Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45176

Allow user lookup by userPrincipalName (instead of sAMAccountName)

      Suggested feature (which would be very helpful to us): Allow a configuration option, e.g. a 'User-identifying attribute' dropdown with values 'sAMAccountName' (default) and 'userPrincipalName', and use that attribute when looking up users in ActiveDirectoryAuthenticationProvider.getDnOfUserOrGroup() (and perhaps elsewhere).

      Background.

      We have a Subversion where the each 'commit author' field is an UPN (e.g., pietje.puk@keteldorp.nl) from Active Directory.  Commits from this Subversion are picked up by our Jenkins, which then sends an email to that commit author if a build fails.

      Jenkins assumes that that author name (pietje.puk@keteldorp.nl) is a Jenkins user name, and requests the 'authentication realm' for that user's email address.

      We are using the Active Directory plugin/realm (2.4 currently), and therefore that request ends up in ActiveDirectoryAuthenticationProvider.java line 273, where the plugin assumes that the Jenkins user name is a sAMAccountName (e.g., ppuk).

      Since in our case it isn't, the email address is never found, and Jenkins reports

      Not sending mail to unregistered user pietje.puk@keteldorp.nl

      (We currently work around this by specifying

      java ... -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS=true -Dhudson.tasks.MailSender.SEND_TO_USERS_WITHOUT_READ=true ... -jar ...

      and that works but the resulting warnings

      Warning: pietje.puk@keteldorp.nl is not a recognized user, but sending mail anyway

      are ugly.  Another workaround would be to switch to the LDAP plugin, but that requires way too much configuration for my taste, and I'm struggling to get that right.)

          [JENKINS-45176] Allow user lookup by userPrincipalName (instead of sAMAccountName)

          Note that part of JENKINS-29129 seems to be a similar request, but for a different scenario.

          Marnix Klooster added a comment - Note that part of JENKINS-29129 seems to be a similar request, but for a different scenario.

          @fbelzunc: Could you please comment on whether this is valid request, as far as you can see?  Or am I missing some functionality in the AD plugin that would help us in this scenario?  Or has this issue already been resolved in a recent AD plugin, perhaps using some specific configuration setting?

          Thanks!

          Marnix Klooster added a comment - @ fbelzunc : Could you please comment on whether this is valid request, as far as you can see?  Or am I missing some functionality in the AD plugin that would help us in this scenario?  Or has this issue already been resolved in a recent AD plugin, perhaps using some specific configuration setting? Thanks!

            fbelzunc FĂ©lix Belzunce Arcos
            marnix_klooster Marnix Klooster
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: