We are using LDAP login for our Gerrit instance. For REST calls (including repo cloning) you must generate an HTTP password that is different from the LDAP login.
The gerrit-code-review-plugin currently does not permit setting the httpPassword flag (https://github.com/uwolfer/gerrit-rest-java-client/blob/v0.8.15/src/main/java/com/urswolfer/gerrit/client/rest/GerritAuthData.java#L101)
This is causing us to see the following in the gerrit logs:
POST to gerrit-server.com/a/changes/<change id>/revisions/<patchset number>/review
This appears to be discussed in this issue and resolved in PR#70