directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject Re: ApacheDS as a front for Google Apps
Date Thu, 04 Dec 2014 14:34:11 GMT
On Wed, Dec 3, 2014 at 2:17 PM, Ned Twigg <ned.twigg@diffplug.com> wrote:

> I have a small company that's moving from cloud services to internal
> services, so we're getting our first-ever LDAP server up to manage these
> accounts.
>
> We're using ApacheDS, but I really wish we could use Google Apps to manage
> our internal authentication requests.  We're an Eclipse/OSGi/Java dev shop,
> so I figure we could probably hack around a little to make a plugin for
> ApacheDS to set it up as a front for our Google Apps domain.
>

Why not use ApacheDS to store the passwords and use SAML2 to authenticate
to gmail?  Doesn't work for heavy gui apps or mobile but it does for
webapps.


>
> I've got a couple questions:
> 1) Do you think this is possible?
>

It would be very hard with just ApacheDS.  Most of the authentication in
ApacheDS assumes the password is local.  If you wanted to go down this
route I would suggest using a virtual directory in front of your ApacheDS,
using ApacheDS for data and the virtual directory (as a reverse proxy) to
delegate authentication to Google but pull data from ApacheDS over LDAP.
No one I know of does this OOTB but it should be a pretty easy plugin.
 shameless plug - MyVirtualDirectory (http://myvd.sourceforge.net), which
I'm the author, could do this pretty easily.  I know the folks at ForgeRock
have virtual capabilities in their directory as well you could look at.


> 2) If so, any recommendations on where we should start?  Which extension
> points we should learn about?
>
See my previous comment.  Google does have a Java SDK that could perform
the authentication and if you really want to get fancy could be used to
reset the password as well.


> 3) Is anybody interested in doing this project under sponsorship from us?
> We're very small, but we do have some revenue, and it'd be worth $500 or so
> to us for it to just be done.  Googling around there are other people who
> have the same request:
>
> https://productforums.google.com/forum/#!topic/apps/6rOyXD5g1aA
>
> http://superuser.com/questions/438629/using-apacheds-for-single-sign-on-for-google-apps
> https://www.jfrog.com/jira/browse/RTFACT-5491
>
>
I don't have the cycles to code it right now, but would be happy to help
out if you want to ping me out-of-band or on the MyVD list.  It sounds like
an interesting idea that would make a good addition to a virtual
directory.  No $$$$ needed.

Thanks
Marc

Mime
View raw message