Unable to set a new value for the marker/label "set by admin | set by user | temporary" through APIs
72 views
Skip to first unread message
Emilio
Jan 22, 2012, 11:26:30 AM1/22/12
to google-app...@googlegroups.com
Hi,
I'm writing a little java web app to handle user's password update through APIs.
I think the code I wrote is correct... I mean, the procedure works properly and passwords are updated.
What's wrong, then?
Well, I've created a couple of test users with a temporary password and passwords were correctly marked as "temporary" in the domain management UI.
Then I tried to update the users' passwords using my web app. I think it worked, because users have now to use the new passwords' values in order to sign in.
*** BUT *** when I last visited the domain management UI, I noticed that the value of the marker/label (what do you call that field?) "temporary" was unchanged! I expected a new value for the marker/label (i.e. "set by admin").
This is the significant snippet of code (Java):
[...]
String domainUrlBase = "https://apps-apis.google.com/a/feeds/<mydomain>/user/2.0";
UserService userService = new UserService(serviceName);
userService.setUserCredentials(adminEmail, adminPassword);
URL retrieveURL = new URL(domainUrlBase + "/" + username);
UserEntry userEntry = userService.getEntry(retrieveURL, UserEntry.class);
userEntry.getLogin().setPassword(newUserPassword);
userService.update(retrieveURL, userEntry);
[...]
The question is: how can I modify the value of the marker/label "set by admin | set by user | temporary", according to the update operation made by my app? I'd like to set the value to "set by admin".
I also thought that I had to set something more, but I didn't find anything useful (userEntry.setUpdated(...)?, ...?).
Other question: when a user is created through APIs the value of the marker/label is "set by user" by default. Why?
Thank you!
Emilio
Gunjan Sharma
Jan 23, 2012, 8:27:29 AM1/23/12
to google-app...@googlegroups.com
Hello Emilio
We are currently looking into the issue. I will update the thread with more information.
Thanks
Gunjan Sharma
Emilio
Jan 27, 2012, 7:52:47 AM1/27/12
to google-app...@googlegroups.com
Hello,
do you think this issue can cause any trouble?
I mean, can I assume that, even if the domain management UI doesn't show the changes made by my app through APIs, the pw update op is ok?
Our edu apps (~12.000 users) are, for a short time, in SSO (Shibboleth) and my organization decided NOT to sync passwords in our Open LDAP with Google Apps; so users who want to use clients other than a Web browser (i.e. gcalcli, Evolution, ...) need to set/change their G-password somehow: my app should do this stuff.
Another question: we are going to use G Apps Directory Sync to create new users and to modify/suspend existing users; as we won't sync OL passwords with G Apps, can we create users with no password at all (no mapping)? Or have we better map anything anyway? This first value for the password is never used by user (we prefer not to use a "default" password and not to spread the idea that a certain attribute of the OL entry is the default password...): users have to set/change their password through my web app.
Thank you!
Emilio
Emilio
Feb 17, 2012, 5:52:35 AM2/17/12
to google-app...@googlegroups.com
Hi,
any news? I'm a little bit stuck.
Thank you!
Emilio
Claudio Cherubino
Feb 21, 2012, 5:41:14 PM2/21/12
to google-app...@googlegroups.com
Hi Emilio,
Sorry for the delay.
It is not allowed to create users with no passwords, you can generate random passwords for them and force users to change them at the first login.
Claudio
--To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/GOEWOqkmbpQJ.
You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group.
To post to this group, send email to google-app...@googlegroups.com.
To unsubscribe from this group, send email to google-apps-mgmt...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
Emilio
Feb 22, 2012, 7:19:24 AM2/22/12
to google-app...@googlegroups.com
Hi Claudio,
thank you for your reply to my last question.
Well, I think that my last question is unclear. It's my fault.
My last question is about GADS (Google Apps Directory Sync) and maybe this forum is not the right place to post questions about GADS.
I know that it's not allowed to create users with no password; the right question is: does GADS create a random password for each user, if I don't specify any LDAP attribute or default password in password mapping?
I've posted a question in the right place.
But if you can give me a hint anyway, your help will be absolutely appreciated! :-) :-D
What about my first question?
I start thinking that a label is only a label. ;-)
Bye!
Emilio
thank you for your reply to my last question.
Well, I think that my last question is unclear. It's my fault.
My last question is about GADS (Google Apps Directory Sync) and maybe this forum is not the right place to post questions about GADS.
I know that it's not allowed to create users with no password; the right question is: does GADS create a random password for each user, if I don't specify any LDAP attribute or default password in password mapping?
I've posted a question in the right place.
But if you can give me a hint anyway, your help will be absolutely appreciated! :-) :-D
What about my first question?
I start thinking that a label is only a label. ;-)
Bye!
Emilio
Claudio Cherubino
Feb 22, 2012, 12:12:30 PM2/22/12
to google-app...@googlegroups.com
Hi Emilio,
Unfortunately this is not the best place to ask questions about GADS and I don't know how to answer your question.
I'd recommend trying the following two links
For what concerns your first question (the one about the marker/label "set by admin | set by user | temporary"), there's no way you can control that with the API.
Claudio
Emilio
--
You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/amaXdnecubwJ.
David Haley
Feb 22, 2012, 2:08:12 PM2/22/12
to google-app...@googlegroups.com
Hi Emilio,
Please see page 32 of this document for password management with GADS.
Short story: GADS will not create passwords for you, but you can set defaults or populate a custom field in your LDAP provider that contains the generated password, and sync passwords from that field.
Cheers,
- David
Emilio
Feb 22, 2012, 6:40:55 PM2/22/12
to google-app...@googlegroups.com
Hi David,
thank you for your reply!
David, I've already read that page; in particular "Implement Single Sign-On for your domain".
It is said: "Set up a SAML server for your account to manage Single Sign-On.
Users will use the same passwords and authorization for both Google Apps and your LDAP directory server.
Google Apps Directory Sync will create random passwords during synchronization in this case." [...]
Please, see this: https://groups.google.com/a/googleproductforums.com/d/topic/apps/xFMubCAnajI/discussion and contribute.
Thank you again! Bye!
Emilio
thank you for your reply!
David, I've already read that page; in particular "Implement Single Sign-On for your domain".
It is said: "Set up a SAML server for your account to manage Single Sign-On.
Users will use the same passwords and authorization for both Google Apps and your LDAP directory server.
Google Apps Directory Sync will create random passwords during synchronization in this case." [...]
Please, see this: https://groups.google.com/a/googleproductforums.com/d/topic/apps/xFMubCAnajI/discussion and contribute.
Thank you again! Bye!
Emilio
Emilio
Feb 22, 2012, 6:45:27 PM2/22/12
to google-app...@googlegroups.com
Hi Claudio,
thank you for your replies.
Emilio
thank you for your replies.
Emilio
Reply all
Reply to author
Forward
0 new messages