I would like to see an option to synchronize Jenkins users with an LDAP database, either manually or automatically in some way.

There are several reasons for my request, including the following:

• when information about a user changes it doesn't appear to get reflected in the Jenkins user database (ie: name changes, email address changes, and the like) causing the Jenkins DB to be out of date
• alternate sources appear to directly manipulate the Jenkins user database, such as the Git plugin (see the "Create new accounts base on author/committer's email" option) which results in superfluous and / or duplicate user profiles getting created on the master
• when users are removed from LDAP (ie: no longer work for the company) their user profiles remain in the Jenkins database, which exposes their profiles and settings on the Jenkins dashboard for other plugins like the email publisher, claim plugin, etc. to use which is confusing at best and causes build failures at worst

Having some way to either delete or at least disable Jenkins profiles that are not found in LDAP, and making sure the user information contained in the valid profiles is kept up to date, would be extremely helpful. On large scale rollouts with hundreds or thousands of users and with frequent LDAP changes makes for an extremely tedious and time consuming job to keep these two systems in synch.

Ideally the solution would be automatic in some way, perhaps synchronizing individual user profile information every time they log in to the Jenkins dashboard and re-synchronizing the entire user database on a schedule to purge obsolete users. If this proves to be too complex, then I would settle for a simple button on the Manage Jenkins page that would allow an admin to trigger this operation manually when desired.