In two AD-domains configuration (adom.organization.com, ddom.organization.com, binding as different users) when exist same user in both domains with different passwords, logon to Jenkins as user of ddom domain:

DDOM\user, ddom\user or user@ddom.organization.com

initiate in log

... hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception trying to authenticate against adom.organization.com domain
org.acegisecurity.BadCredentialsException: Either no such user '...' or incorrect password

and after some logons, adom\user account from another domain ADOM being locked due to multiple bad password attempts.

I think it happens because authentication go though all list of configured domains(tcpdump show connects to all domains).

It is possible to initiate authentification of ddom\user only in home domain ddom.organization.com?