================================ Synchronization tool between LDAP/Active Directory and Google APPS

Utility google-apps-sync is a command line tool that allows administrators synchronize between Active Directory or LDAP as source and Google Apps as destination.

This script was created at Brno University of Technology as alternative to Google GADS synchronization tool. Compared to the GADS tool, this script is open source, more flexible, faster and perhaps has less errors.

In the case of use outside the Brno University of Technology, it will be necessary to make minor adjustments in the code.

Currently this script can do this:

• synchronization of users (add, change, remove)
• synchronizing of groups (add, change, remove)
• synchronizing of group members (add, remove)
• synchronizing of profile photos (add, change, remove)
• synchronizing of user aliases (add, remove)

All datasets are cached for defined period in JSON files.

The script requires a correctly filled attributes in Active Directory, especially mail, emplyeeID, gidNumber and for orgunits also attribute adminDescription. For more informations see source code.

git clone https://github.com/kreuzwieser/google-apps-sync.git

1. change settings in file config/GoogleAppSyncSettings.pm
2. create new service ID (as service): https://console.developers.google.com
3. download JSON key file, which was generated from https://console.developers.google.com to config file config/ouath2service.json
4. enable API in admin console at https://admin.google.com and add permission to all required scopes:

• https://www.googleapis.com/auth/admin.directory.user
• https://www.googleapis.com/auth/admin.directory.group.
• https://www.googleapis.com/auth/admin.directory.group.member
• https://www.googleapis.com/auth/admin.directory.orgunit

For better step-by-step documentation about API see GAM wiki: https://github.com/jay0lee/GAM/wiki. GAM is a command line tool that allows administrators to manage many aspects of their Google Apps Account.