The Education package is the same as the Business package, including API and a lot of good stuff. The online Google Apps tools to manage users and groups is easy and simple but quickly become too simple to use when you are dealing with thousands of users, you then need to develop your own tool to maximize your daily operation. The "official" PHP5 Google Apps library is GData from the Zend Framework, which make it a breeze to integrate it with Symfony.
a view of an admin generator with Google Apps account management (using sfAdminThemejRollerPlugin):
We are currently redeveloping our University Management System based on Symfony 1.2 and we plan to integrate most of our applications with symfony too, including a research project on a new social learning platform.
I developed a Symfony task (sf1.2+Doctrine) that take a csv file and create your local sfGuardUser as well as the corresponding Google apps accounts. The Google accounts creation is optional so the task can be used for a normal batch user creation with Symfony alone. A simple:
./symfony guard:batch-create-user your.csv --googleapps=yourdomain.com
...will do the trick for you! I am not sure whether publishing the source code might be interesting for others (the Google API is only available for Premier and Education customers)...let me know. We will eventually publish our University management system as an open source project later for sure.
Here is a list of issues and recommendations while dealing with Google Apps Provisioning API:
- Google Apps API error reporting: when you have an error while dealing with Google Apps API, errors messages are useless, you always get a 'server errors' message without more details, it is then very difficult to debug your code to find the issue.
- Don't forget some of the basic Google Apps rules for account creation such as a password with minimum 6 characters otherwise you get back one of those unmeaning-full error message.
- sfGuard is using sha1 as the default encryption method but it adds a grain of 'salt' on it therefore you cannot send to Google Apps the correct sha1 password. I had to overwrite the default setPassword() and checkPassword() to simply remove the use of the salt and make sure my password synchronization with Google Apps can work. I am not sure if it is a huge security concern though, any idea? Beside this you can also use md5 for your password but you will not be able to use another algorithm since Google Apps is only accepting sha1 and md5.