Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-6648

Lookup user email from Active Directory when using AD as the authentication mechanism

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • active-directory-plugin
    • None
    • all

      Sometimes (as in my case) the email of a user cannot be easily constructed from the SVN login name or the active directory login name. When using AD as the authentication mechanism, it would be nice to look up the user's email address from it for all notifications sent out.

      This avoids requiring people from configuring LDAP Email Plugin as a helper to get this working properly which admittedly defeats the whole purpose of having a nice simple AD plugin so we don't have to deal with the nightmare of configuring LDAP against AD.

        1. HUDSON-6648_patch.txt
          13 kB
          n16er

          [JENKINS-6648] Lookup user email from Active Directory when using AD as the authentication mechanism

          n16er created issue -
          n16er made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          n16er made changes -
          Status Original: In Progress [ 3 ] New: Open [ 1 ]
          n16er made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          n16er made changes -
          Status Original: In Progress [ 3 ] New: Open [ 1 ]
          n16er made changes -
          Assignee New: n16er [ n16er ]

          n16er added a comment -

          The attached patch will now determine email addresses from AD in windows.

          • A new MailAddressResolver named ActiveDirectoryMailAddressResolverImpl has been created
          • ActiveDirectoryUserDetail has a reference to the IADsUser object
          • ActiveDirectoryAuthenticationProvider supplies IADsUser object

          n16er added a comment - The attached patch will now determine email addresses from AD in windows. A new MailAddressResolver named ActiveDirectoryMailAddressResolverImpl has been created ActiveDirectoryUserDetail has a reference to the IADsUser object ActiveDirectoryAuthenticationProvider supplies IADsUser object
          n16er made changes -
          Attachment New: JENKINS-6648_patch.txt [ 19561 ]

          Kohsuke Kawaguchi added a comment -

          Thanks for the patch. I looked at the code, and I have a few comments.

          I'm bit worried about retaining a reference to a COM object via IADsUser. COM objects are fragile in terms of threading and memory related things, so I think it's better to call emailAddress() on the spot and just pass around that e-mail address.

          This also allows ActiveDirectoryUnixAuthenticationProvider to look up the e-mail address and pass it correctly.

          Kohsuke Kawaguchi added a comment - Thanks for the patch. I looked at the code, and I have a few comments. I'm bit worried about retaining a reference to a COM object via IADsUser. COM objects are fragile in terms of threading and memory related things, so I think it's better to call emailAddress() on the spot and just pass around that e-mail address. This also allows ActiveDirectoryUnixAuthenticationProvider to look up the e-mail address and pass it correctly.

          n16er added a comment -

          Here is a new patch incorporating your suggestions. Note however that for Unix users using AD or when the domain is specified, no email will be looked up since the UserDetails.loadUserByUserName() still throws a UserNotFoundException.

          Incidentally, your comment on that method about using SPNEGO/Kerberos got me thinking and I was wondering you have looked at JOSSO as a possible SSO solution.

          n16er added a comment - Here is a new patch incorporating your suggestions. Note however that for Unix users using AD or when the domain is specified, no email will be looked up since the UserDetails.loadUserByUserName() still throws a UserNotFoundException . Incidentally, your comment on that method about using SPNEGO/Kerberos got me thinking and I was wondering you have looked at JOSSO as a possible SSO solution.
          n16er made changes -
          Attachment New: JENKINS-6648_patch.txt [ 19586 ]

            n16er n16er
            n16er n16er
            Votes:
            4 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: