Not sure if regression or by design but after https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736 it looks like reverse-proxy-auth-plugin does not cache (group memberships) at all.

I have setup an empty test Jenkins 2.138 instance with reverse-proxy-auth-plugin v1.5 configured against (Samba) Active Directory. This instance loads (non-cached) in ~300-600ms, 

Upgrading to reverse-proxy-auth-plugin to v1.6.3 brings load time (non-cached) to 10-15 seconds. On our production environment this increases to over 1 minute.

Reverting back reverse-proxy-auth-plugin to version 1.5 brings load times back to the 300-600ms in test and ~1 second for our production instance.

I'm pretty sure the delay in our environment is caused by the non-caching of recursive group lookups, we know they are expensive but we absolutely need them.

Relevant settings from config.xml:

<userSearch>sAMAccountName={0}</userSearch>
<groupSearchBase>ou=Groups,dc=our,dc=domain,dc=com</groupSearchBase>
<groupSearchFilter>(& (cn={0}) (objectClass=group))</groupSearchFilter>
<groupMembershipFilter>(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))</groupMembershipFilter>

Let me know if you need more info or how I can debug this further.