javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms in Active Directory plugin when using AUTOMATIC group lookup strategy

Article ID:214571878
1 minute readKnowledge base

Issue

  • Login with Active directory plugin doesn’t work

  • You are getting the stacktrace below:

 Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'DC=example,DC=com'

Environment

  • CloudBees Jenkins Enterprise

  • CloudBees Operations Center

  • Active Directory plugin

Resolution

This issue is due JDK-8062947.

As a result of the JDK bug mentioned above the plugin is not able to fallback to the recursive group lookup strategy.

The workaround at the moment is in your AD configuration in Jenkins to set the Group Membership Lookup Strategy as seen below:

ad group recursive

If you cannot access to the UI because of this issue, navigate to $JENKINS_HOME, and modify the config.xml file section:

<groupLookupStrategy>AUTO</groupLookupStrategy>

to

<groupLookupStrategy>RECURSIVE</groupLookupStrategy>
This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.