• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Jenkins 1.654, AD plugin 1.43+

      If we write subdomain in the login, then this subdomain is not taken into account.

      This is related to changes by this commit: https://github.com/jenkinsci/active-directory-plugin/commit/7c04f787b84cb7cd376ebb25d0b15ec649264c07

      This is incorrect:
      If people type in 'foo@bar' or 'bar\foo' or just 'foo', it should be treated as 'foo@bar' (where 'bar' represents the given domain name)

      'bar' is represent a domain name which is set in the configuration, not in the login.

      For example we set our Domain Name to 'bar.com'. Then we write login 'subbar\foo'. We expect to transform this to 'foo@subbar.bar.com'. But instead a 'foo@bar.com' is used.

          [JENKINS-34968] Domain in login is not taken into account

          James Nord added a comment -

          If people type in 'foo@bar' or 'bar\foo' or just 'foo', it should be treated as 'foo@bar' (where 'bar' represents the given domain name)

          That is incorrect, the first form is very different to the second form
          in the DOMAIN\user DOMAIN is the NT Domain - this does not need to be anywhere within the domain hierachy in the UPN - such that WIBBLE\user could map to user@elsewhere.com

          Now you can even configure the UPN (user@foo variant) to not even map to the user whose username is user but bob. that is the user part of the UPN does not need to match the username that would otherwise be used in the legacy foo\user form

          > For example we set our Domain Name to 'bar.com'. Then we write login 'subbar\foo'. We expect to transform this to 'foo@subbar.bar.com'. But instead a 'foo@bar.com' is used.

          That expectation is invalid as noted above and also that the UPN is used for login so should not be messed with (ie it should be the users UPN as providewd by AD - nothing else should work).

          James Nord added a comment - If people type in 'foo@bar' or 'bar\foo' or just 'foo', it should be treated as 'foo@bar' (where 'bar' represents the given domain name) That is incorrect, the first form is very different to the second form in the DOMAIN\user DOMAIN is the NT Domain - this does not need to be anywhere within the domain hierachy in the UPN - such that WIBBLE\user could map to user@elsewhere.com Now you can even configure the UPN ( user@foo variant) to not even map to the user whose username is user but bob. that is the user part of the UPN does not need to match the username that would otherwise be used in the legacy foo\user form > For example we set our Domain Name to 'bar.com'. Then we write login 'subbar\foo'. We expect to transform this to 'foo@subbar.bar.com'. But instead a 'foo@bar.com' is used. That expectation is invalid as noted above and also that the UPN is used for login so should not be messed with (ie it should be the users UPN as providewd by AD - nothing else should work).

            fbelzunc FĂ©lix Belzunce Arcos
            serbin Aleksandr Serbin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: