Confluence thinks I don't have an internal admin user, but I do have one... This is the only account in the internal directory. Any idea how I can get Confluence to recognize the admin account so I can make my health check happy?
Confluence has an enabled internal user directory, however its administrator account does not exist or is disabled
For Jonathan, the workaround was to explicitly add the internal admin to the System administrator and Confluence administrator permissions in Confluence Admin>Global permissions. That made the internal admin pass the health check.
Since the Confluence-administrators group from LDAP was in the global permissions, somehow confluence-administrators was not being seen by the health check as a super group so the members were not considered internal admins. I have opened a ticket internally to address either the documentation or the health check, since there is a discrepancy in the behavior versus the doc.
Please make sure the internal admin user is a member of the confluence-administrators group as that membership makes the account a super user, as mentioned in Confluence Admin Permission Levels Explained:
The confluence-administrators group defines a set of "super users" who can access the Administration Console and perform site-wide administration. Members of this group can also see the content of all pages and spaces in the Confluence instance, regardless of space permissions.
I look forward to hearing whether the internal admin is an admin or just internal. ;)
For the admin account:
AD is trumping Internal directory. Internal directory groups kick in when I manually log in as admin (because I can do sys admin content with this account).
I can't add confluence-administrators to global permissions because the AD one is named the same.
Thoughts on a potential fix?
Rename the AD Confluence-administrators group to something different. See if I can then add the local confluence-administrators group to global permissions?
I am not sure if local groups will pop in the group selection since AD is on top of local directory.
Based on Comparing the confluence-administrators group with the administrator permissions, if the admin account is part of the confluence-administrators local group, the health check should not be failing:
You can't change the global permissions granted to the
confluence-administratorsgroup. If you don't want your admins to be able to see all spaces and restricted pages, you can create a new group, and grant that group the Confluence administrator and system administrator global permissions.
So that we can take a closer look at your logs and configuration files I have opened a support request on your behalf. After it is resolved we can circle back to update this thread.
- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events