Wednesday, November 11, 2009

SfGuardUser sync with Google Apps

As I am working for a university, we have recently migrate all our staff to use Google Apps for Education and we plan to move all our students and alumni too later this year. Google Apps for Education is really a great tool (and free for us ;-), most of our users are really happy of the switch: it is reliable, fast and have so many collaborative features. Bye bye Outlook :-(, welcome to the Cloud :-)
The Education package is the same as the Business package, including API and a lot of good stuff. The online Google Apps tools to manage users and groups is easy and simple but quickly become too simple to use when you are dealing with thousands of users, you then need to develop your own tool to maximize your daily operation. The "official" PHP5 Google Apps library is GData from the Zend Framework, which make it a breeze to integrate it with Symfony.

a view of an admin generator with Google Apps account management (using sfAdminThemejRollerPlugin):

We are currently redeveloping our University Management System based on Symfony 1.2 and we plan to integrate most of our applications with symfony too, including a research project on a new social learning platform.

I developed a Symfony task (sf1.2+Doctrine) that take a csv file and create your local sfGuardUser as well as the corresponding Google apps accounts. The Google accounts creation is optional so the task can be used for a normal batch user creation with Symfony alone. A simple:

./symfony guard:batch-create-user your.csv

...will do the trick for you! I am not sure whether publishing the source code might be interesting for others (the Google API is only available for Premier and Education customers)...let me know. We will eventually publish our University management system as an open source project later for sure.

Here is a list of issues and recommendations while dealing with Google Apps Provisioning API:

  • Google Apps API error reporting: when you have an error while dealing with Google Apps API, errors messages are useless, you always get a 'server errors' message without more details, it is then very difficult to debug your code to find the issue.
  • Don't forget some of the basic Google Apps rules for account creation such as a password with minimum 6 characters otherwise you get back one of those unmeaning-full error message.
  • sfGuard is using sha1 as the default encryption method but it adds a grain of 'salt' on it therefore you cannot send to Google Apps the correct sha1 password. I had to overwrite the default setPassword() and checkPassword() to simply remove the use of the salt and make sure my password synchronization with Google Apps can work. I am not sure if it is a huge security concern though, any idea? Beside this you can also use md5 for your password but you will not be able to use another algorithm since Google Apps is only accepting sha1 and md5.

Monday, November 9, 2009

what's up on sfAdminThemejRollerPlugin?

I finally found some time to add new stuff on the unpronounceable plugin, and thanks to some new contributors more are to come (thanks JeremyB ;-). Here is the list of change:

  • As I mentioned in my previous post, I add a new config field named 'show' for the admin generator. I guess the meaning of this new option is quite obvious, isn't it? It adds the possibility to simply view one object details without editing it. It currently shows the list of fields like it is for the 'edit' view, meaning with a tab interface.
  • UI improvements (done by jeremyb): as you can see in the 2 screenshots below there are many improvements such as the new 'reset' button next to the filter button, the sort arrows, new css styles for object actions, new pager view and finally the batch action select box is now also supporting the theme roller

The top part looks like this:

  • notice the new 'reset' button next to 'filters'

  • the up and down arrow on the table column names

  • the new css style for the object actions

...and the bottom part (new paginator and the select box is also styled according to your roller theme):

the edit view (buttons are accessible both on top and button of the form, tabs are now vertical):

The current code is available in github only. It is not yet ready for a new plugin release, we are still missing some key elements.