Users can't login after upgrading to Bitbucket

Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

After upgrading to Bitbucket server, users on the LDAP server can't login.

The following appears in the atlassian-stash.log

2015-11-04 00:00:01,149 WARN [http-nio-7990-exec-3] @6DNHTPx0x753x1 209.12.168.210,10.84.220.10,10.84.8.21 "GET /scm/hm/your-repo.git/info/refs HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider Authenticator 'com.atlassian.stash.stash-authentication:crowdHttpAuthHandler' threw an exception com.atlassian.stash.exception.DataStoreException: A database error has occurred. at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:46) ~[stash-platform-3.11.2.jar:na] at com.atlassian.stash.internal.auth.EmbeddedCrowdHttpAuthenticationHandler.authenticate(EmbeddedCrowdHttpAuthenticationHandler.java:47) ~[stash-service-impl-3.11.2.jar:na] at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider$1.perform(PluginAuthenticationProvider.java:103) ~[PluginAuthenticationProvider$1.class:na] at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider$1.perform(PluginAuthenticationProvider.java:100) ~[PluginAuthenticationProvider$1.class:na] at com.atlassian.stash.internal.auth.DefaultCaptchaService.authenticateWithCaptcha(DefaultCaptchaService.java:71) ~[stash-service-impl-3.11.2.jar:na] at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider.attemptAuthentication(PluginAuthenticationProvider.java:120) [PluginAuthenticationProvider.class:na] at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider.authenticate(PluginAuthenticationProvider.java:61) [PluginAuthenticationProvider.class:na] at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:102) [StashAuthenticationFilter.class:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:109) [BeforeLoginPluginAuthenticationFilter.class:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na] at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:103) [atlassian-trusted-apps-core-4.0.0.jar:na] at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.10_1438176130000.jar:na] at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:36) [analytics-client-3.70.1_1436186494000.jar:na] at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) [analytics-client-3.70.1_1436186494000.jar:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:87) [BeforeLoginPluginAuthenticationFilter.class:na] at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) [BeforeLoginPluginAuthenticationFilter.class:na] at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:85) [stash-service-impl-3.11.2.jar:na] at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) [ConfigurableWebFilter.class:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.7.0_51] at java.lang.Thread.run(Unknown Source) [na:1.7.0_51] ... 176 frames trimmed Caused by: org.springframework.dao.DataIntegrityViolationException: could not execute batch; SQL [update cwd_user set user_name=?, lower_user_name=?, is_active=?, created_date=?, updated_date=?, first_name=?, lower_first_name=?, last_name=?, lower_last_name=?, display_name=?, lower_display_name=?, email_address=?, lower_email_address=?, external_id=?, directory_id=?, credential=? where id=?]; constraint [uq_cwd_user_dir_ext_id]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute batch at org.springframework.orm.hibernate4.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:163) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE] at org.springframework.orm.hibernate4.HibernateTransactionManager.convertHibernateAccessException(HibernateTransactionManager.java:730) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE] at org.springframework.orm.hibernate4.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:592) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE] at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:757) ~[spring-tx-4.1.6.RELEASE.jar:4.1.6.RELEASE] at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:726) ~[spring-tx-4.1.6.RELEASE.jar:4.1.6.RELEASE] at com.atlassian.crowd.directory.InternalDirectory.updateUser(InternalDirectory.java:274) ~[crowd-persistence-2.8.4-m1.jar:na] at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.updateUser(DelegatedAuthenticationDirectory.java:721) ~[crowd-persistence-2.8.4-m1.jar:na] at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.updateLocalUserDetails(DelegatedAuthenticationDirectory.java:559) ~[crowd-persistence-2.8.4-m1.jar:na] at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticateAndUpdateOrCreate(DelegatedAuthenticationDirectory.java:288) ~[crowd-persistence-2.8.4-m1.jar:na] at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:186) ~[crowd-persistence-2.8.4-m1.jar:na] at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:283) ~[crowd-core-2.8.4-m1.jar:na] at com.atlassian.stash.internal.crowd.CustomizedDirectoryManager.authenticateUser(CustomizedDirectoryManager.java:53) ~[stash-service-impl-3.11.2.jar:na] at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:194) ~[crowd-core-2.8.4-m1.jar:na] at com.atlassian.stash.internal.crowd.CustomizedApplicationService.authenticateUser(CustomizedApplicationService.java:46) ~[stash-service-impl-3.11.2.jar:na] at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:69) ~[embedded-crowd-core-2.8.4-m1.jar:na] at com.atlassian.stash.internal.crowd.RiotPolice.authenticate(RiotPolice.java:98) ~[stash-service-impl-3.11.2.jar:na] at com.atlassian.stash.internal.user.DefaultUserService.authenticate(DefaultUserService.java:108) ~[stash-service-impl-3.11.2.jar:na] ... 20 common frames omitted Caused by: org.hibernate.exception.ConstraintViolationException: could not execute batch at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:129) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:126) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.performExecution(BatchingBatch.java:132) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.doExecuteBatch(BatchingBatch.java:111) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl.execute(AbstractBatchImpl.java:163) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl.executeBatch(JdbcCoordinatorImpl.java:226) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:484) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:351) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:350) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:56) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1222) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:425) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:177) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] at org.springframework.orm.hibernate4.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:584) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE] ... 34 common frames omitted Caused by: java.sql.BatchUpdateException: Duplicate entry '622593-' for key 'uq_cwd_user_dir_ext_id' at com.mysql.jdbc.PreparedStatement.executeBatchSerially(PreparedStatement.java:2007) ~[mysql-connector-java-5.1.10.jar:na] at com.mysql.jdbc.PreparedStatement.executeBatch(PreparedStatement.java:1443) ~[mysql-connector-java-5.1.10.jar:na] at com.jolbox.bonecp.StatementHandle.executeBatch(StatementHandle.java:469) ~[bonecp-0.7.1.RELEASE.jar:0.7.1.RELEASE] at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.performExecution(BatchingBatch.java:123) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final] ... 46 common frames omitted

Cause

A new constraint was added in STASH-5244, however relies on the external_id column in the cwd_user table being populated with a NULL in the case no "User Unique ID Attribute" (typically entryUUID) is provided by the directory server.

If you mapped field that is not unique on your LDAP server, the error above will occur.

Notice that this problem is different to the one described on BSERV-7580 - ERROR: duplicate key value violates unique constraint "uq_cwd_user_dir_ext_id" because in that case an administrator was mapping an inexistent "Unique ID", we were inserting an "empty" string into the database. That was fixed by ensuring that in such use cases we insert NULL into the database.

Resolution

An external id (such as a UUID) should be provided to Bitbucket by the directory server. This permits renaming of users. LDAP servers should provide an attribute 'entryUUID' according to RFC 4530. In some cases this is provided via a different attribute, and Bitbucket should be configured to use this attribute.

The setting can be found as follows for LDAP servers:

  1. Go to Administration >> User Directories

  2. Click Edit on the LDAP server

  3. Go to User Schema Settings >> User Unique ID Attribute. Make sure with your LDAP admin that this field is unique.

  4. Update this to the correct attribute then click "Save and Test"

More details about UUID this can be found here: Connecting Stash to an existing LDAP directory.

Updated on September 25, 2025
Platform
Data Center only
App
Bitbucket Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community