The AD/DB hybrid user source does not involve any caching in the authentication path and it reaches out directly to the LDAP server to authenticate.
If using AD, I would use the OpenLDAP ldapwhoami utility to try to authenticate with the same user. You could also try using ldapsearch if you are using an LDAP server that does NOT support the “Who AM I?” extended operation.
If you are using a distributed LDAP server, it is possible that replication is taking that long. For instance, while creating an AD user the user on the local domain controller is available immediately, it can take over an hour for the user to propagate to other servers.
I'd bet it's this. If you need a user to log in quickly, it's best to make the change on the DC server that Ignition points to, otherwise you're at the mercy of AD replication. Your IT group can speed up how frequently AD replicates, but this sounds to me like the most likely reason for the delay.