In our LDAP server the anonymus access is not allowed, so we need to authenticate with Manager DN and then search the login user attributes. When we "Test LDAP settings" we can see how the Lookup is successful:
But the login failed:
We have checked that the password is okey loging in directly on the LDAP.
We have captured the conversation between Jenkins and the LDAP and analyzing it with Wireshark we found that the LDAP plugin requires two times the read permission for reading the LDAP tree, the first time when the Manager DN search the login user, and a second time when the login user needs to read his own attributes before login, in our LDAP is not allowed for login users to read the attributes for security reasons, that king of users only can login on LDAP not read the tree:so the search find 0 attributes:
And produces that error:
I think it is not necessary to read two times the LDAP three, the first time is necessary to lookup (Manager DN) but the login user shouldn't have to read again the LDAP to login.