-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins 1.654, AD plugin 1.43+
If we write subdomain in the login, then this subdomain is not taken into account.
This is related to changes by this commit: https://github.com/jenkinsci/active-directory-plugin/commit/7c04f787b84cb7cd376ebb25d0b15ec649264c07
This is incorrect:
If people type in 'foo@bar' or 'bar\foo' or just 'foo', it should be treated as 'foo@bar' (where 'bar' represents the given domain name)
'bar' is represent a domain name which is set in the configuration, not in the login.
For example we set our Domain Name to 'bar.com'. Then we write login 'subbar\foo'. We expect to transform this to 'foo@subbar.bar.com'. But instead a 'foo@bar.com' is used.
That is incorrect, the first form is very different to the second form
in the DOMAIN\user DOMAIN is the NT Domain - this does not need to be anywhere within the domain hierachy in the UPN - such that WIBBLE\user could map to user@elsewhere.com
Now you can even configure the UPN (user@foo variant) to not even map to the user whose username is user but bob. that is the user part of the UPN does not need to match the username that would otherwise be used in the legacy foo\user form
> For example we set our Domain Name to 'bar.com'. Then we write login 'subbar\foo'. We expect to transform this to 'foo@subbar.bar.com'. But instead a 'foo@bar.com' is used.
That expectation is invalid as noted above and also that the UPN is used for login so should not be messed with (ie it should be the users UPN as providewd by AD - nothing else should work).