Adding an AD group, e.g. ciusers on Authorization type "Project-based Matrix Authorization Strategy", throws BadCredentialsException.

Issue:
doCheckName_() first tries finding a user and this fails and throws the BadCredentialsException. The function doCheckName_() then tries loadGroupByGroupName() which is throwing UserMayOrMayNotExistException right away. Function doCheckName_() uses SecurityRealm.loadGroupByGroupName() instead of LDAPSecurityRealm.loadGroupByGroupName().

Snippet of loadGroupByGroupname() from the SecurityRealm class.
public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException

{ throw new UserMayOrMayNotExistException(groupname); }

Snippet of loadGroupByGroupname() from the LDAPSecurityRealm class.
public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFoundException, DataAccessException {
// TODO: obtain a DN instead so that we can obtain multiple attributes later
String searchBase = groupSearchBase != null ? groupSearchBase : "";
final Set<String> groups = (Set<String>)ldapTemplate.searchForSingleAttributeValues(searchBase, GROUP_SEARCH,
new String[]

{groupname}

, "cn");

if(groups.isEmpty())
throw new UsernameNotFoundException(groupname);

return new GroupDetails() {
public String getName()

{ return groups.iterator().next(); }

};
}

Snippet of doCheckName_():
public FormValidation doCheckName_(String value, AccessControlled subject, Permission permission) throws IOException, ServletException {
if(!subject.hasPermission(permission)) return FormValidation.ok(); // can't check

final String v = value.substring(1,value.length()-1);
SecurityRealm sr = Jenkins.getInstance().getSecurityRealm();
String ev = Functions.escape(v);

if(v.equals("authenticated"))
// system reserved group
return FormValidation.respond(Kind.OK, makeImg("user.png") +ev);

try

{ sr.loadUserByUsername(v); return FormValidation.respond(Kind.OK, makeImg("person.png")+ev); }

catch (UserMayOrMayNotExistException e)

{ // undecidable, meaning the user may exist return FormValidation.respond(Kind.OK, ev); }

catch (UsernameNotFoundException e)

{ // fall through next } catch (DataAccessException e) { // fall through next }

try

{ sr.loadGroupByGroupname(v); return FormValidation.respond(Kind.OK, makeImg("user.png") +ev); }

catch (UserMayOrMayNotExistException e)

{ // undecidable, meaning the group may exist return FormValidation.respond(Kind.OK, ev); }

catch (UsernameNotFoundException e)

{ // fall through next } catch (DataAccessException e) { // fall through next }

// couldn't find it. it doesn't exist
return FormValidation.respond(Kind.ERROR, makeImg("error.png") +ev);
}

Stack trace snippet:
Failed to test the validity of the user name ciusers
org.acegisecurity.BadCredentialsException: Authentication was successful but cannot locate the user information for ciusers
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:147)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:105)
at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:64)
at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:23)
at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:514)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName_(GlobalMatrixAuthorizationStrategy.java:303)
at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:288)