The Jenkins LDAP Plugin requests all User attributes. We would like to restrict this attributes to the necessary. E.g. we don't have any user attribute with group names.

      Other plugins only request attributes needed, e.g. email, cn and uid.

          [JENKINS-24704] LDAP restrict requested attributes

          Marco Jacob added a comment - - edited

          As far as I can see from my point of view, the LdapTemplate has a list of of attributes for the request. It could be modified before a request is done. Now it is set to NULL which indicates to request all attributes.

          LdapTemplate is bound to the AppContext, so it is used for each request. Therefore it should be explicitly set before a request is done. That would be an easy solution. The list of attributes could be given in settings with a default (e.g. uid).

          I'm affraid I can't do the change on my own at work ... some resources missing and no chance to create a PR.

          This could be done for user and usergroup requests.

          Marco Jacob added a comment - - edited As far as I can see from my point of view, the LdapTemplate has a list of of attributes for the request. It could be modified before a request is done. Now it is set to NULL which indicates to request all attributes. LdapTemplate is bound to the AppContext, so it is used for each request. Therefore it should be explicitly set before a request is done. That would be an easy solution. The list of attributes could be given in settings with a default (e.g. uid). I'm affraid I can't do the change on my own at work ... some resources missing and no chance to create a PR. This could be done for user and usergroup requests.

          Marco Jacob added a comment -

          Changed title because also group attribute requests could be restricted.

          Marco Jacob added a comment - Changed title because also group attribute requests could be restricted.

          Oleg Nenashev added a comment -

          In order to set proper expectation, I have unassigned Kohsuke from this tickets.
          Currently there is no Default assignee in the LDAP plugin, any contributions will be appreciated.

          Oleg Nenashev added a comment - In order to set proper expectation, I have unassigned Kohsuke from this tickets. Currently there is no Default assignee in the LDAP plugin, any contributions will be appreciated.

            Unassigned Unassigned
            mjacob Marco Jacob
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: