Hi,
thanks for the info.
I implemented the password hash for my customer today.
Surprisingly, it's implemented natively for CreateDomainUser but not for
UpdateDomainUser.
The solution that I have developped is a real time solution that capture
password changes on Active Directory using ILM/FIM 2010 and updates Google
and I only needed to update accounts, not to create them.
I had to reimplement the UpdateDomainUser function and as a dirty but quick
fix, implemented it in this way:
/// <summary>
/// Updates the given user
/// </summary>
/// <param name="domain">The user's domain</param>
/// <param name="userEmail">The user's email address</param>
/// <param name="attributes">The set of attributes to update</param>
/// <returns>The updated user</returns>
public AppsExtendedEntry UpdateDomainUser(String domain, String
userEmail, IDictionary<MultiDomainManagementService.MultiDomainUserProperty,
String> attributes)
{
AppsExtendedEntry entry = new AppsExtendedEntry();
String uri = String.Format("{0}/{1}/{2}",
AppsMultiDomainNameTable.AppsMultiDomainUserBaseFeedUri, domain,
userEmail);
entry.EditUri = new Uri(uri);
foreach
(KeyValuePair<MultiDomainManagementService.MultiDomainUserProperty, String>
mapEntry in attributes)
{
String value = mapEntry.Value;
if (string.IsNullOrEmpty(value))
{
continue;
}
switch (mapEntry.Key)
{
case
MultiDomainManagementService.MultiDomainUserProperty.FirstName:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.FirstName, value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.IpWhitelisted:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.IpWhitelisted, value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.IsAdmin:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.IsAdmin, value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.IsChangePasswordAtNextLogin:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.IsChangePasswordAtNextLogin,
value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.IsSuspended:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.IsSuspended, value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.LastName:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.LastName, value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.NewEmail:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.NewEmail, value));
break;
case
MultiDomainManagementService.MultiDomainUserProperty.Password:
* entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.HashFunction, "SHA-1"));*
* entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.Password, HashSha1(value)));*
break;
case
MultiDomainManagementService.MultiDomainUserProperty.UserEmail:
entry.Properties.Add(new
PropertyElement(AppsMultiDomainNameTable.UserEmail, value));
break;
default:
break;
}
}
return service.Update(entry);
}
/// <summary>
/// Hash password using SHA-1
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
private string HashSha1(string password)
{
SHA1CryptoServiceProvider sha1 = new
SHA1CryptoServiceProvider();
byte[] bs = System.Text.Encoding.UTF8.GetBytes(password);
bs = sha1.ComputeHash(bs);
System.Text.StringBuilder s = new System.Text.StringBuilder();
foreach (byte b in bs)
{
s.Append(b.ToString("x2").ToLower());
}
return s.ToString();
}
2011/5/8 Claudio Cherubino <[email protected]>
> Hi Emmanuel,
>
> Thanks for reporting the behavior of the RetrieveAllDomainUsers method,
> I'll try to troubleshoot the issue as soon as possible to understand whether
> it's due to the client library.
> The latest version of the libraries (1.8) has been released 2 days ago:
>
> http://code.google.com/p/google-gdata/downloads/list
>
> Thanks
> Claudio
>
>
> On Sun, May 8, 2011 at 5:55 PM, Emmanuel Dreux <[email protected]> wrote:
>
>> Hi,
>>
>> using the dotnet API, when I retrieve the list of users belonging to a
>> subdomain, it retrieves all the users attached to the primary domain:
>>
>> private MultiDomainManagementService _service;
>>
>> internal void Login()
>> {
>> GoogleDomain primaryDomain =
>> _settings.GetGooglePrimaryDomain();
>> _service = new
>> MultiDomainManagementService(primaryDomain.Name,
>> primaryDomain.GoogleApplicationName);
>> _service.setUserCredentials(primaryDomain.Administrator,
>> primaryDomain.Password);
>> }
>>
>> AppsExtendedFeed feed = _service.RetrieveAllDomainUsers(domain);
>>
>> domain is a subdomain, not the primary domain.
>> But RetrieveAllDomainUsers also returns the users of the primary domain.
>> It looks like the name of the domain passed as parameter is not used.
>>
>> It's annoying.
>> I can filter the results to keep only the entries which have the smtp
>> domain of my choice but it has a bad impact on parameters.
>>
>> Can you confirm this problem?
>>
>> Also, do you have an ETA for availability of the next build of the DOTNET
>> libraries?
>> Indeed, you have added the possibility to send a hash of the password
>> instead the plaintext password using the multidomain API.
>> Browsing the source code, I can see that is is implemented but the latest
>> build is still dated from 2010.
>>
>> Thanks.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google Apps Domain Information and Management APIs" group.
>> To post to this group, send email to
>> [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Apps Domain Information and Management APIs" group.
> To post to this group, send email to
> [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google Apps Domain Information and Management APIs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
