Issue Summary

When user management in Bitbucket Server is through a read-only directory (Crowd, LDAP etc), users trying to reset their password should be notified that the account is read only and they should contact their administrator - at the moment all users (internal/external) receive the same message:

"If you are a registered user, you will receive a password reset email"

Environment

Bitbucket 5.16 + with:

• external LDAP (synced/delegated)
• Crowd

• Steps to Reproduce

1. On login page click "Unable to access you account?"
2. Enter the username/email of a user belonging to a read-only directory
3. Click "Reset password"

Expected Results

If the user belongs to a read-only directory the message should be:
"Your account details are read-only. Please contact your administrator to change your password."

Actual Results

The message is:
"If you are a registered user, you will receive a password reset email"

(Note that no password reset email is actually sent to users in read-only directories.)

Notes

A similar issue was fixed in Stash 4.0: BSERV-7548: Disable "reset your password" option for delegated LDAP (fixed in Bitbucket Server 4.0.0)

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available