Jenkins - active directory login not working for one specific user

Hello,

currently one of my customers / colleagues has the problem that he cannot log in to the instance assigned to him / his team via active directory. In the log of the Jenkins instance (2.289.3) only the following message appears:

[id=455803] WARNING h.p.a.ActiveDirectoryUnixAuthenticationProvider#lambda$retrieveUser$0: Failed to retrieve user information for (his Username)
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name ‘DC=AAA,DC=BBB,DC=CCC’

i have already spoken to our active directoy colleagues about this, but they think that it is more of a java problem and not an ad problem. by the way, there are 211 groups assigned to the user - if that helps to classify the error.

I can log in to the instance with my user via AD without any problems. Unfortunately I can’t find anything related to jenkins on the web - only java specific errors.
maybe you can help me further.

Jenkins: 2.289.3 (problem persists with 2.303.3)

Active Directory Plugin Version: 2.25

LDAP Plugin Version: 2.7

thank you very much and best regards
Sascha

Sounds like a bug in the ldap plugin, maybe they need to do multiple queries or something. Recommend filing a bug @ Report an issue in a plugin

Hi,

thank you for your reply.
I already opened a bug report (JENKINS-67127), but got no response until now.

kind regards

Ok, the problem was an Active Directory problem as first suspected. The user had too many AD groups. We removed the colleague from some groups, after which the login ran properly again.