may be the case for two reasons:• A com

2 Google Apps Directory Sync for Postini Services Administration Guide Google, Inc.1600 Amphitheatre ParkwayMountain View, CA 94043www.google.comPart

Chapter 4 Installation 23InstallationChapter 4About InstallationTo run Google Apps Directory Sync, install the directory sync utility on your server.

24 Release 1.3.32, October 2009 System RequirementsUsing Google Apps Directory Sync requires the following:• A server on which to install Google Apps

Installation 253. Download and run the installer.4. When you have completed all the steps of the installer, the directory sync utility has been inst

26 Release 1.3.32, October 2009 You can also update manually. The latest version of the directory sync utility is always accessible on the Google App

Chapter 5 Configuration 27ConfigurationChapter 5About ConfigurationConfiguration Manager is a step-by-step graphical user interface that walks you th

28 Release 1.3.32, October 2009 The directory sync utility includes several ways to customize search rules and filters. When collecting information f

Configuration 29Message Security Service SettingsThe Message Security Settings section governs how the directory sync utility connects to the messag

30 Release 1.3.32, October 2009 Message Security Service AuthenticationEnter your message security service login and connection information in this s

Configuration 31Immediately send a welcome message to new usersTypically, the message security service sends welcome notifications to new users with

32 Release 1.3.32, October 2009 HTTP Proxy Host Name(if needed)If you use a different proxy server for HTML connections than SSL connections, enter t

3This product includes software developed byThe Apache Software Foundation (http://www.apache.org/).Portions of Derby were originally developed by I

Configuration 33Test ConnectionOnce you have configured Server settings, click Test Connection. Configuration Manager will connect to the message se

34 Release 1.3.32, October 2009 Any existing user in the specified orgs will be deleted if they are not in the user list generated from your LDAP ser

Configuration 35Exclusion rules are based on string values and regular expressions, not LDAP settings.This page shows the list of exclusion filters.

36 Release 1.3.32, October 2009 Add Exclusion FilterClick Add Exclusion Filter at the bottom of the page to exclude a user or organization from synch

Configuration 37Sample Message Security Exclusion RulesListed below are samples of common exclusion rules. Note that the exact text of these rules w

38 Release 1.3.32, October 2009 Default UsersIf your search includes your pdefault users, the directory sync utility will try to delete these users u

Configuration 39Alternate OfficesThe company has two other offices with separate LDAP servers. The three offices have intermingled org structures, b

40 Release 1.3.32, October 2009 LDAP ConnectionSpecify your LDAP connection and authentication in this page.LDAP Connection Setting DescriptionConnec

Configuration 41Test ConnectionOnce you have configured LDAP Authentication settings, click Test Connection. Configuration Manager will connect to y

42 Release 1.3.32, October 2009 LDAP UsersThe LDAP Settings section configures how Google Apps Directory Sync generates your LDAP user list for compa

Contents 5ContentsAbout This Guide 7What This Guide Contains 7Related Documentation 7How to Send Comments About This Guide 8Chapter 2: Introduction

Configuration 43LDAP User AttributesSpecify what attributes Google Apps Directory Sync will use when generating the LDAP user list.LDAP User Attribu

44 Release 1.3.32, October 2009 Non-Address Primary Key Attribute(Optional)An LDAP attribute with a unique key other than an email address.This field

Configuration 45Use DefaultsClick this button to use the default values for your server type, as follows:• Lotus Domino: Email Address Attribute mai

46 Release 1.3.32, October 2009 LDAP User SyncThis shows a list of rules used when generating the LDAP user list.By default, all users that match the

Configuration 47Add Search RuleTo add a new search rule, click Add Search Rule.Specify the following:LDAP User Sync Setting DescriptionOrg Name Sele

48 Release 1.3.32, October 2009 Org name defined by this LDAP attributeSelect Org Name or Org name defined by this LDAP attribute and enter an approp

Configuration 49Scope This determines where in the LDAP directory this rule applies. This could be an entire subtree, one level, or a single object.

50 Release 1.3.32, October 2009 LDAP User Exclusion RulesIf you have any users on your LDAP directory server that match your search rules but should

Configuration 51Exclusion rules are based on string values and regular expressions, not LDAP settings. Note: To exclude individual users, add a sepa

52 Release 1.3.32, October 2009 Add Exclusion FilterClick the Add Exclusion Filter at the bottom of the page to exclude a user or organization in you

6 Release 1.3.32, October 2009 Message Security Service Orgs 33Exclusion Filters for Service Settings 34Sample Message Security Exclusion Rules 37LDA

Configuration 53Sample LDAP User Exclusion RulesListed below are samples of common exclusion rules. Note that the exact text of these rules will var

54 Release 1.3.32, October 2009 First rule:• Match Type: Exact Match• Exclude Type: Primary Address• Rule: [email protected] rule:• Match Type

Configuration 55Mailing lists are often handled separately, because if a mailing list is added as a user, all recipients of the mailing list will re

56 Release 1.3.32, October 2009 LDAP Mailing List SyncMailing lists are a special kind of email address that direct mail to many addresses at once. M

Configuration 57Add Mail ListClick the Add Mail List at the bottom of the page to synchronize one or more addresses as mailing lists.Specify the fol

58 Release 1.3.32, October 2009 Scope Where to apply the mail list rule. This could be a whole subtree, a single level, or a single object.• Subtree:

Configuration 59LDAP Mailing List Exclusion RulesYou can exclude particular addresses from being treated as mailing lists.If you have any entries in

60 Release 1.3.32, October 2009 Add Exclusion FilterClick Add Exclusion Filter at the bottom of the page to prevent an address from being treated as

Configuration 61Sample Substring Match: Internal Mailing ListsSeveral mailing lists are devoted to internal use only. Those lists all have “internal

62 Release 1.3.32, October 2009 Consider adding a notification to send mail to your own address, and possibly the addresses of any concerned parties

7About This GuideWhat This Guide ContainsThe Google Apps Directory Sync Administration Guide provides information about:• Google Apps Directory Sync f

Configuration 63Test NotificationClick this button to test notifications. Configuration Manager will connect to the SMTP server you specified and se

64 Release 1.3.32, October 2009 The directory sync utility checks to be sure that synchronization will not delete too many users. If the synchronizat

Configuration 65Log FilesYou can specify the file name and level of detail of logging for Google Apps Directory Sync.Specify the following:Logging S

66 Release 1.3.32, October 2009 Simulate SyncAfter you enter configuration information, use this section to verify and test your Google Apps Director

Configuration 67Once you’ve completed all required fields, you will be able to use the Simulate Sync button to simulate a synchronization.Once you’r

68 Release 1.3.32, October 2009 Review the Simulation Results to confirm that the simulation occurred correctly without any unexpected results.If any

Chapter 6 Synchronization 69SynchronizationChapter 6About SynchronizationRun the synchronization command to push your LDAP directory server user info

70 Release 1.3.32, October 2009 Replace [filename] with the name of the XML file you created in the Configuration Manager.Synchronization optionsThe

Synchronization 71Scheduling SynchronizationOnce you have successfully run a manual synchronization, you can set up automatic synchronization. Use e

72 Release 1.3.32, October 2009 3. Complete the Scheduled Task wizard using the following information. (Steps may vary depending on your version of M

8 Release 1.3.32, October 2009How to Send Comments About This GuideGoogle values your feedback. If you have comments about this guide, please send an

Chapter 7 Troubleshooting 73TroubleshootingChapter 7About TroubleshootingThis chapter covers information about how to troubleshoot problems that may

74 Release 1.3.32, October 2009 The proxy environment requires a password challenge for external web access.The directory sync utility can use a prox

Troubleshooting 75Is there a way to change the Non-Address Primary Key Attribute for users manually once the directory sync utility has synced users

76 Release 1.3.32, October 2009 2. Under Message Security Service Authentication, click Test Connection to confirm you can connect to the message sec

Chapter 2 Introduction 9IntroductionChapter 2About Google Apps Directory SyncGoogle Apps Directory Sync is a utility that adds, deletes, and moves yo

10 Release 1.3.32, October 2009 Comparison with Directory Sync Hosted EditionGoogle Apps Directory Sync is a separate utility run on your server, and