Unable to remove local groups from Confluence which contain deleted LDAP users
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
If Confluence is integrated with LDAP and users from LDAP have been associated with Confluence internal groups, users cannot be removed from groups if the orignal LDAP user has been deleted.
The following appears in the
java.lang.IllegalArgumentException: User unknown: [null] in [hibernateRepository] at com.atlassian.user.impl.hibernate.HibernateGroupManager.validateGroupAndUser(HibernateGroupManager.java:364) at com.atlassian.user.impl.hibernate.HibernateGroupManager.removeMembership(HibernateGroupManager.java:386) at com.atlassian.user.impl.cache.CachingGroupManager.removeMembership(CachingGroupManager.java:178) at com.atlassian.user.impl.delegation.DelegatingGroupManager.removeMembership(DelegatingGroupManager.java:234) at bucket.user.DefaultUserAccessor.removeMembership(DefaultUserAccessor.java:529) at com.atlassian.confluence.user.DefaultUserAccessor.removeMembership(DefaultUserAccessor.java:98) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
In order for Confluence to remove a group, it tries to access the user record of the user. This causes an error, as the user no longer exists. The most common reason for the above case is if a previous employee is no longer with the company, and their LDAP record gets removed from LDAP without first removing them from all Confluence groups.
Add a user with the same username as the deleted ldap user. You can do this by going to Confluence Admin> Manage Users. You can then disable login by ensuring that this new user belongs to no groups and does not have an entry in the Global Permissions.
This problem was resolved in Confluence 3.5 as per CONF-14104.