When Jenkins is running in FIPS mode (see JEP https://github.com/jenkinsci/jep/tree/master/jep/237) and configured to use an ldap server for authentication it should not allow users to login with short (<112 bit aka 14 character) passwords.

However a user is able to login as long as the ldap server says the password is ok.

Jenkins should refuse to authenticate users whose passwords are shorter than 14 characters when in FIPS mode