Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

More users than allowed

Deleted user January 29, 2019

Hi,

we are using Confluence Server V6.6.1 with a license for 100 users and currently exactly 100 users. Yesterday it happened twice that we suddenly had 101 users, and then nobody was allowed to login because the license was exceeded.

How is it possible to have more users than allowed by the license?

We are using an LDAP directy with several thousand users, but only 100 are in the group confluence-users. The option "Allow people to sign up to create their account" is turned off. However the 101st user told me that he had just logged in with his regular LDAP userID and password without the help of any administrator.

We couldn't reproduce the situation, but some hours later it happened again with another new user.

PS: We noticed that the administrator can add a surplus user by the function 'edit groups' in the user management. But this was not the case here as the 2 users did it by themselves.

 The audit log contains an entry for an "anonymous" action:

28.01.2019 14:57Europe/BerlinAnonymousUsers and groupsip_addressUser added to groupconfluence-usersconfluence-users[LDAP-username] [User]
Answer
Watch
Like Be the first to like this
471 views

1 answer

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 29, 2019

I'll answer this backwards, as it's quicker if you have background.

Confluence has a list of users it can see.  This list can be a lot larger than "who can use it", and can be drawn from many places, including LDAP (And when you use LDAP, you can specify stuff like "we have 45,000 people in LDAP, but only show these 2870 to Confluence by virtue of being in the OU xyz")

Users in the visible list do not have automatic access to Confluence.  To get in, a user has to be in one or more of the "can log in" groups in Confluence.  Often, this is the admin groups, plus "confluence-users", but you should check what groups have "can use" in "Global permissions".  The (deduplicated) list of users in all the login groups are what count towards your licence

Also, a user can be "disabled".  They remain in their groups, but can't log in, and don't count towards the licence.

So, I am pretty sure that what is happening here is that your users are getting into one of the login groups somehow.  How they're doing it might take a bit more work. 

It could be being done by a process in your Directory add/sign-up, but I would look first at Confuence's "automatic add to group" (which is not the same as "allow users to sign up").  See https://confluence.atlassian.com/doc/connecting-to-an-ldap-directory-229838241.html .  This is a long page, but you only need one part of it - use ctrl-f to find "Adding users to groups automatically"

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security