Wednesday, November 11, 2009

SfGuardUser sync with Google Apps

As I am working for a university, we have recently migrate all our staff to use Google Apps for Education and we plan to move all our students and alumni too later this year. Google Apps for Education is really a great tool (and free for us ;-), most of our users are really happy of the switch: it is reliable, fast and have so many collaborative features. Bye bye Outlook :-(, welcome to the Cloud :-)
The Education package is the same as the Business package, including API and a lot of good stuff. The online Google Apps tools to manage users and groups is easy and simple but quickly become too simple to use when you are dealing with thousands of users, you then need to develop your own tool to maximize your daily operation. The "official" PHP5 Google Apps library is GData from the Zend Framework, which make it a breeze to integrate it with Symfony.

a view of an admin generator with Google Apps account management (using sfAdminThemejRollerPlugin):
googleapps-symfonyadmingen-integration.png


We are currently redeveloping our University Management System based on Symfony 1.2 and we plan to integrate most of our applications with symfony too, including a research project on a new social learning platform.

I developed a Symfony task (sf1.2+Doctrine) that take a csv file and create your local sfGuardUser as well as the corresponding Google apps accounts. The Google accounts creation is optional so the task can be used for a normal batch user creation with Symfony alone. A simple:

./symfony guard:batch-create-user your.csv --googleapps=yourdomain.com

...will do the trick for you! I am not sure whether publishing the source code might be interesting for others (the Google API is only available for Premier and Education customers)...let me know. We will eventually publish our University management system as an open source project later for sure.

Here is a list of issues and recommendations while dealing with Google Apps Provisioning API:

  • Google Apps API error reporting: when you have an error while dealing with Google Apps API, errors messages are useless, you always get a 'server errors' message without more details, it is then very difficult to debug your code to find the issue.
  • Don't forget some of the basic Google Apps rules for account creation such as a password with minimum 6 characters otherwise you get back one of those unmeaning-full error message.
  • sfGuard is using sha1 as the default encryption method but it adds a grain of 'salt' on it therefore you cannot send to Google Apps the correct sha1 password. I had to overwrite the default setPassword() and checkPassword() to simply remove the use of the salt and make sure my password synchronization with Google Apps can work. I am not sure if it is a huge security concern though, any idea? Beside this you can also use md5 for your password but you will not be able to use another algorithm since Google Apps is only accepting sha1 and md5.


Posted by at
Labels: , , , , , , ,

3 comments:

  1. UnknownNovember 13, 2009 at 5:31 PM

    Wow, that sounds great!
    Too bad the Google API is only available for Premier / Education accounts, but i'm still definitely interested in seeing the code running behind your task!

    Please do publish it! :)

    Thanks!

    ReplyDelete
  2. estadieuNovember 18, 2009 at 5:54 PM

    Hi, ok I will take later this month to show some code. It is actually very easy to do.

    ReplyDelete
  3. MohsenMarch 19, 2010 at 2:31 AM

    Hi,
    I am using your plugin for a small project. It is absolutely fantastic in all aspects except a very important one. Help and Documentation! I am trying to have some horizontal tabs (just like the "student plan" ... in the screenshot above), no luck so far.
    Could please give me a tip on that?

    ReplyDelete

Subscribe to: Post Comments (Atom)