javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms in Active Directory plugin when using AUTOMATIC group lookup strategy

Article ID:214571878
1 minute readKnowledge base

Issue

  • Login with Active directory plugin doesn’t work

  • You are getting the stacktrace below:

 Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'DC=example,DC=com'

Environment

  • CloudBees Jenkins Enterprise

  • CloudBees Operations Center

  • Active Directory plugin

Resolution

This issue is due JDK-8062947.

As a result of the JDK bug mentioned above the plugin is not able to fallback to the recursive group lookup strategy.

The workaround at the moment is in your AD configuration in Jenkins to set the Group Membership Lookup Strategy as seen below:

ad group recursive

If you cannot access to the UI because of this issue, navigate to $JENKINS_HOME, and modify the config.xml file section:

<groupLookupStrategy>AUTO</groupLookupStrategy>

to

<groupLookupStrategy>RECURSIVE</groupLookupStrategy>