The log-in with AD plugin is very slow

Symptoms

  • The log-in process is very slow
  • Jenkins takes too much time to recognize the AD groups
  • I am able to log-in on Jenkins
  • AD groups are recognized by Jenkins
  • In /whoAmI AD groups appear

Diagnosis/Treatment

Try with Token-Groups user attribute

Unfortunately, for the moment the AD plugin does not allow you to restrict Groups lookup on the same way you can do it with the LDAP plugin, however on the other hand in case your AD set-up only relies on Security Groups, and not Distribution Groups - which most of the cases happens, then you can try to use Group Membership Strategy → Token-Groups user attribute which should have a very big improvement when discovering groups.

ad-token-security-groups.png

Try removing irrelevant groups with the Recursive group queries

Makes Jenkins ignore every user’s Active Directory groups that are not being used by the active Authorization Strategy. This can significantly improve performance in environments with a large number of groups but a small number of corresponding rules defined by the Authorization Strategy.

  • Note: this setting may be incompatible with some Authorization Strategies.

ad-recursive-remove-irrelevant.png

Enable the cache

This is one of the options which might increase the performance of your Jenkins instance when there are consecutive lookups. Enable this option is totally recommended.

ad-enable-cache.png

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.