Attempts to remove a user from confluence-users (he no longer works here), provides error: "Could not remove user 'jfkxxxx' as a member of group 'confluence-users'. Check your server logs for more information. We're running server locally, with LDAP integration but this is a local group (not an AD group).
Checking var/atlassian/application-data/confluence/logs/atlassian-confluence.log gives me this error:
2019-09-17 08:53:57,111 INFO [read-only-transaction:thread-1] [atlassian.confluence.user.DefaultUserAccessor] getUserNamesWithConfluenceAccess Found USE permission with no associated username or group:
[USECONFLUENCE,0,null,null,null] 2019-09-17 08:54:06,500 ERROR [http-nio-8090-exec-5] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'jfkxxxx' as a member of 'confluence-users'
-- referer: https://cmsconfluence.generalcode.com/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users | url: /admin/users/removeuserfromgroup.action | traceId: ab4502985c5e5597 | userName:
lgraham | action: removeuserfromgroup com.atlassian.user.EntityException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: At least one
directory containing jfkxxxx as a member of confluence-users does not have write permission
Leaving this question here, in case anyone else experiences this. Turns out Confluence got its group membership information from the Jira service. Removing the group membership in Jira and then synchronizing the user directory (within Confluence), and he no longer appeared in the group.
It's mildly aggravating that the add/remove user prompting seems to be available in Confluence even though it's not usable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.