[Samba] Synchronizing user passwords between Samba AD and Google Workspace
Sven Schwedas
sven.schwedas at tao.at
Fri Apr 8 09:28:55 UTC 2022
Google offers a Windows® binary to sync Active Directory passwords to
Google Workspace via their API. Does anyone have a solution for this
that works with native Samba?
As far as I can see there's two options:
• something something gpg and samba-tool user syncpasswords. Manpages
tell me this is the preferred solution, but nowhere document how to make
it work. And it leaks plain text passwords if anyone steals the GPG key,
which isn't great anyway.
• If I set `password hash userPassword schemes =
CryptSHA512:rounds=10000`, I can sync the value of
`supplementalCredentials` directly to the workspace API without having
the plaintext anywhere, as far as I understand Google's Directory API.
But I can't find any practical examples for either solution. Does anyone
have experience with either and can weigh in on which would be easier?
("Why do you need Google synchronisation in the first place?" Politics.
It's either syncing Samba to GW, or losing all control over our user
data entirely, so I'd prefer to keep Samba around. Getting rid of Google
isn't an option currently.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220408/3dda573b/OpenPGP_signature.sig>
More information about the samba
mailing list