Summary

When migrating between external user directories that are configured as Read Only with local groups, any users that existed in both directories and had custom local groups set will lose those local groups when the old user directory is disabled.

Steps to Reproduce

1. Connect Bitbucket to LDAP and sync a user, let's call her Susan. At this point, Susan should be a member of the default users group, e.g. bitbucket-users
2. Create a new group in Bitbucket, bitbucket-local-test, and add Susan to that group
3. Connect Bitbucket to a new ActiveDirectory server, also containing the user Susan
4. Sync the new directory. At this stage, Susan should be a member of bitbucket-users, of your bitbucket-local-test group, and of whatever other groups were defined in LDAP and your new ActiveDirectory
5. Disconnect the original LDAP server and check Susan's group memberships

Expected Results

Using the above example, Susan should continue to be a member of the bitbucket-local-test group. In other words, a user's local groups should be retained, independent of the source user directory

Actual Results

Susan's membership to the bitbucket-local-test group disappears. Local groups are lost during a migration between external directories.

Workaround

Re-add the users to their local directories, or manage them fully in the external user directory server and do not use the Read only with local groups setting