Hey Salmaan,
Christian Forberg

Apps directory *to* ldap sync

The directory sync tool only syncs your LDAP → your google apps domain. The reverse is a bit more complicated and I don’t know of a clean way outside of maybe using a 3rd party tool or service that caters to apps customers looking for this sort of sync.

If you wanted to use an API to download the user list (or groups), you can use the Directory API. What that will allow you to do is connect to your domain, iterate all the users/groups based on some criteria, then sync that to your own LDAP. I’m not sure how to resync deltas but perhaps you can use apps audit log for changes or maybe even subscribe to webhook push notifications for changes.

For what its worth, here’s a python sample of the directory API that lists all users. It shows how to do this with a service account (more complicated to setup), and using client_secret ‘installed app’ flow (you need to login as a domain admin for that).

Like what you read? Give salmaan rashid a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.