This page last changed on Mar 22, 2007 by ganand.
For answers relating to LDAP User Management, click on any query below.
Troubleshooting
I just added LDAP integration, why can't I login using my original account?
If there is an LDAP user with the same username as your administrator account, you must now use their password to login. LDAP logins override internal logins.
Why do my LDAP users sees 'Not Permitted' screens when they login?
To login, the user must be a member of one or more groups that have been granted 'Can Use' permission from the Administration -> Global Permissions -> Group Permissions.
Confluence fails to start with error 'Error creating bean with name 'userManager' defined in class path resource [atlassianUserContext.xml]'?
Your atlassian.xml file may contain filters with characters that must be escaped from XML. Check here for details.
Editing a user under Administration -> Manage Users throws an error 'org.apache.velocity.exception.MethodInvocationException'
If you see an error:
"org.apache.velocity.exception.MethodInvocationException: Invocation of method 'isUserDeactivated' in class com.atlassian.confluence.user.actions.ViewUserAction threw exception class java.lang.NullPointerException : null"
You should open \confluence\WEB-INF\classes\atlassian-user.xml and check that your Hibernate Repository is not wrapped in a comment tag (<!-- and -->). The line to uncomment is:
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" />
After setting up LDAP, I cannot see LDAP users or groups from the Confluence user or group browser
Are your users or groups located in subtrees beneath the directory returned by the search filter? If so, you may need to add <usersearchalldepths>TRUE</usersearchalldepths> or <groupsearchalldepths>TRUE</groupsearchalldepths> to your altassian-user.xml See Map LDAP Users and Groups for details.
Cannot edit user groups under Administration -> Manage Users as nothing happens
You should open \confluence\WEB-INF\classes\atlassian-user.xml and check that your OSUser Repository is commented out. If the line <osuser key="osuserRepository" name="OSUser Repository"> is not inside <!-- and --> tags, stop Confluence and replace the line with <!-- <osuser key="osuserRepository" name="OSUser Repository"> -->
I cannot see an LDAP/AD group in Confluence
Is the group in a subtree? If so, you will need to edit atlassian-user.xml and add a groupSearchAllDepths=true parameter to the LDAP repository to set Confluence to search subtrees of the base group namespace. See Map LDAP Users and Groups for details.
I cannot get my LDAP to work, where can I get technical support?
General Questions
How can I enable LDAP?
Are all users in LDAP visible in Confluence administration? Can they can be assigned groups/permissions?
All LDAP users with 'Can Use' permission can be viewed from the user browser, even if they have never logged in. When an LDAP user logs in for the first time, a Confluence user account is created automatically to store their information. You have read-only access to LDAP groups, and can add/remove Confluence internal groups to any user.
When a user is deleted from LDAP, how does Confluence handle this? Is the user's assignment to one or more groups still visible?
Users are not deleted from Confluence, but their logins are disabled within one hour as they expire in the cache. Only non-LDAP groups are retained. Refer to the overview for more detail.
How can I assign an LDAP user a Confluence account?
LDAP groups or users granted 'Can Use' permission under 'Global Permissions' can login to Confluence.
Can we user LDAP and Confluence groups simultaneously, as a "mixed mode", where some groups are kept in Confluence and others in LDAP?
If a user is in Confluence with one password, and an LDAP user with the same username is added, which password gets used?
The LDAP login has priority over the Confluence login. If LDAP 'Can Use' permission is removed or the user is deleted, the Confluence login will still work.
I enabled LDAP and some users are now returned twice under the user browser
Active Directory Questions
Can it make distinctions between security and distribution groups, or group types?
No, Confluence has no group types. However, you can configure Confluence to only recognise some of these groups over others. For example, you can configure Confluence to only recognise distribution groups. this is done by adjusting the groupSearchFilter in your atlassian-user.xml file.
Can group memberships be retrieved from multi-domain forests?
Not without an LDAP proxy to combine multiple LDAP repositories
Can Confluence support multiple Active Directory repositories?
Can it handle nesting?
No, each child group must be individually specified instead. You may wish to vote towards support for nested groups at CONF-6755.
Other Questions
For troubleshooting, please create a problem report. General enquiries should be posted to a support ticket
|