Our Openstack API account uses AD for authentication and has automatic account lockout enabled.   If you are not logged into Jenkins and you go to the read-only global configuration page (http://JENKINS-SERVER/configure-readonly) the AD account be will locked out due to too many authentication failures.   

I am assuming this is cause by the openstack plugin wanting to get some information to display in the global configuration page.   If you are logged into Jenkins and view the Global Configuration, the account doesn't get locked out.