how to create a new group in confluence 3.5

how to create a new group in confluence 3.5

What is external directory.

image2016-5-11 14:18:10.png

 

1 answer

This widget could not be displayed.

Go to Admin -> User maintenance -> Groups and click "add".  If you're using internal users.

If it's external (AD, Crowd etc) then you'll need to add them in the external user directory system.

External directory needs to be created..?

I don't know.  You seem to have added a screenshot of your directory list to your question since I answered, but that doesn't tell me anything other than you have external directories.

"External directory needs to be created?" is something I can't answer.  Do you need another directory?  What has that got to do with adding users into existing directories?

We are not able to create group in confluence version 35.5. We tried giving AD- Foresters users  , read/write permission.

Now we are able to create with no error (earlier error used to be like failed to create server logs.)

but we are not able to view the group, although we don't get any error.

I'm sorry, but you need to explain what you're doing more clearly.

"able to create without error" - create what?  And where?

"not able to view the group" - again, where?

I m able to create group in confluence version 3.5 under manage groups tab.

How- Here is the answer->

--> I log in with administrator account and click on edit->site administration->manage groups(on left pannel) and Add Group.

After I click on Add Group link. I type in the name of the group and save. But after saving the group doesn't comes in the list of the groups.

This is my query. I m not able to view the group I created.

Let me know if you have any query.

So there's no error message, it looks like it's working when you add a group?

>"the group doesn't comes in the list of the groups"

Which list of groups?  Where are you looking for this list?

 

It is working when I add the group. But when I go back to the page manage groups. I am not able to find the group I created.

Ok, you'll need to read the log file to see what errors are being thrown when you click "add"

Users' is not functional during authentication of 'fasatsupport'. Skipped.  -- referer: http://devwiki/authenticate.action?destination=/admin/console.action?atl_token=5799195cec280386f18e45b7a282111807a8e3c1 | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate 2016-05-18 03:51:55,970 ERROR [TP-Processor2] [bucket.user.DefaultUserAccessor] createGroup com.atlassian.crowd.exception.embedded.InvalidGroupException: com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0  ]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0  ]; remaining name 'cn=bell tel, ou=Users,ou=foresters,dc=foresters,dc=local'  -- referer: http://devwiki/admin/users/browsegroups.action | url: /admin/users/creategroup.action | userName: fasatsupport | action: creategroup com.atlassian.user.impl.EntityValidationException: com.atlassian.crowd.exception.embedded.InvalidGroupException: com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0  ]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0  ]; remaining name 'cn=bell tel, ou=Users,ou=foresters,dc=foresters,dc=local

can you please let me know what settings needs to be changed. Its a bit urgent. Need to create the group. does this anything to be done on LDAP..?

I think the "no permission" is a bit of a giveaway - the user you've connected to LDAP with does not have the right to add groups

can you please explain in detail about the LDAP configuration. and what you mean to say.

 

You have configured JIRA to get its list of users from LDAP.

You have used an account in LDAP that can only read the users.

JIRA cannot write to LDAP, so it cannot create the groups.

Your options are

  1. Do the groups in LDAP
  2. Change the LDAP connection to allow the JIRA user to update LDAP

Thanks for the information. Can you please let me know one thing:- Is the below configuration setting will allow to create group. this is the current setting.

-----------------------------------------------------------------------------------------------------------------------

=== Current user === Directory ID: 65537 Username: fasatsupport Display name: Local ID for Fasat Support Team Email address:

=== Directories configured === Directory ID: 1179649 Name: AD - Foresters -Users Active: true Type: CONNECTOR Created date: 2011-12-28 13:02:44.047 Updated date: 2016-05-24 03:02:39.45 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes:     "autoAddGroups": ""     "com.atlassian.crowd.directory.sync.issynchronising": "false"     "com.atlassian.crowd.directory.sync.lastdurationms": "438"     "com.atlassian.crowd.directory.sync.laststartsynctime": "1464073359011"     "directory.cache.synchronise.interval": "3600"     "ldap.basedn": "ou=Users,ou=foresters,dc=foresters,dc=local"     "ldap.connection.timeout": "0"     "ldap.group.description": "description"     "ldap.group.filter": "(objectCategory=Group)"     "ldap.group.name": "cn"     "ldap.group.objectclass": "group"     "ldap.group.usernames": "member"     "ldap.local.groups": "false"     "ldap.nestedgroups.disabled": "true"     "ldap.pagedresults": "true"     "ldap.pagedresults.size": "1000"     "ldap.password": (not shown)     "ldap.pool.timeout": "0"     "ldap.propogate.changes": "true"     "ldap.read.timeout": "120000"     "ldap.referral": "true"     "ldap.relaxed.dn.standardisation": "true"     "ldap.roles.disabled": "true"     "ldap.search.timelimit": "60000"     "ldap.secure": "false"     "ldap.url": "ldap://fh-dc-02.foresters.local:389"     "ldap.user.displayname": "displayName"     "ldap.user.email": "mail"     "ldap.user.encryption": "sha"     "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"     "ldap.user.firstname": "givenName"     "ldap.user.group": "memberOf"     "ldap.user.lastname": "sn"     "ldap.user.objectclass": "user"     "ldap.user.password": (not shown)     "ldap.user.username": "sAMAccountName"     "ldap.user.username.rdn": "cn"     "ldap.userdn": "confluence_user@foresters.local"     "ldap.usermembership.use": "false"     "ldap.usermembership.use.for.groups": "false"

Directory ID: 27361281 Name: Active Directory server Active: true Type: CONNECTOR Created date: 2012-09-26 11:55:45.403 Updated date: 2016-05-24 03:02:39.2 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes:     "autoAddGroups": ""     "com.atlassian.crowd.directory.sync.issynchronising": "false"     "com.atlassian.crowd.directory.sync.lastdurationms": "125"     "com.atlassian.crowd.directory.sync.laststartsynctime": "1464073359074"     "directory.cache.synchronise.interval": "3600"     "ldap.basedn": "cn=Users,dc=foresters,dc=local"     "ldap.connection.timeout": "0"     "ldap.group.description": "description"     "ldap.group.filter": "(objectCategory=Group)"     "ldap.group.name": "cn"     "ldap.group.objectclass": "group"     "ldap.group.usernames": "member"     "ldap.local.groups": "false"     "ldap.nestedgroups.disabled": "false"     "ldap.pagedresults": "true"     "ldap.pagedresults.size": "1000"     "ldap.password": (not shown)     "ldap.pool.timeout": "0"     "ldap.propogate.changes": "true"     "ldap.read.timeout": "120000"     "ldap.referral": "true"     "ldap.relaxed.dn.standardisation": "true"     "ldap.roles.disabled": "true"     "ldap.search.timelimit": "60000"     "ldap.secure": "false"     "ldap.url": "ldap://fh-dc-02:389"     "ldap.user.displayname": "displayName"     "ldap.user.email": "mail"     "ldap.user.encryption": "sha"     "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"     "ldap.user.firstname": "givenName"     "ldap.user.group": "memberOf"     "ldap.user.lastname": "sn"     "ldap.user.objectclass": "user"     "ldap.user.password": (not shown)     "ldap.user.username": "sAMAccountName"     "ldap.user.username.rdn": "cn"     "ldap.userdn": "wasadmin@foresters.local"     "ldap.usermembership.use": "false"     "ldap.usermembership.use.for.groups": "false"

Directory ID: 983041 Name: AD- Users Active: true Type: CONNECTOR Created date: 2011-12-28 12:20:50.767 Updated date: 2016-05-24 03:22:39.113 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes:     "autoAddGroups": ""     "com.atlassian.crowd.directory.sync.issynchronising": "false"     "com.atlassian.crowd.directory.sync.lastdurationms": "31"     "com.atlassian.crowd.directory.sync.laststartsynctime": "1464074559081"     "directory.cache.synchronise.interval": "6000"     "ldap.basedn": "cn=Users,dc=foresters,dc=local"     "ldap.connection.timeout": "100000"     "ldap.group.description": "description"     "ldap.group.dn": "cn=Security Groups, cn=Groups"     "ldap.group.filter": "(objectCategory=Group)"     "ldap.group.name": "cn"     "ldap.group.objectclass": "group"     "ldap.group.usernames": "member"     "ldap.local.groups": "false"     "ldap.nestedgroups.disabled": "false"     "ldap.pagedresults": "true"     "ldap.pagedresults.size": "1000"     "ldap.password": (not shown)     "ldap.pool.timeout": "0"     "ldap.propogate.changes": "true"     "ldap.read.timeout": "200000"     "ldap.referral": "true"     "ldap.relaxed.dn.standardisation": "true"     "ldap.roles.disabled": "true"     "ldap.search.timelimit": "200000"     "ldap.secure": "false"     "ldap.url": "ldap://fh-dc-01.foresters.local:389"     "ldap.user.displayname": "displayName"     "ldap.user.dn": "cn=WebsenseUsers,cn=FHOffice Users,cn=Users"     "ldap.user.email": "mail"     "ldap.user.encryption": "sha"     "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"     "ldap.user.firstname": "givenName"     "ldap.user.group": "memberOf"     "ldap.user.lastname": "sn"     "ldap.user.objectclass": "user"     "ldap.user.password": (not shown)     "ldap.user.username": "sAMAccountName"     "ldap.user.username.rdn": "cn"     "ldap.userdn": "confluence_user@foresters.local"     "ldap.usermembership.use": "false"     "ldap.usermembership.use.for.groups": "false"

Directory ID: 65537 Name: Confluence Internal Directory Active: true Type: INTERNAL Created date: 2011-12-23 04:48:37.04 Updated date: 2013-03-13 08:42:49.42 Allowed operations: [UPDATE_GROUP, CREATE_GROUP, CREATE_USER, UPDATE_USER, DELETE_GROUP, UPDATE_ROLE, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_ROLE, UPDATE_ROLE_ATTRIBUTE, DELETE_USER] Implementation class: com.atlassian.crowd.directory.InternalDirectory Encryption type: atlassian-security Attributes:     "user_encryption_method": "atlassian-security"

 -----------------------------------------------------------------------------------------------------------------------------

thanks in advance. smile

I don't know LDAP well enough to answer that with any authority.

HI,

I was able to solve the above problem with the changing of the user directory to Read Only and created the group.

------------------------------------------------------------------------------------------------------------------------

Now there is a challenge I am facing again. We are not able to delete any user not created by local ID  but those who are part of AD.

Getting the  below error: Cannot delete the user , check the server log.

"at java.lang.Thread.run(Thread.java:662) Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user 'rakumar' because directory 'AD - Foresters -Users' does not allow updates.  at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.updateUser(ApplicationServiceGeneric.java:408)  at com.atlassian.crowd.embedded.core.CrowdServiceImpl.updateUser(CrowdServiceImpl.java:315)  ... 216 more s"

 

Need Help

You need to make the directory read/write - the user you're connecting with needs permission to delete users from the directory

I did that Directory set to Read/Write .But still getting error ..cannot delete and check your server log.

Check the AD logs to find out why AD is refusing to let you update the users.

I checked it. It still gives the same error.

FATAL [TP-Processor1] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl  -- referer: http://devwiki/authenticate.action?destination=/admin/users/browseusers.action | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate 2016-06-23 00:54:16,802 ERROR [TP-Processor1] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'AD- Users' is not functional during authentication of 'fasatsupport'. Skipped.  -- referer: http://devwiki/authenticate.action?destination=/admin/users/browseusers.action | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate 2016-06-23 00:54:23,677 FATAL [TP-Processor1] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl  -- referer: http://devwiki/doauthenticate.action | url: /doauthenticate.action | userName: fasatsupport | action: doauthenticate

 

Get the above error.

And that tells you what is wrong - the AD directory is not available.

Your AD link is broken, or AD is not available.  You need to fix that.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

253 views 2 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you