-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins v1.560; AD plugin v1.37
Logging in on version 1.37 of the Active Directory plugin takes too long and I think it is causing occasional proxy timeouts. At first I had blamed it on having too many groups in Active Directory. Then I took a look at the release notes and saw that version 1.37 add some extra group specific logic. I decided to try downgrading the plugin and sure enough I was able to log in almost immediately. Which made me very very happy!
Version 1.37 (I've seen this take up to a minute)
Apr 30, 2014 7:38:17 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
Stage 2: looking up via memberOf
Apr 30, 2014 7:38:44 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
Version 1.36
Apr 30, 2014 7:53:34 PM FINE hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
Stage 2: looking up via memberOf
Apr 30, 2014 7:53:34 PM FINER hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider
- is related to
-
-
- Open
-
[JENKINS-22830] Slow login w/ Active directory plugin
Michael Rose
created issue -
Michael Rose
added a comment - I didn't try version 1.35. We are using version 1.36 right now. Did you try this version? Does 1.35 perform better?
Michael Rose
added a comment - I didn't try version 1.35. We are using version 1.36 right now. Did you try this version? Does 1.35 perform better? 
si Joey
added a comment - I just tried 1.36 and it works fine. I also tried upgrading from 1.36 to 1.37 with no change in the error message and login problems. I get the following message: Caused by: javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; remaining name 'DC=xyx,DC=acme,DC=org'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3143)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:417)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293)
si Joey
added a comment - I just tried 1.36 and it works fine. I also tried upgrading from 1.36 to 1.37 with no change in the error message and login problems. I get the following message: Caused by: javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded] ; remaining name 'DC=xyx,DC=acme,DC=org'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3143)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.parseMembers(ActiveDirectoryUnixAuthenticationProvider.java:456)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.resolveGroups(ActiveDirectoryUnixAuthenticationProvider.java:417)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:293) 
Gavin Goodrich
added a comment - I see the same issue here. Downgrading from 1.37 to 1.36 fixed my issue as well...
(download it from here https://updates.jenkins-ci.org/download/plugins/active-directory/1.36/active-directory.hpi and upload it manually to your server)
I turned on logging for the plugin and it seemed to be spending a lot of time getting the groups from active directory which led me to this issue.
I was getting frustrated comments from several users of the system...so could we bump up the priority? Problems like this (20 seconds to login or load the web page the first time in awhile) tend to deter people from using otherwise-awesome tools.
Gavin Goodrich
added a comment - I see the same issue here. Downgrading from 1.37 to 1.36 fixed my issue as well...
(download it from here https://updates.jenkins-ci.org/download/plugins/active-directory/1.36/active-directory.hpi and upload it manually to your server)
I turned on logging for the plugin and it seemed to be spending a lot of time getting the groups from active directory which led me to this issue.
I was getting frustrated comments from several users of the system...so could we bump up the priority? Problems like this (20 seconds to login or load the web page the first time in awhile) tend to deter people from using otherwise-awesome tools. 
George Li
added a comment - I would second bumping up the priority as I am experiencing the same errors mentioned above. I am using the same workaround by downgrading to 1.36.
George Li
added a comment - I would second bumping up the priority as I am experiencing the same errors mentioned above. I am using the same workaround by downgrading to 1.36. 
Lawrence Ong
added a comment - This bug basically killed our LDAP server by making a really bad query. I would bump this as well.
Lawrence Ong
added a comment - This bug basically killed our LDAP server by making a really bad query. I would bump this as well. Lawrence Ong
made changes -
| Priority | Original: Minor [ 4 ] | New: Major [ 3 ] |
Can you also remove 1.37? It's already caused a big problem in our organization, and may well do so in others.
| Labels | New: performance regression |
I have the same issue. I am not even able to authenticate using the 1.37 of the plugin. I see timeout errors in the jenkins log, with LTS release 1.532.2. I am also seeing the same problem with LTS 1.554.1 of Jenkins. I had to use version 1.35 of the plugin to resolve the login issues.