Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-6648

Lookup user email from Active Directory when using AD as the authentication mechanism

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      all

      Description

      Sometimes (as in my case) the email of a user cannot be easily constructed from the SVN login name or the active directory login name. When using AD as the authentication mechanism, it would be nice to look up the user's email address from it for all notifications sent out.

      This avoids requiring people from configuring LDAP Email Plugin as a helper to get this working properly which admittedly defeats the whole purpose of having a nice simple AD plugin so we don't have to deal with the nightmare of configuring LDAP against AD.

        Issue Links

          Activity

          n16er n16er created issue -
          n16er n16er made changes -
          Field Original Value New Value
          Status Open [ 1 ] In Progress [ 3 ]
          n16er n16er made changes -
          Status In Progress [ 3 ] Open [ 1 ]
          n16er n16er made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          n16er n16er made changes -
          Status In Progress [ 3 ] Open [ 1 ]
          n16er n16er made changes -
          Assignee n16er [ n16er ]
          Hide
          n16er n16er added a comment -

          The attached patch will now determine email addresses from AD in windows.

          • A new MailAddressResolver named ActiveDirectoryMailAddressResolverImpl has been created
          • ActiveDirectoryUserDetail has a reference to the IADsUser object
          • ActiveDirectoryAuthenticationProvider supplies IADsUser object
          Show
          n16er n16er added a comment - The attached patch will now determine email addresses from AD in windows. A new MailAddressResolver named ActiveDirectoryMailAddressResolverImpl has been created ActiveDirectoryUserDetail has a reference to the IADsUser object ActiveDirectoryAuthenticationProvider supplies IADsUser object
          n16er n16er made changes -
          Attachment JENKINS-6648_patch.txt [ 19561 ]
          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          Thanks for the patch. I looked at the code, and I have a few comments.

          I'm bit worried about retaining a reference to a COM object via IADsUser. COM objects are fragile in terms of threading and memory related things, so I think it's better to call emailAddress() on the spot and just pass around that e-mail address.

          This also allows ActiveDirectoryUnixAuthenticationProvider to look up the e-mail address and pass it correctly.

          Show
          kohsuke Kohsuke Kawaguchi added a comment - Thanks for the patch. I looked at the code, and I have a few comments. I'm bit worried about retaining a reference to a COM object via IADsUser. COM objects are fragile in terms of threading and memory related things, so I think it's better to call emailAddress() on the spot and just pass around that e-mail address. This also allows ActiveDirectoryUnixAuthenticationProvider to look up the e-mail address and pass it correctly.
          Hide
          n16er n16er added a comment -

          Here is a new patch incorporating your suggestions. Note however that for Unix users using AD or when the domain is specified, no email will be looked up since the UserDetails.loadUserByUserName() still throws a UserNotFoundException.

          Incidentally, your comment on that method about using SPNEGO/Kerberos got me thinking and I was wondering you have looked at JOSSO as a possible SSO solution.

          Show
          n16er n16er added a comment - Here is a new patch incorporating your suggestions. Note however that for Unix users using AD or when the domain is specified, no email will be looked up since the UserDetails.loadUserByUserName() still throws a UserNotFoundException . Incidentally, your comment on that method about using SPNEGO/Kerberos got me thinking and I was wondering you have looked at JOSSO as a possible SSO solution.
          n16er n16er made changes -
          Attachment JENKINS-6648_patch.txt [ 19586 ]
          n16er n16er made changes -
          Attachment JENKINS-6648_patch.txt [ 19561 ]
          n16er n16er made changes -
          Link This issue is duplicated by JENKINS-7253 [ JENKINS-7253 ]
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryMailAddressResolverImpl.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java
          http://jenkins-ci.org/commit/active-directory-plugin/5c1a366c9ad0585941879038f82c809765d6bb99
          Log:
          JENKINS-6648 Look up e-mail address from AD.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryMailAddressResolverImpl.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java http://jenkins-ci.org/commit/active-directory-plugin/5c1a366c9ad0585941879038f82c809765d6bb99 Log: JENKINS-6648 Look up e-mail address from AD.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java
          http://jenkins-ci.org/commit/active-directory-plugin/46165c12e4fee0a458df64d18319175d675cd989
          Log:
          [FIXED JENKINS-6648] when logged in, proactively copy information from AD to Jenkins

          Compare: https://github.com/jenkinsci/active-directory-plugin/compare/5598fd2...46165c1

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java http://jenkins-ci.org/commit/active-directory-plugin/46165c12e4fee0a458df64d18319175d675cd989 Log: [FIXED JENKINS-6648] when logged in, proactively copy information from AD to Jenkins Compare: https://github.com/jenkinsci/active-directory-plugin/compare/5598fd2...46165c1
          scm_issue_link SCM/JIRA link daemon made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          dogfood dogfood added a comment -

          Integrated in plugins_active-directory #40
          JENKINS-6648 Look up e-mail address from AD.
          [FIXED JENKINS-6648] when logged in, proactively copy information from AD to Jenkins

          Kohsuke Kawaguchi :
          Files :

          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryMailAddressResolverImpl.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java

          Kohsuke Kawaguchi :
          Files :

          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java
          • src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java
          Show
          dogfood dogfood added a comment - Integrated in plugins_active-directory #40 JENKINS-6648 Look up e-mail address from AD. [FIXED JENKINS-6648] when logged in, proactively copy information from AD to Jenkins Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryMailAddressResolverImpl.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java Kohsuke Kawaguchi : Files : src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java src/main/java/hudson/plugins/active_directory/ActiveDirectoryUserDetail.java

            People

            • Assignee:
              n16er n16er
              Reporter:
              n16er n16er
            • Votes:
              4 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: