Connecting to active directory a failed login produces two stack traces in the logs. They are not required and just clutter the logs.
It should simply record the login failure. eg:
BadCredentialsException: Either no such user 'firstname.lastname@example.org' or incorrect password
Instead we get:
Aug 15, 2019 12:41:19 AM hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl bind
WARNING: Failed to authenticate while binding to btwn000265.corp.ads:3268
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1^@]
Aug 15, 2019 12:41:19 AM hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider retrieveUser
WARNING: Credential exception trying to authenticate against corp.ads domain
org.acegisecurity.BadCredentialsException: Either no such user 'email@example.com' or incorrect password
Complete error attached.
I see Kohsuke Kawaguchi previously closed a similar issue JENKINS-14298 in 2013 as "Won't Fix", but would ask to revisit. Evidently, we have a lot of people in the org who can't type their passwords properly. What value is provided by the stack trace over the simple message in the log?