The logging in the email-ext plugin didn't provide much information, other than that it takes approx. the same time for each committer in the build. ie 1min / committer.
Google helped me to enable logging on the Active Directory plugin, and I have found the following:
1) We have our domain name configured (
ad.example.com), as well as the domain controller defined with the virtual IP (x.x.x.x:389)
2) The default lookup is via AD on the userPrincipalName, which it calculates as <committer-name>@<domain-name>. In our case, our domain name and email addresses are slightly different (domain ==
ad.example.com, email ==
example.com). This meant that the first query was userPrincipleName ==
john...@ad.example.com, which was never going to be found (user is
john...@example.com)
3) Based on (2), I changed the domain name to match the email address, but this then raised various javax.naming.CommunicationException errors, with connections attempted to
example.com:389. The error makes sense, as that isn't how the domain controller is referenced, but I don't know why it's ignoring the value in the Domain Controller field (x.x.x.x:389).
4) It then seems to enumerate all groups of the user is a member of (which there are hundreds) even though the we have configured it to "Remove irrelevant groups" (or maybe I misunderstood what that flag is meant to do).
I've even got the cache configured for 1 hour, but it still does this lookup every build.
Right now, it looks like the default options for the Active Directory plugin don't work for our environment, and we need to go down the LDAP configuration instead.
Cheers,
Daniel B.