Symptoms

Confluence is configured to use local groups, as described in Add LDAP Integration For User Authentication Only. LDAP users can login, but exceptions appear in the atlassian-confluence.log:

2011-02-07 09:21:44,826 ERROR \[http-8081-1] \[bucket.user.DefaultUserAccessor] hasMembership Exception when retrieving LDAP group confluence-administrators (base DN: ou=atlassian,dc=admin,dc=atlassian,dc=com, filter: (&(cn=confluence-administrators)(objectClass=dummy)))
 -- referer: http://localhost:8081/conf333/login.action?os_destination=%2Fdashboard.action | url: /conf333/dashboard.action | userName: Administrator

Cause

Confluence expects to retrieve a valid DN for baseGroupNamespace but the DN is non existent.

Resolution

Despite that Confluence is configured to have User Authentication only (see Add LDAP Integration For User Authentication Only), it still requires a valid baseGroupNamespace DN.

On a separate note, because Confluence performs groups searches quite frequently it is important to configure the baseGroupNameSpace to a valid DN without many child nodes (eg. an individual user DN). Failure to do so will drag Confluence performance.