Using GAM with 2 domains?

2,826 views
Skip to first unread message

Melissa Benson

unread,
Feb 7, 2011, 12:41:55 PM2/7/11
to Google Apps Manager
Hi, want to use GAM with 2 domains - 1 testing and 1 production.

I've successfully installed and connected with my testing domain. Now,
when I open up command prompt again and type in gam info domain it
logs me into the testing one automatically even if I want to log into
my production domain. I see there is the token file in the GAM folder
under C.

What is the best way to have connect into both domains? I will be
logging into both in the future. Have another install of GAM? delete
the token file?

Thanks for any help!

I'm working on a Windows (XP) machine.

Jay Lee

unread,
Feb 7, 2011, 12:44:43 PM2/7/11
to google-ap...@googlegroups.com
Hi Melissa,

  You could install to 2 different directories or you could delete or rename the token.txt file when switching between domains, either method would work.

Jay



--
You received this message because you are subscribed to the "Google Apps Manager" group.
To post to this group, send email to
google-ap...@googlegroups.com
To unsubscribe from this group, send email to
google-apps-man...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/google-apps-manager

Melissa Benson

unread,
Feb 7, 2011, 3:58:26 PM2/7/11
to Google Apps Manager
Great, I will just delete the token. I wanted to make sure that
wouldn't screw anything up. Thank you.

On Feb 7, 11:44 am, Jay Lee <j...@pbu.edu> wrote:
> Hi Melissa,
>
>   You could install to 2 different directories or you could delete or rename
> the token.txt file when switching between domains, either method would work.
>
> Jay
>

Sandip Shah

unread,
Feb 7, 2011, 4:06:12 PM2/7/11
to Google Apps Manager
Jay,

Suggestion - you may want to save the token file as
domainname_token.txt (as opposed to token.txt) and that way the end
user does not have to worry about such issues.

Ss

Jay Lee

unread,
Feb 7, 2011, 4:11:03 PM2/7/11
to google-ap...@googlegroups.com
Sandip,

  Then the user would need to select which domain they want to use every single time they run a GAM command. Most users don't have more than 1 domain so it's a non issue for them. Users with multiple domains can easily rename token.txt as necessary.

  I did forget to mention that auth.txt might be useful in these cases. If you create auth.txt and specify a domain on the 1st line, a username on the 2nd and a password on the 3rd, then GAM will use those values to login rather than manually prompting each time meaning you won't need to login to GAM every 24 hours. With multiple domains, auth.txt would need to be renamed like token.txt. Also, GAM will use a valid token.txt before it will look at auth.txt but this does give you some more flexibility.

Jay

Matt Paddock

unread,
Feb 7, 2011, 4:15:08 PM2/7/11
to google-ap...@googlegroups.com
Jay,

Will this work across primary and secondary domains, or just when logging into two different primary domains? We are using a product from Onix that allows limited administration for secondary domains, and I'm looking for easier ways to perform administration at secondary domains.

Matt
___________________________________________________________________________
Matt Paddock | Dominion Enterprises
150 Granby Street | Norfolk, VA 23510

Sandip Shah

unread,
Feb 7, 2011, 4:19:49 PM2/7/11
to Google Apps Manager
Hi Jay,

You are right this is not a big issue, since most users have single
domain.

If there is a desperate need, then the token can be saved as
domainname_token.txt - for almost every gam command, the domain name
is available from one of the command line parameters.

Ss

Jay Lee

unread,
Feb 7, 2011, 4:20:07 PM2/7/11
to Google Apps Manager
Hi Matt,

GAM is multi-domain aware:

http://code.google.com/p/google-apps-manager/wiki/ExamplesMultiDomain#Google_Apps_Multi_Domain_Support

you'll want to login as an admin user on the primary domain though.
When working with users, aliases and groups on the secondary domain,
just specify the full email address.

Jay

On Feb 7, 4:15 pm, Matt Paddock <matt.padd...@dominionenterprises.com>
wrote:
> Jay,
>
> Will this work across primary and secondary domains, or just when logging
> into two different primary domains? We are using a product from Onix that
> allows limited administration for secondary domains, and I'm looking for
> easier ways to perform administration at secondary domains.
>
> Matt
> ___________________________________________________________________________
> Matt Paddock | Dominion Enterprises
> 150 Granby Street | Norfolk, VA 23510757.351.8109(t) | 757.314.2512 (f)
>
> *LinkedIn <http://www.linkedin.com/in/mattpaddock> |
> Twitter<http://www.twitter.com/mapdock> |
> F <http://www.facebook.com/mapdock>acebook <http://www.facebook.com/mapdock> |
> A <http://www.about.me/mattpaddock>bout <http://www.about.me/mattpaddock>*
>
>
>
>
>
>
>
> On Mon, Feb 7, 2011 at 4:11 PM, Jay Lee <j...@pbu.edu> wrote:
> > Sandip,
>
> >   Then the user would need to select which domain they want to use every
> > single time they run a GAM command. Most users don't have more than 1 domain
> > so it's a non issue for them. Users with multiple domains can easily rename
> > token.txt as necessary.
>
> >   I did forget to mention that auth.txt might be useful in these cases. If
> > you create auth.txt and specify a domain on the 1st line, a username on the
> > 2nd and a password on the 3rd, then GAM will use those values to login
> > rather than manually prompting each time meaning you won't need to login to
> > GAM every 24 hours. With multiple domains, auth.txt would need to be renamed
> > like token.txt. Also, GAM will use a valid token.txt before it will look at
> > auth.txt but this does give you some more flexibility.
>
> > Jay
>

Matt Paddock

unread,
Feb 7, 2011, 4:34:00 PM2/7/11
to google-ap...@googlegroups.com
Thanks, and I have been playing around with those capabilities. I am running GAM on Linux and get a strange error with secondary domains:

The command gam info user first...@secondarydomain.net produced the following:

User: first.last
First Name: First
Last Name: Last
Is an admin: false
Has agreed to terms: true
IP Whitelisted: false
Account Suspended: false
Must Change Password: false
Nicknames:
Traceback (most recent call last):
  File "/home/paddock/gam/gam.py", line 2000, in <module>
    doGetUserInfo()
  File "/home/paddock/gam/gam.py", line 1091, in doGetUserInfo
    groups = groupObj.RetrieveGroups(user_name)
  File "/home/paddock/gam/gdata/apps/groups/service.py", line 192, in RetrieveGroups
    return self._GetPropertiesList(uri)
  File "/home/paddock/gam/gdata/apps/service.py", line 510, in _GetPropertiesList
    property_feed = self._GetPropertyFeed(uri)
  File "/home/paddock/gam/gdata/apps/service.py", line 507, in _GetPropertyFeed
    raise gdata.apps.service.AppsForYourDomainException(e.args[0])
gdata.apps.service.AppsForYourDomainException: {'status': 400, 'body': '<?xml version="1.0" encoding="UTF-8"?>\r\n<AppsForYourDomainErrors>\r\n  <error errorCode="1301" invalidInput="first.last" reason="EntityDoesNotExist" />\r\n</AppsForYourDomainErrors>\r\n\r\n', 'reason': 'Bad Request'}

However, when I fed this into a text file (gam info user first...@secondarydomain.net > firstlasterror.txt, the text file contains:

User: first.last
First Name: First
Last Name: Last
Is an admin: false
Has agreed to terms: true
IP Whitelisted: false
Account Suspended: false
Must Change Password: false
Nicknames:

I do not get this for any users at the primary domain. Running the command with "multi" does nothing that I can see.

Matt 

___________________________________________________________________________
Matt Paddock | Dominion Enterprises
150 Granby Street | Norfolk, VA 23510

Gerard Duerrmeyer

unread,
Feb 7, 2011, 6:53:17 PM2/7/11
to google-ap...@googlegroups.com

The xml error Indicates that first. Last Does not exist On the secondary domain

On Feb 7, 2011 4:04 PM, "Matt Paddock" <matt.p...@dominionenterprises.com> wrote:

Matt Paddock

unread,
Feb 7, 2011, 7:13:48 PM2/7/11
to google-ap...@googlegroups.com
Right, but he does exist there in fact. He was moved there. Would that have anything to do with this error?

Matt
___________________________________________________________________________
Matt Paddock | Dominion Enterprises
150 Granby Street | Norfolk, VA 23510





On Mon, Feb 7, 2011 at 6:53 PM, Gerard Duerrmeyer <g.duer...@gmail.com> wrote:

The xml error Indicates that first. Last Does not exist On the secondary domain

On Feb 7, 2011 4:04 PM, "Matt Paddock" <matt.p...@dominionenterprises.com> wrote:

Gerard Duerrmeyer

unread,
Feb 7, 2011, 11:11:04 PM2/7/11
to google-ap...@googlegroups.com
How long ago was he moved, it seems that occasionally it takes some time for things to "synch up".
In any case the error is coming from Google and Google claims he doesn't exist with the parameters being sent to it, so you may have to file a ticket if after some hours it still fails to work.

Good luck!

GD

Gerard Duerrmeyer

unread,
Feb 7, 2011, 11:19:42 PM2/7/11
to google-ap...@googlegroups.com
Mr. Lee,

How about something along the lines of:

Setup a first or new domain
   gam domains new
   >prompt domain
   >prompt username
   >prompt password

List configured domains
   gam domains list
   > 1. bla-a.com
   > 2. bla-b.com
   > 3. bla-c.com

Set which domain gam is currently using as active.
   gam domains set active <domain|number>
ie:
   gam domains set active bla-b.com
   gam domains set active domain 2

Remove old/deleted domains
   gam domains rm <domain|number>
ie:
   gam domains rm bla-b.com
   gam domains rm domain 2

You could make it all backwards compatible, and of course choosing the command naming convention that best suited existing gam syntax. Basically provide the functionality to add, list and remove domains for which gam is configured, then a command to set which one gam is currently married to. This could gracefully fall back to present functionality but allow gam to grow in an ad hoc manner depending on the number of domains a given admin has.

If someone were desperate enough they could make a small wrapper for gam to achieve that, but having it builtin would be cleaner. If I were a python guy I would offer to do the coding myself, but I am not and haven't got the spare time in the immediate to learn enough to do it.

Just some thoughts, take them for what they are.

Cheers,

GD

Jay Lee

unread,
Feb 8, 2011, 8:32:36 AM2/8/11
to google-ap...@googlegroups.com
Hmm... The issue is that when Google added multi domain support, they basically did away with Nicknames and created Email aliases instead. Email aliases are basically nicknames that can also work between domains. The old nickname API calls are not multi-domain aware. However, Google didn't make all of this terribly clear when they launched multi-domain support.

I'll need to update the "info user" command to pull the user's email aliases instead of their nicknames, till then "info user" will show this crash when trying to print user info for a user on a secondary domain.

Jay

Matt Paddock

unread,
Feb 8, 2011, 10:03:29 AM2/8/11
to google-ap...@googlegroups.com
Thanks for the response! Makes perfect sense. And thanks for this great tool.

Matt
___________________________________________________________________________
Matt Paddock | Dominion Enterprises
150 Granby Street | Norfolk, VA 23510





--
Reply all
Reply to author
Forward
0 new messages