The group pulled and added from Active Directory is not deleted from the Project Permissions page when the Active directory connector is removed completely. The same group when added back to the Bitbucket again via another External User directory(Delegated Ldap from the same AD) is then able to have the access to the project permission. The same should not happen and the Groups from the Active Directory must be removed when the connector is deleted.
- Add an Active Directory Connector and sync it with Bitbucket
- The Users and Groups are pulled from AD
- A group from AD named bitbucket-users are added to Global Permissions and Project permissions
- Remove the Active directory connector from the User Directories page
- The groups are gone from the groups page as expected but are still listed in the Project Permissions.
- Add a Delegated Ldap directory from the same AD
- Login with a user who is part of the bitbucket-users groups in AD.
- If we check on the Project permissions bitbucket-users group the users from the Delagated Ldap directory are having the permissions to access the Projects
The Groups should also be removed on the Project permissions when the Active directory connector is removed.
The Groups are not removed from the Project permissions so in future when they add an Active directory connector or delegated Ldap directory the users from the bitbucket-users are gaining permission to the projects which shouldn't be the case.
Remove the Groups manually from the Project Permissions after removing the Active directory from the User directories Page