I'm taking over a Bitbucket 5.14 installation, connected to our company AD 2008 R2 Server. No filters on specific groups were present, so the User filter was

(&(objectCategory=Person)(sAMAccountName=*))

and group filter

(objectCategory=Group)

 Since we have a relatively large AD and only about ~80 users in three groups that were using Bitbucket, I want to restrict users and groups. I applied a filter to the users where memberOf attribute contains one of our AD groups. This works, now we have 80 users instead of several thousands like before.

But it seems that my group filter is completely ignored. I used

(|(CN=GIT-Users)(CN=GIT-Administrators)(CN=Git-Developer))

as group filter. On ldapsearch it works well and returns only those three groups. But Bitbucket still contains ALL AD groups (like before applying the filter) in Admin > Accounts > Groups.

Also the query

select count(*) from cwd_group

gave me over 16k results. I manually ran the sync on the user directories tab. It took only about 1 second without error.

As I said, I introduced also a user filter before. The sync was manually run Accordingly too after that and it took about ~500 seconds (cause thousands of old users that doesn't match the new filter criteria need to be deleted).

Why is my filter ignored on groups?