

Would you pay $10 a month for a bi-directional Google - LDAP sync service? - sujoyg

A lot of startups and small businesses are using Google apps as the primary source of their users and groups information. We are building a simple way to keep the Google apps users and groups information in sync with your LDAP service. This is bi-directional, i.e., changes in one is synced to the other.<p>We plan to make this available as a subscription service. If this seems something useful, would you be willing to pay $10 a month for an organization under 50 users?
======
amoghe
+1 for hosted LDAP as a service (maybe even backed by GApps).

New startups typically tend to go with Google Apps for their email needs.
Google exposes authentication via OAuth2. However many services (specifically
developer tools such as gerrit, jenkins) do not support OAuth2 yet (only
OpenID, which sadly Google deprecated some time ago) and LDAP. Having an LDAP
frontend to provide identity/auth so that startups can use a single set of
credentials across their internal applications would be nice.

TL;DR - LDAP frontend to Google identities would be nice. From when I last
checked (few months ago), no one offers this.

~~~
sujoyg
Great feedback @amoghe. If this was a full LDAP as a Service, which synced
with Google Apps, rather than just an LDAP adapter, would that make sense?

~~~
amoghe
Based on our current needs, no.

What we are/were looking for is a service that could provide LDAP "frontend"
to Google Apps identities so we can have a single set of credentials across
services (and email etc).

Seeing as how nothing of that sort exists, an LDAP(aaS) would also suffice,
but not be ideal because: (a) we would end up using only a small subset of the
LDAP functionality (namely auth). (b) seeing as how none of the early
engineers have administered a (full blown) LDAP service, someone would have to
climb this curve.

I'm curious why cloud based identity management solutions don't offer this
(eg. okta). However I wont claim to know/understand the full breadth of their
offering and whether this aligns well with their business.

~~~
badusername
Seems like what you are describing is already possible by using single sign-on
providers like onelogin and okta.

~~~
amoghe
Almost.

AFAICT both OneLogin and Okta do not provide LDAP-like access to their
identity service. Unfortunately we're running a couple of services that
authenticate using either LDAP or an internal user database. We're stuck using
the latter option (for now).

------
habith
Probably not for me. I'd presume other companies like mine would use LDAP/AD
internally and just sync to Google apps using this tool:
[https://support.google.com/a/answer/106368?hl=en](https://support.google.com/a/answer/106368?hl=en)

If this was a hosted LDAP-as-a-service solution that syncs with Google apps
I'd be interested in using it at home. I also know of a couple of small
companies that would love to not have any IT infrastructure in-house.

Good luck :)

~~~
sujoyg
@habith, thanks for your input. The Google tool referenced above is not a bi-
directional tool. It merely updates your Google apps account with information
from an LDAP service, not the other way around.

A hosted LDAP as-a service is good feedback.

~~~
habith
I know it's unidirectional. I was saying that we'd mostly make our changes
internally and push it to Google and centralize user/group management using
our internal on-site LDAP server.

The idea of an external tool modifying our local LDAP/AD server is not
something we'd go for. I suspect other people might feel the same way.

However, if we were smaller (or didn't have internal IT resources) like a lot
of clients we work with, an external LDAP/Google apps combo sounds like a
winning solution :)

~~~
sujoyg
Thanks @habith, that's good input.

------
jtchang
I actually built something like this but realized a lot of enterprises don't
need it since they probably grew something themselves.

If you want to talk about it my e-mail is in my profile.

~~~
sujoyg
@jtchang, sent an email.

------
lawnchair
Probably. I've been kicking around a similar idea for a while now. Shoot me an
email if you want some help.

~~~
sujoyg
@lawnchair, sent.

