[JIRA] [active-directory] (JENKINS-21027) LDAP/AD: Both username and username@email-addr permitted as login; can be confusing
Eric Griswold updated JENKINS-21027 LDAP/AD: Both username and username@email-addr permitted as login; can be confusing Change By: Eric Griswold (19/Dec/13 1:33 AM) Description: Jenkins1.509.4LDAP1.6ActiveDirectory1.33(Usingrole-basedauthenticationbutitalsoseemstobethesameusingmatrixauthentication)IfIauthenticatetoJenkinsusingmyusernameandADpassword,IreceivethepermissionsthatImexpecting.However,JenkinswillallowmetoalsologinwithmyemailaddressandsameADpassword.WhenIdothis,Iseemtobeauthenticatedbutthepermissionsaredifferent(andoftenfarmorelimited)thanlogginginwithjusttheusername.Isthereawaytorejectauseriftheytrytologinwiththeiremailaddress?Inotherwords,thisworks:user:eric.griswoldpassword:ADpasswordBut ,Ithink this is shouldbe rejectedasunknownuserorbadpassworduser:eric.grisw...@jivesoftware.compassword:ADpassword This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] [active-directory] (JENKINS-21027) LDAP/AD: Both username and username@email-addr permitted as login; can be confusing
Eric Griswold created JENKINS-21027 LDAP/AD: Both username and username@email-addr permitted as login; can be confusing Issue Type: Bug Affects Versions: current Assignee: Kohsuke Kawaguchi Components: active-directory, ldap Created: 16/Dec/13 9:12 PM Description: Jenkins 1.509.4 LDAP 1.6 Active Directory 1.33 (Using role-based authentication but it also seems to be the same using matrix authentication) If I authenticate to Jenkins using my username and AD password, I receive the permissions that I'm expecting. However, Jenkins will allow me to also log in with my email address and same AD password. When I do this, I seem to be authenticated but the permissions are different (and often far more limited) than logging in with just the username. Is there a way to reject a user if they try to log in with their email address? In other words, this works: user: eric.griswold password: AD password But this is rejected as "unknown user" or "bad password" user: eric.grisw...@jivesoftware.com password: AD password Environment: Jenkins server running on CentOS 6 Project: Jenkins Priority: Minor Reporter: Eric Griswold This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.