29

I see tons of solutions for allowing Google Apps to use external AD and LDAP services for login.

However, I already have a ton of users setup in Google Apps already, and I'm trying to go the other way around. That is, I'd like to allow users to log into my external servers using the accounts I created in Google Apps.

Has anyone successfully discovered a way to use a Google Apps domain as an Open Directory, Active Directory, or LDAP provider?

pixelcort
  • 391
  • 1
  • 3
  • 5

5 Answers5

13

This is absolutely impossible.

Yes, there are means to synchronize between local directory services and Google's directory, but that doesn't mean that you can use Google's directory like AD, OD, or even a simple LDAP service.

Now, if all you want is to enable users to be able to use their Google credentials to sign into your application, look into OpenID.

Note: See answer 4 years after this answer by trs-80 stating that Google introduced a solution.

Lifeboy
  • 250
  • 2
  • 6
EEAA
  • 108,414
  • 18
  • 172
  • 242
  • 3
    Google certainly doesn't provide an LDAP interface, but someone could write a program to pull account details from the API, and add them to an LDAP data source. They only thing you can't get are the passwords. – Zoredache Feb 24 '12 at 19:10
  • @Zoredache - sure, that would be possible. Probably not a reality for the OP, though. (but maybe that's an inappropriate assumption) – EEAA Feb 24 '12 at 19:11
  • This is possible now, see comment below https://serverfault.com/a/928342/120370 – larsen161 Oct 26 '18 at 01:56
8

http://www.nabber.org/projects/oneldap/ provides a backend for OpenLDAP that can at least authenticate users against various services (IMAP, POP, SSH, etc.). It would be possible to write a plugin to use the Google Client Login API directly if you wanted.

This solution would at least work for an app that used LDAP for authentication, but is far from a complete LDAP/AD server.

flyingfred0
  • 89
  • 1
  • 2
6

Google have just released Secure LDAP which does what you want. Note you'll need to have G Suite Enterprise, G Suite for Education or add Cloud Identity Premium to your domain

larsen161
  • 161
  • 1
  • 11
TRS-80
  • 2,564
  • 17
  • 15
2

so basically, you want to have Google Apps act as your domain controller?

I don't think Google Apps has the ability to actually be the DS (directory service). Now, that being said, you can use ADFS 2.0 in your domain to allow those Google Apps users to sign into claims-based applications that you host.

This walkthrough (which goes over extending SharePoint with OpenID logins) addresses ADFS 2.0, SSO, Federation, and all the other principles you need to grasp to make this happen.

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
JohnThePro
  • 2,595
  • 14
  • 23
  • original link is marked as outdated, fixed link to point to up-to-date article is http://blogs.pointbridge.com/Blogs/nielsen_travis/Pages/Post.aspx?_ID=43 (edit is too short to be submitted so I put it in comment) – CharlesB Mar 12 '12 at 16:00
  • 1
    sadly the updated link is also dead. – Paul M Jul 02 '14 at 09:06
2

I have also been looking at a solution for this and the only thing I can find is this https://jumpcloud.com/

It provides the LDAP and uses the Google directory for user information.

Craig
  • 29
  • 1
  • Been looking too, and it seems the JumpCloud offers the whole kit and the best method for LDAP/AD integration. Actually, JumpCloud seems to offer a nice infrastructure management platform which looks tempting. I did find this Google Support page though https://support.google.com/a/answer/106368?hl=en that talks about Google Syncing with your LDAP/AD, making your LDAP/AD server a Secondary Domain Controller, so if you're okay with running your own LDAP/AD [secondary] controller, might get you what you want... – Guy Park May 22 '18 at 00:27