I have tried to follow the documentation provided at
https://confluence.atlassian.com/display/DOC/Restoring+Passwords+To+Recover+Admin+User+Right
however this did not lead to a solution.
I think there might actually be some other issue because many other individuals are unable to log in.
All that I am able to see on the website is the login screen with constant, username/password are incorrect.
That suggests the user directory has dropped the affected users. Do any of you have admin access? If so, can you check the user directory page and test all of the servers?
If you don't have access, or you're not using external directories, the main thing to check is the application log file - are there any user or user directory related errors in there?
I asked around and everyone that we had setup accounts for were unable to login. So it does seem to have something to do with the login step.
I checked through the logs folder in the confluence storage directory and found this line
login login : 'admin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
Where is the application log file stored generally?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It's under <confluence home>/logs but I suspect you've found it as the warning line there is one that goes into the log.
What user directory are you using?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm not to sure what you mean by user directory. I did notice that when I was looking at the database when trying https://confluence.atlassian.com/display/DOC/Restoring+Passwords+To+Recover+Admin+User+Right I only noticed one directory. So sounds like there aren't any user directories?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Confluence needs to have somewhere to get its list of users from - that's a user directory. It can handle many, so you could actually tell it to use several external sources for these directories, but for people who don't want to have any external source, Confluence ships with "embedded Crowd", which is a cut-down version of Atlassian's Crowd product.
Whatever the source of users, it caches a lot of the information in the embedded Crowd system. If you have not enabled any external directories, then the embedded Crowd is going to be the only place to look, and if you only saw one directory, it will be that one. I assume you looked at the table cwd_directory and found only one line?
The problem I have now is that the document you've pointed to is the only one that works. It looks like you've reset the password for admin ok, but it looks like they're not in the right groups - the "does not have use permission" implies they're not in confluece-administrators. The doc tells you how to fix that as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So i went through the instruction again, paying close attention to the tabling being modified.
I deleted the current admin and followed through the steps to create another as well as setting up the groups for the user.
This came to the same result though, any last ideas?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hmm. That might be suggesting that the admin group does not have the right global permission. Admins can always log in, irrespective of most access, so "cannot use" suggests that the admin group is no longer really an admin group.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hmm sounds quite troubling. I suppose then is there some other database operations that I can do to get you more information in helping setting the admins group to admin?
Or have we really reached the options available?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Check the cwd_membership to see what groups the admin user belongs to.
Then compare it with globalpermissionentry to ensure that the admin is in at least one group with SYSTEM_ADMIN permission
For example
Screen Shot 2016-10-24 at 17.34.35.png
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I was able to find the cwd_membership table, however I could not find a gloalpermissionentry table.
I did find a spacepermissions, but that sounds like permissions for the spaces aspect of confluence.
Additionally I found a content_perm table, however it contained nothing, it did have the headers
(id, cp_type, username, groupname, cps_id, creator, creationdate, lastmodifier, lastmoddate)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Argh, I'm so sorry, went into JIRA mode and got totally the wrong database!
Read the table spacepermissions where spaceid = null
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Looking at the spacepermissions the spaceid is empty for each row.
I tried to add the user id i have into the table, however I'm certain how. Looks like I need to create a space?
So I'm bit lost on where to go from here.
The spacepermissions table did have many entires. one such example is
permid | space id | permtype | permgroupname | permusername | creator | creationdate | lastmodier
12342 | | personal space | confluence-administrators | | | 2015-11-24 | |
So to me it seems odd that the permusername and space id is empty.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, that's half correct.
This table contains the permissions for each space, but Atlassian have re-used it for the global permissions, by adding records with a null space id. The line you've got there is saying "the group confluence-administrators has the create-personal-space permission". Look for the one that has "system administration" in it - there should be at least one, and it should have a group that your admin user is in.
It does not work for users, only groups.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I found the SYSTEMADMINISTRATOR permtype within the spacepermissions table. That row also has confluence-administrators for the permgroupname.
Inside the cwd_group table the group_name confluence-administrators has id 888888 and active T. Additionally in the cwd_membership table there is a entry of
id , parent_id, child_group_id, child_user_id
(888888, 999999, , 1212121)
and lastly in the cwd_user table there is one user with the id of 1212121, user_name admin, and credential equal to the one I copied from the instructions above.
So that seems to indicate that there is a user admin with the password provided in the instructions above. Which the admin user is a member of the confluence-administrators group, which also has systemadministrator permissions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.