Using ldap in Jenkins has the following problems:

Suppose the configuration is as follows:

// code placeholder

server: ldap://127.0.0.1:3389 
user base filter: cn=users,cn=accounts,dc=example1,dc=com

If the dn returned by the LDAP server for the search request (uid=san.zhang) is

uid=san.zhang, cn=users,cn=accounts,dc=example2,dc=com

This dn is inconsistent with the configured user base filter.

When the user logs in to ldap, it actually initiates a search request first, and then performs a bind operation according to the dn returned by the search request.

When uid=san.zhang, cn=users,cn=accounts,dc=example2,dc=com are returned after this search request, jenkins will modify the result of this search and splice it into a new dn and pass it to the ldap server to perform the bind operation: ldap://127.0.0.1:3389/uid=san.zhang, cn=users,cn=accounts,dc=example2,dc =com,cn=users,cn=accounts,dc=example1,dc=com  Then our ldap server will fail to bind.

(Why does it return different basedn, because our Ldap Server is actually an Ldap Proxy, which will query multiple Ldap backend instances, and then match and search, so there are cases where basedn is different.)