Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-9016

Git creates usernames based on 'name' not the email.

    XMLWordPrintable

Details

    Description

      I realize mapping git author/commit users back to Jenkin's users is pain, but perhaps it could be done a little better.

      Some ideas:

      • Try looking up a user's email and comparing that.
      • Using the user portion from the email (e.g. someuser@example.com becomes someuser).
      • Looking up the user's email in LDAP, if LDAP is being used.

      The last would be ideal for us.

      Ciao!

      Attachments

        Issue Links

          Activity

            Hopefully this bumps this thread. I am in the exact same spot as jeremfg.
            Since this ticket looks like its stuck in limbo, did anyone find any solution to this?

            motka Matjaž Matjašec added a comment - Hopefully this bumps this thread. I am in the exact same spot as jeremfg . Since this ticket looks like its stuck in limbo, did anyone find any solution to this?

            I was just hit by the same issue. E-mail should be compared against e-mail field, not processed and compared against some different field. Or at least please give an option to choose the behaviour.

            babilon Bartosz Błaszkiewicz added a comment - I was just hit by the same issue. E-mail should be compared against e-mail field, not processed and compared against some different field. Or at least please give an option to choose the behaviour.

            I agree with everyone else here. We just started converting from old jobs to Pipeline jobs and are now faced with issues surrounding user mapping. I'll admit, it's probably more due to the fact we updated our 3 years old Jenkins instance.

            The unique identifier IS the email address. This is what should be used for mapping with registered Jenkins user. As many others, our company use shorthand names for login in AD, yet in Git all our users configure their full name. This is a common practice in the corporate world at it makes it easy to login everywhere with a shorter name. In my case it's even a lifesaver.
            Imagine if I had to type "Jeremie.Faucher-Goulet" every time I log in somewhere, instead of the much easier "jfaucher" I use against AD in all login forms everywhere.

            Even Fisheye+Crucible from Atlassian is able to do proper mapping between AD and git committer based on emails.

            I feel this is really needed, as I don't like disabling the security check against registered Jenkins users.... We did have in the past a few cases of embarrassing leaked emails from Jenkins because we compile 3rd party applications and committers outside the organization appeared as the culprits in some failed builds. Until Jenkins does proper user mapping based on email we are vulnerable to this issue because we are forced to disable the security feature in the meantime.

            jeremfg Jérémie Faucher-Goulet added a comment - I agree with everyone else here. We just started converting from old jobs to Pipeline jobs and are now faced with issues surrounding user mapping. I'll admit, it's probably more due to the fact we updated our 3 years old Jenkins instance. The unique identifier IS the email address. This is what should be used for mapping with registered Jenkins user. As many others, our company use shorthand names for login in AD, yet in Git all our users configure their full name. This is a common practice in the corporate world at it makes it easy to login everywhere with a shorter name. In my case it's even a lifesaver. Imagine if I had to type "Jeremie.Faucher-Goulet" every time I log in somewhere, instead of the much easier "jfaucher" I use against AD in all login forms everywhere. Even Fisheye+Crucible from Atlassian is able to do proper mapping between AD and git committer based on emails. I feel this is really needed, as I don't like disabling the security check against registered Jenkins users.... We did have in the past a few cases of embarrassing leaked emails from Jenkins because we compile 3rd party applications and committers outside the organization appeared as the culprits in some failed builds. Until Jenkins does proper user mapping based on email we are vulnerable to this issue because we are forced to disable the security feature in the meantime.

            Can't the e-mail address(es) in the commit message be used to find Jenkins security realm users?

            The e-mail address in my commit messages is the same as the e-mail address associated with my Jenkins account.  Why can those not be matched up?

            brianjmurrell Brian J Murrell added a comment - Can't the e-mail address(es) in the commit message be used to find Jenkins security realm users? The e-mail address in my commit messages is the same as the e-mail address associated with my Jenkins account.  Why can those not be matched up?

            Would it be possible to have some kind of 'domain filter' when you enable the 'Allow sending to unregistered users' checkbox?

            For instance: allow sending mails to contributers to a git repo that don't have a Jenkins account, but that do have an email address set up that ends with '@domain.com'.

            This would be interesting so that when we're using open source git(hub) repositories we don't accidentally sent out mails to the contributers there, when one of our builds fail.

            patrickv Patrick Van Brussel added a comment - Would it be possible to have some kind of 'domain filter' when you enable the 'Allow sending to unregistered users' checkbox? For instance: allow sending mails to contributers to a git repo that don't have a Jenkins account, but that do have an email address set up that ends with '@domain.com'. This would be interesting so that when we're using open source git(hub) repositories we don't accidentally sent out mails to the contributers there, when one of our builds fail.

            People

              Unassigned Unassigned
              docwhat Christian Höltje
              Votes:
              48 Vote for this issue
              Watchers:
              57 Start watching this issue

              Dates

                Created:
                Updated: