Upgraded to Bitbucket 6.9, no longer able to login using Active Directory credentials

Hi Max, I am taking over bitbucket managing from a previous employee. So to answer your question, I am unsure. But when I login I see there is an active directory connector. 

i am upgrading from bitbucket 5.14. After the upgrade I can only login using a local account. But using my active directory login no longer works. And I can’t figure out how to fix this issue. 

1. With 'Admin' permission check your auth directories - in Bitbucket Server administration area, click User Directories (under Accounts).

2. And check Manage apps under Add-ons - after the upgrade, some of them could become inoperative. 

@Max MalyginThis is what we have under User Directories

No apps under Manager Apps.

At first glance, everything is fine.

But since authorization does not work, it seems that a more in-depth study of the settings and operation of the instance is required. Please check the Troubleshooting and support tools in Bitbucket Server administration area - Log analyzer can help determine the cause.

@Max MalyginWhen I click on the Active Directory TEST feature. It give this error "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed"

Hello!

There is an article on this subject - Unable to connect to SSL services due to "PKIX Path Building Failed" error.

There are two assumptions about the source of the problem:

1. After the upgrade, Bitbucket started using the new version of Java and the cacerts file now does not contain the Certificate Authority certificate from Active Directory. You can replace file cacerts with an old version or add a certificate to a new file.
2. It is also possible that in the startup parameters of the old version of Bitbucket there was a key pointing to the custom version of the cacerts file (-Djavax.net.ssl.trustStore). Then you can transfer this key.

Our Bitbucket 5.14 has Java version 1.8.0_211.b12 version.

Maybe we will try to upgrade to 6.9 again and try just upgrading Java???

@Max MalyginAfter upgrading to 6.9 would I just be able to copy + paste these files into the new upgraded located? The image below is from our Bitbucket 5.14 version.

Hi!

Perhaps this is not enough. It is required to check whether the keys (javax.net.ssl.trustStore) for using these files were saved in the new version. If they are missing, then you will need to transfer them from the old version.

Another option is also possible. Required certificates could be added to the Java repository - $JAVA_HOME/lib/security/cacerts. Then you should add certificates to the new Java repository or copy the cacerts file from the old to the new Java.