-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Low
-
None
-
Affects Version/s: 9.0.0
-
Component/s: Crowd, User Management - LDAP
-
None
-
3
-
Severity 2 - Major
-
44
Issue Summary
This is reproducible on Data Center: yes
Users synced from Microsoft AD lose all the group membership after upgrading Bitbucket from any version prior to 8.19.x to 9.x.
Steps to Reproduce
- Install Bitbucket 8.19.x.
- Set up Microsoft AD with nested groups.
CN=moga,DC=example,DC=com memberOf: CN=group1,OU=ou1,DC=example,DC=com memberOf: CN=group2,OU=ou2,DC=example,DC=com memberOf: CN=group3,OU=ou1,DC=example,DC=com memberOf: CN=group6,OU=ou1,DC=example,DC=com memberOf: CN=group4,OU=ou1,DC=example,DC=com memberOf: CN=group5,OU=ou1,DC=example,DC=com memberOf: CN=group4,OU=ou1,DC=example,DC=com memberOf: CN=group6,OU=ou1,DC=example,DC=com - Create a user directory in Bitbucket with the following configuration:
ldap.basedn: DC=example,DC=com ldap.group.dn: OU=ou1 ldap.nestedgroups.disabled: true ldap.group.usernames=member: 1.2.840.113556.1.4.1941: ldap.user.group: memberOf: 1.2.840.113556.1.4.1941: ldap.usermembership.use: true ldap.usermembership.use.for.groups: true
- Sync the directory and observe the behaviour; user moga will have the following membership:
- group1
- group3
- group4
- group5
- group6
- Upgrade the instance to Bitbucket 9.0.x.
- Perform the directory sync and observe the behaviour - the user will not belong to any user groups.
Expected Results
The user moga should have the following group membership:
- group1
- group3
- group4
- group5
- group6
Actual Results
The user moga have no group memberships.
Workaround
This is happening due to a change in Crowd sync on Crowd 5.3.0; Crowd 5.3 Upgrade Notes; LDAP synchronization improvements. The workaround is to disable the new sync:
- Add the following in <bitbucket installation path>/bin/_start-webapp.sh:
JVM_SUPPORT_RECOMMENDED_ARGS="-Dcrowd.use.legacy.ad.membership.sync=true"
- Restart Bitbucket.
- Initiate the sync.