Once the LDAP plugin is enabled (security is turned on, and LDAP configured) the plugin attempts to bind to LDAP with a different user name then the one we configure in the setup screen.

our manager DN is something like: CN=JENKINS_SERVER,OU=Service Accounts,OU=xxx,DC=xxx,DC=com

This all works, and users can log in and be authenticated (the bind for the above works).

But for some reason there is a rouge attempt to also bind via a real user ID, the guy who originally set up the server. The suspicion is that at one point he put his own credentials in while initially setting it up, and it loved him so much it doesn't want to ever forget him. Does that make sense? is there a cache someplace I can check?, or something I can remove to kill an and all LDAP config to start from scratch? (disabling security and entering the data in fresh doesn't have an effect, the rouge bind lives on)

Error in the logs is:

WARNING: Failed to bind to LDAP: userDnCN=Veman\, Chris,OU=Users,OU=CDP,DC=TDBFG,DC=com username=veermc2
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772

We wouldnt care, but the poor fella keeps getting locked out of all systems connected to our LDAP.

We are at version: 1.549 of jenkins and 1.6 of the LDAP plugin.