This field determines the query to be run to identify the organizational unit that contains groups. The query is almost always "ou=groups" so try that first, though this field may be left blank to search from the root DN.
If login attempts result in "Administrative Limit Exceeded" or similar error, try to
make this setting as specific as possible for your LDAP structure, to reduce the scope
of the query. If the error persists, you may need to edit the
WEB-INF/security/LDAPBindSecurityRealm.groovy file that is included in
hudson.war. Change the line with:
groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={1}))";
to query only of the field used in your LDAP for group membership, such as:
groupSearchFilter = "(member={0})";
Then restart Hudson and retry the login.