Google Apps Password Sync for Samba4
Reads from your Samba4 AD and updates passwords in Google Apps in SHA1 format. Note that this solution requires you to enable plaintext passwords:
samba-tool domain passwordsettings set --store-plaintext=on
Also you will have to use "Store passwords using reversible encryption" for each users. This can be enabled with MS Active Directory snap in tool from Windows.
- google api python client
Google API must be installed with pip: pip install --upgrade google-api-python-client
- Install python-pip and python-openssl
- Create a project in Google API Console and add Admin SDK permission (read/write)
- Create a JSON Config for your project in Google Developer Console
- Install the JSON config to your samba machine in /etc/gaps/service.json (create the folder if missing)
- Copy gaps.py and gapslib.py to desired locations.
- Copy gaps.conf to /etc/gaps/gaps.conf and configure it
- Run gaps.py in cron or at startup from rc.local, or both (if you wan't to schedule a restart). Change your settings in gapslib.py to fit your setup.
- Change syslog to desired local and add it to your syslog config for custom log file
- Start the daemon and watch log file for updates
- If you are having trouble loading samba python modules please copy or symlink files and dirs in "/usr/local/samba/lib/python2.7/site-packages/" to "/usr/lib/python2.7/"
- If you are having issues with Google Permissions - you might need to add domain-wide authority to your service Delegate domain-wide authority to your service account https://developers.google.com/drive/web/delegation#delegate_domain-wide_authority_to_your_service_account
If the daemon don't start change /dev/null to /dev/tty in gaps.py and watch for error messages.
Migration from old Google Provision API to new Google Admin SDK
- Install python-pip
- Create a project in Google Developer Console and ad Admin SDK permission
- Create a JSON config for you project in Google Developer Console
- Download the json config from the Google Developer Console to your samba machine
- pip install --upgrade google-api-python-client
- Copy your settings from your local version of gapslib.py to the new config file /etc/gaps/gaps.conf (create the fold if missing)
- Replace gapslib.py with the new one