Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User can log in but is not added to confluence-users group

Fajar Suryawan
Fajar Suryawan July 10, 2014

Some LDAP users were just added as users of confluence, and the LDAP Permissions are set to "Read Only, with Local Groups ". Those LDAP user can log in but he/she isn't added to the confluence-users group (it used to be the case). Nor he/she is in the confluence-users group member listing.

Furthermore, we also have this related problem. A user, say abc123, is listed in the confluence-users member listing, the kind you have from https://confluence.example.com/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users.

But when you click that user's name, which brings you to https://confluence.example.com/admin/users/viewuser.action?username=abc123, it says "This user isn't in any groups." Strange.

Some user can still log in and is a valid member of confluence-users group.

Where should I start to troubleshoot this problem?

Answer
Watch
Like Be the first to like this
851 views

1 answer

1 accepted

0 votes
Answer accepted
Fajar Suryawan
Fajar Suryawan July 11, 2014

Problems solved. This was our mistake in the LDAP configuration.

We use Confluence 5.4.4 with permissions set to "Read Only, with Local Groups ".

Lessons we learned (not necessarily the best practice or even correct, so your comments are most welcome):

  • Do not make a group called 'confluence-users' in the LDAP server (intended for confluence), since confluence will confuse it and unexpected things can happen.
  • Do make the "Default Group Memberships" be 'confluence-users' in LDAP Permissions.
  • To filter in users of confluence in the LDAP (in our company, not everyone in the 'ou=Employee' have access to confluence), we're not using groups, but instead we use filter like title=cnf. So one with a title attribute set to 'cnf' will generally have access to confluence. (Thank you pak Suyadi Abu Farros.)
  • The new users will join (internal) confluence-users group upon login.
  • If you want, as an admin, you can assign any groups (including confluence-users) to any user even if they haven't logged-in yet.

I'd be grateful if someone can point out a number of best practices pertaining to this issue.

Thanks!

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events