Unable to manage groups when integrated with LDAP in Confluence 3.4 or earlier
This document only applies to Confluence 3.4 and earlier. For help with later versions please visit http://support.atlassian.com
Symptoms
When managing a group, the message appears:
You must have system administrator privileges to update the membership of a group with system administrator permissions
When viewing the Global Permissions, a message in red reports Group not found:
The following appears in the atlassian-confluence.log
:
2010-12-09 17:23:07,629 ERROR [http-8081-2] [atlassian.confluence.user.DefaultUserAccessor] isReadOnly Error determining if Group [some group] is readonly
-- referer: http://domain.com:8081/admin/users/browsegroups.action?startIndex=100 | url: /admin/users/browsegroups.action | userName: someuser | action: browsegroups
com.atlassian.user.impl.RepositoryException: Exception when retrieving LDAP group Some group (base DN: ou=Groups,OU=Accounts,DC=domain,DC=com. filter: (&(cn=some group)(objectClass=group)))
at com.atlassian.user.impl.ldap.adaptor.AbstractLDAPGroupAdaptor.getGroup(AbstractLDAPGroupAdaptor.java:79)
at com.atlassian.user.impl.ldap.LDAPGroupManagerReadOnly.getGroup(LDAPGroupManagerReadOnly.java:48)
at com.atlassian.user.impl.cache.CachingGroupManager.getGroup(CachingGroupManager.java:124)
at com.atlassian.user.impl.delegation.DelegatingGroupManager.isReadOnly(DelegatingGroupManager.java:258)
at com.atlassian.confluence.user.DefaultUserAccessor.isReadOnly(DefaultUserAccessor.java:411)
...
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'OU=Accounts,DC=domain,DC=com'
Cause
The LDAP configuration for group or user base is invalid in atlassian-user.xml: There is no such node to base either user searches or group searches off.
Resolution
Double check that the configuration listed in atlassian-user.xml is accurate. Of note is the base context, base usernamespace, and base groupnamespace.