This page last changed on May 01, 2007 by david.soul@atlassian.com.
For answers relating to LDAP User Management, click on any query below.
Troubleshooting
I just added LDAP integration, why can't I login using my original account?
If there is an LDAP user with the same username as your administrator account, you must now use their password to login. LDAP logins override internal logins.
Why do my LDAP users sees 'Not Permitted' screens when they login?
To login, the user must be a member of one or more groups that have been granted 'Can Use' permission from the Administration -> Global Permissions -> Group Permissions.
Confluence fails to start with error 'Error creating bean with name 'userManager' defined in class path resource [atlassianUserContext.xml]'?
Your atlassian.xml file may contain filters with characters that must be escaped from XML. Check here for details.
Editing a user under Administration -> Manage Users throws an error 'org.apache.velocity.exception.MethodInvocationException'
If you see an error:
"org.apache.velocity.exception.MethodInvocationException: Invocation of method 'isUserDeactivated' in class com.atlassian.confluence.user.actions.ViewUserAction threw exception class java.lang.NullPointerException : null"
You should open \confluence\WEB-INF\classes\atlassian-user.xml and check that your Hibernate Repository is not wrapped in a comment tag (<!-- and -->). The line to uncomment is:
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" />
After setting up LDAP, I cannot see LDAP users or groups from the Confluence user or group browser
Are your users or groups located in subtrees beneath the directory returned by the search filter? If so, you may need to add <usersearchalldepths>TRUE</usersearchalldepths> or <groupsearchalldepths>TRUE</groupsearchalldepths> to your altassian-user.xml See Map LDAP Users and Groups for details.
Cannot edit user groups under Administration -> Manage Users as nothing happens
If nothing happens when you add or remove membership to an internal group, you should check that your OSUser Repository is commented out as described in Add LDAP Integration With Group Management. To do so, go to your Confluence install directory and open \confluence\WEB-INF\classes\atlassian-user.xml. Find the entry below.
If not commented out, you should stop Confluence then remove or comment out that line.
Cannot edit groups for LDAP users
Confluence has read-only access to LDAP groups, they cannot be updated from within Confluence. However you should be able to edit the internal group memberships for all users. If nothing happens when you add or remove membership to an internal group, you should check that your OSUser Repository is commented out as described in Add LDAP Integration With Group Management. To do so, go to your Confluence install directory and open \confluence\WEB-INF\classes\atlassian-user.xml. Find the entry below.
If not commented out, you should stop Confluence then remove or comment out that line.
I cannot see an LDAP/AD group in Confluence
Is the group in a subtree? If so, you will need to edit atlassian-user.xml and add a groupSearchAllDepths=true parameter to the LDAP repository to set Confluence to search subtrees of the base group namespace. See Map LDAP Users and Groups for details.
I cannot get my LDAP to work, where can I get technical support?
General Questions
How can I enable LDAP?
Are all users in LDAP visible in Confluence administration? Can they can be assigned groups/permissions?
All LDAP users with 'Can Use' permission can be viewed from the user browser, even if they have never logged in. When an LDAP user logs in for the first time, a Confluence user account is created automatically to store their information. You have read-only access to LDAP groups, and can add/remove Confluence internal groups to any user.
How are LDAP/AD users counted toward my license limit?
Your user count is determined by the number of internal users plus the number of LDAP users who can potentially login. LDAP users that are a member of an LDAP group with 'Can Use' permission granted in Confluence can all potentially login, which means that all members of groups with this permission granted will be counted towards your license. To manage your license usage, only grant login permission to AD groups where all members need accounts. You may like to setup a special confluence LDAP group if no combination of your existing groups is suitable.
When a user is deleted from LDAP, how does Confluence handle this? Is the user's assignment to one or more groups still visible?
Users are not deleted from Confluence, but their logins are disabled within one hour as they expire in the cache. Only non-LDAP groups are retained. Refer to the overview for more detail.
How can I assign an LDAP user a Confluence account?
LDAP groups or users granted 'Can Use' permission under 'Global Permissions' can login to Confluence.
Can we user LDAP and Confluence groups simultaneously, as a "mixed mode", where some groups are kept in Confluence and others in LDAP?
If a user is in Confluence with one password, and an LDAP user with the same username is added, which password gets used?
The LDAP login has priority over the Confluence login. If LDAP 'Can Use' permission is removed or the user is deleted, the Confluence login will still work.
I enabled LDAP and some users are now returned twice under the user browser
Active Directory Questions
Can it make distinctions between security and distribution groups, or group types?
No, Confluence has no group types. However, you can configure Confluence to only recognise some of these groups over others. For example, you can configure Confluence to only recognise distribution groups. this is done by adjusting the groupSearchFilter in your atlassian-user.xml file.
Can group memberships be retrieved from multi-domain forests?
Not without an LDAP proxy to combine multiple LDAP repositories
Can Confluence support multiple Active Directory repositories?
Can it handle nesting?
No, each child group must be individually specified instead. You may wish to vote towards support for nested groups at CONF-6755.
Other Questions
For troubleshooting, please create a problem report. General enquiries should be posted to a support ticket
|