Go to Admin -> User maintenance -> Groups and click "add". If you're using internal users.
If it's external (AD, Crowd etc) then you'll need to add them in the external user directory system.
I don't know. You seem to have added a screenshot of your directory list to your question since I answered, but that doesn't tell me anything other than you have external directories.
"External directory needs to be created?" is something I can't answer. Do you need another directory? What has that got to do with adding users into existing directories?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We are not able to create group in confluence version 35.5. We tried giving AD- Foresters users , read/write permission.
Now we are able to create with no error (earlier error used to be like failed to create server logs.)
but we are not able to view the group, although we don't get any error.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm sorry, but you need to explain what you're doing more clearly.
"able to create without error" - create what? And where?
"not able to view the group" - again, where?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I m able to create group in confluence version 3.5 under manage groups tab.
How- Here is the answer->
--> I log in with administrator account and click on edit->site administration->manage groups(on left pannel) and Add Group.
After I click on Add Group link. I type in the name of the group and save. But after saving the group doesn't comes in the list of the groups.
This is my query. I m not able to view the group I created.
Let me know if you have any query.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So there's no error message, it looks like it's working when you add a group?
>"the group doesn't comes in the list of the groups"
Which list of groups? Where are you looking for this list?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, you'll need to read the log file to see what errors are being thrown when you click "add"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Users' is not functional during authentication of 'fasatsupport'. Skipped. -- referer: http://devwiki/authenticate.action?destination=/admin/console.action?atl_token=5799195cec280386f18e45b7a282111807a8e3c1 | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate 2016-05-18 03:51:55,970 ERROR [TP-Processor2] [bucket.user.DefaultUserAccessor] createGroup com.atlassian.crowd.exception.embedded.InvalidGroupException: com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ]; remaining name 'cn=bell tel, ou=Users,ou=foresters,dc=foresters,dc=local' -- referer: http://devwiki/admin/users/browsegroups.action | url: /admin/users/creategroup.action | userName: fasatsupport | action: creategroup com.atlassian.user.impl.EntityValidationException: com.atlassian.crowd.exception.embedded.InvalidGroupException: com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ]; remaining name 'cn=bell tel, ou=Users,ou=foresters,dc=foresters,dc=local
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
can you please let me know what settings needs to be changed. Its a bit urgent. Need to create the group. does this anything to be done on LDAP..?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think the "no permission" is a bit of a giveaway - the user you've connected to LDAP with does not have the right to add groups
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You have configured JIRA to get its list of users from LDAP.
You have used an account in LDAP that can only read the users.
JIRA cannot write to LDAP, so it cannot create the groups.
Your options are
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the information. Can you please let me know one thing:- Is the below configuration setting will allow to create group. this is the current setting.
-----------------------------------------------------------------------------------------------------------------------
=== Current user === Directory ID: 65537 Username: fasatsupport Display name: Local ID for Fasat Support Team Email address:
=== Directories configured === Directory ID: 1179649 Name: AD - Foresters -Users Active: true Type: CONNECTOR Created date: 2011-12-28 13:02:44.047 Updated date: 2016-05-24 03:02:39.45 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes: "autoAddGroups": "" "com.atlassian.crowd.directory.sync.issynchronising": "false" "com.atlassian.crowd.directory.sync.lastdurationms": "438" "com.atlassian.crowd.directory.sync.laststartsynctime": "1464073359011" "directory.cache.synchronise.interval": "3600" "ldap.basedn": "ou=Users,ou=foresters,dc=foresters,dc=local" "ldap.connection.timeout": "0" "ldap.group.description": "description" "ldap.group.filter": "(objectCategory=Group)" "ldap.group.name": "cn" "ldap.group.objectclass": "group" "ldap.group.usernames": "member" "ldap.local.groups": "false" "ldap.nestedgroups.disabled": "true" "ldap.pagedresults": "true" "ldap.pagedresults.size": "1000" "ldap.password": (not shown) "ldap.pool.timeout": "0" "ldap.propogate.changes": "true" "ldap.read.timeout": "120000" "ldap.referral": "true" "ldap.relaxed.dn.standardisation": "true" "ldap.roles.disabled": "true" "ldap.search.timelimit": "60000" "ldap.secure": "false" "ldap.url": "ldap://fh-dc-02.foresters.local:389" "ldap.user.displayname": "displayName" "ldap.user.email": "mail" "ldap.user.encryption": "sha" "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))" "ldap.user.firstname": "givenName" "ldap.user.group": "memberOf" "ldap.user.lastname": "sn" "ldap.user.objectclass": "user" "ldap.user.password": (not shown) "ldap.user.username": "sAMAccountName" "ldap.user.username.rdn": "cn" "ldap.userdn": "confluence_user@foresters.local" "ldap.usermembership.use": "false" "ldap.usermembership.use.for.groups": "false"
Directory ID: 27361281 Name: Active Directory server Active: true Type: CONNECTOR Created date: 2012-09-26 11:55:45.403 Updated date: 2016-05-24 03:02:39.2 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes: "autoAddGroups": "" "com.atlassian.crowd.directory.sync.issynchronising": "false" "com.atlassian.crowd.directory.sync.lastdurationms": "125" "com.atlassian.crowd.directory.sync.laststartsynctime": "1464073359074" "directory.cache.synchronise.interval": "3600" "ldap.basedn": "cn=Users,dc=foresters,dc=local" "ldap.connection.timeout": "0" "ldap.group.description": "description" "ldap.group.filter": "(objectCategory=Group)" "ldap.group.name": "cn" "ldap.group.objectclass": "group" "ldap.group.usernames": "member" "ldap.local.groups": "false" "ldap.nestedgroups.disabled": "false" "ldap.pagedresults": "true" "ldap.pagedresults.size": "1000" "ldap.password": (not shown) "ldap.pool.timeout": "0" "ldap.propogate.changes": "true" "ldap.read.timeout": "120000" "ldap.referral": "true" "ldap.relaxed.dn.standardisation": "true" "ldap.roles.disabled": "true" "ldap.search.timelimit": "60000" "ldap.secure": "false" "ldap.url": "ldap://fh-dc-02:389" "ldap.user.displayname": "displayName" "ldap.user.email": "mail" "ldap.user.encryption": "sha" "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))" "ldap.user.firstname": "givenName" "ldap.user.group": "memberOf" "ldap.user.lastname": "sn" "ldap.user.objectclass": "user" "ldap.user.password": (not shown) "ldap.user.username": "sAMAccountName" "ldap.user.username.rdn": "cn" "ldap.userdn": "wasadmin@foresters.local" "ldap.usermembership.use": "false" "ldap.usermembership.use.for.groups": "false"
Directory ID: 983041 Name: AD- Users Active: true Type: CONNECTOR Created date: 2011-12-28 12:20:50.767 Updated date: 2016-05-24 03:22:39.113 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes: "autoAddGroups": "" "com.atlassian.crowd.directory.sync.issynchronising": "false" "com.atlassian.crowd.directory.sync.lastdurationms": "31" "com.atlassian.crowd.directory.sync.laststartsynctime": "1464074559081" "directory.cache.synchronise.interval": "6000" "ldap.basedn": "cn=Users,dc=foresters,dc=local" "ldap.connection.timeout": "100000" "ldap.group.description": "description" "ldap.group.dn": "cn=Security Groups, cn=Groups" "ldap.group.filter": "(objectCategory=Group)" "ldap.group.name": "cn" "ldap.group.objectclass": "group" "ldap.group.usernames": "member" "ldap.local.groups": "false" "ldap.nestedgroups.disabled": "false" "ldap.pagedresults": "true" "ldap.pagedresults.size": "1000" "ldap.password": (not shown) "ldap.pool.timeout": "0" "ldap.propogate.changes": "true" "ldap.read.timeout": "200000" "ldap.referral": "true" "ldap.relaxed.dn.standardisation": "true" "ldap.roles.disabled": "true" "ldap.search.timelimit": "200000" "ldap.secure": "false" "ldap.url": "ldap://fh-dc-01.foresters.local:389" "ldap.user.displayname": "displayName" "ldap.user.dn": "cn=WebsenseUsers,cn=FHOffice Users,cn=Users" "ldap.user.email": "mail" "ldap.user.encryption": "sha" "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))" "ldap.user.firstname": "givenName" "ldap.user.group": "memberOf" "ldap.user.lastname": "sn" "ldap.user.objectclass": "user" "ldap.user.password": (not shown) "ldap.user.username": "sAMAccountName" "ldap.user.username.rdn": "cn" "ldap.userdn": "confluence_user@foresters.local" "ldap.usermembership.use": "false" "ldap.usermembership.use.for.groups": "false"
Directory ID: 65537 Name: Confluence Internal Directory Active: true Type: INTERNAL Created date: 2011-12-23 04:48:37.04 Updated date: 2013-03-13 08:42:49.42 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.InternalDirectory Encryption type: atlassian-security Attributes: "user_encryption_method": "atlassian-security"
-----------------------------------------------------------------------------------------------------------------------------
thanks in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't know LDAP well enough to answer that with any authority.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI,
I was able to solve the above problem with the changing of the user directory to Read Only and created the group.
------------------------------------------------------------------------------------------------------------------------
Now there is a challenge I am facing again. We are not able to delete any user not created by local ID but those who are part of AD.
Getting the below error: Cannot delete the user , check the server log.
"at java.lang.Thread.run(Thread.java:662) Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user 'rakumar' because directory 'AD - Foresters -Users' does not allow updates. at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.updateUser(ApplicationServiceGeneric.java:408) at com.atlassian.crowd.embedded.core.CrowdServiceImpl.updateUser(CrowdServiceImpl.java:315) ... 216 more s"
Need Help
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You need to make the directory read/write - the user you're connecting with needs permission to delete users from the directory
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Check the AD logs to find out why AD is refusing to let you update the users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I checked it. It still gives the same error.
FATAL [TP-Processor1] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl -- referer: http://devwiki/authenticate.action?destination=/admin/users/browseusers.action | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate 2016-06-23 00:54:16,802 ERROR [TP-Processor1] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'AD- Users' is not functional during authentication of 'fasatsupport'. Skipped. -- referer: http://devwiki/authenticate.action?destination=/admin/users/browseusers.action | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate 2016-06-23 00:54:23,677 FATAL [TP-Processor1] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl -- referer: http://devwiki/doauthenticate.action | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate
Get the above error.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
And that tells you what is wrong - the AD directory is not available.
Your AD link is broken, or AD is not available. You need to fix that.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.