Jenkins setup:
Working coupling with Active Directory
Working couplign with Bitbucket
Using the Email Extension for sending status notifications
Problem:
When an email is send to a list of git committers, it happens quite often that the git email address is non existend. This is due to developers changing jobs, of course. But the issue is that we as administrators get the bounce notification.
Question:
Is there a way to use groovy to search active directory for the existence of an email address?
Google answered my question … I don’t know what the real source is, but maybe it is usefull for others. The goole search string is “jenkins active directory search for existence of an email address”.
And the code:
import javax.naming.directory.*
import javax.naming.ldap.*
// Set up LDAP environment (use your AD details)
def env = [
"java.naming.factory.initial": "com.sun.jndi.ldap.LdapCtxFactory",
"java.naming.provider.url": "ldap://your-ad-server:389",
"java.naming.security.authentication": "simple",
"java.naming.security.principal": "service-user@domain.com",
"java.naming.security.credentials": "password"
]
def ctx = new InitialLdapContext(env as Hashtable, null)
def searchControls = new SearchControls(searchScope: SearchControls.SUBTREE_SCOPE)
// Search for the email
def emailToFind = "example@domain.com"
def searchResult = ctx.search("DC=domain,DC=com", "(mail=${emailToFind})", searchControls)
if (searchResult.hasMore()) {
println "Email exists"
} else {
println "Email not found"
}
Hi @Edinorog (Maarten)! Since you already have a working coupling with Active Directory, you can actually use the Jenkins Active Directory Plugin’s internal API through a Groovy script in your pipeline to validate users.
You don’t necessarily need to perform a raw LDAP query; you can try to look up the user in the Jenkins User database (which is backed by your AD). If the user doesn’t exist or is disabled in AD, the lookup should reflect that.
A common pattern in Groovy for this is:
Groovy
def user = hudson.model.User.get("username_here", false)
if (user == null) {
// Handle non-existent user before sending email
}
I’m currently working on some improvements for the Email Extension plugin myself, and filtering out invalid recipients to prevent admin bounces is a great use case! Hope this helps!
But the problem is that we get the email address from the git committer (or a list of committers). We do not have the user’s ID. And the situation is that we encounter numerous non existing email addresses due to former committers changed jobs or reached their pension age. So the email address is non-existent in active directory and the mail server is redirecting the bounce mail to us (maintainers of the Jenkins server).
And sadly I have not found a checkEmail of sorts via the classes of the active directory plugin.