We log in to Jenkins via the LDAP plugin against a Windows AD. This mechanism is however, very, very unpredictable whether it's going to let us in. We have 4 outcomes:

• You get in within 2 seconds
• You get in in about 30 seconds
• You get in in about 60 seconds
• You timeout the login.

The LDAP's "Enable cache" doesn't seem to have any affect one way or the other. 

Restarting Jenkins service doesn't matter either. The outcome might be any of the above.

Purging sss_cache (don't really know if it has anything to do with this, but had to try), doesn't have any effect.

But restarting the whole server DOES affect. It causes our Jenkins to not let any login attempts to work for 60-240 minutes. All of the sudden without anyone doing anything except trying to re-login, it suddenly just works.

Looking at tshark, I can notice that our AD replies within a split second every time Jenkins asks for something. But upon receiving data, Jenkins just doesn't do anything with the piece of information. Looking at htop and the CPU usage, I can see that the process is just idle.

Trying to maintain an automated system is impossible with LDAP, as it throws dice every time to figure out if something works.