I agree with everyone else here. We just started converting from old jobs to Pipeline jobs and are now faced with issues surrounding user mapping. I'll admit, it's probably more due to the fact we updated our 3 years old Jenkins instance.
The unique identifier the email address. This is what should be used for mapping with registered Jenkins user. As many others, our company use shorthand names for login in AD, yet in Git all our users configure their full name. This is a common practice in the corporate world at it makes it easy to login everywhere with a shorter name. In my case it's even a lifesaver.
Imagine if I had to type "Jeremie.Faucher-Goulet" every time I log in somewhere, instead of the much easier "jfaucher" I use against AD in all login forms everywhere.
Even Fisheye+Crucible from Atlassian is able to do proper mapping between AD and git committer based on emails.
I feel this is really needed, as I don't like disabling the security check against registered Jenkins users.... We did have in the past a few cases of embarrassing leaked emails from Jenkins because we compile 3rd party applications and committers outside the organization appeared as the culprits in some failed builds. Until Jenkins does proper user mapping based on email we are vulnerable to this issue because we are forced to disable the security feature in the meantime.