How to use Google Apps as an OD/AD/LDAP Provider

Solution 1:

This is absolutely impossible.

Yes, there are means to synchronize between local directory services and Google's directory, but that doesn't mean that you can use Google's directory like AD, OD, or even a simple LDAP service.

Now, if all you want is to enable users to be able to use their Google credentials to sign into your application, look into OpenID.

Note: See answer 4 years after this answer by trs-80 stating that Google introduced a solution.

Solution 2:

http://www.nabber.org/projects/oneldap/ provides a backend for OpenLDAP that can at least authenticate users against various services (IMAP, POP, SSH, etc.). It would be possible to write a plugin to use the Google Client Login API directly if you wanted.

This solution would at least work for an app that used LDAP for authentication, but is far from a complete LDAP/AD server.

Solution 3:

Google have just released Secure LDAP which does what you want. Note you'll need to have G Suite Enterprise, G Suite for Education or add Cloud Identity Premium to your domain

Solution 4:

so basically, you want to have Google Apps act as your domain controller?

I don't think Google Apps has the ability to actually be the DS (directory service). Now, that being said, you can use ADFS 2.0 in your domain to allow those Google Apps users to sign into claims-based applications that you host.

This walkthrough (which goes over extending SharePoint with OpenID logins) addresses ADFS 2.0, SSO, Federation, and all the other principles you need to grasp to make this happen.