Problem

If Confluence is integrated with LDAP and users from LDAP have been associated with Confluence internal groups, users cannot be removed from groups if the orignal LDAP user has been deleted.

The following appears in the atlassian-confluence.log:

java.lang.IllegalArgumentException: User unknown: [null] in [hibernateRepository]
	at com.atlassian.user.impl.hibernate.HibernateGroupManager.validateGroupAndUser(HibernateGroupManager.java:364)
	at com.atlassian.user.impl.hibernate.HibernateGroupManager.removeMembership(HibernateGroupManager.java:386)
	at com.atlassian.user.impl.cache.CachingGroupManager.removeMembership(CachingGroupManager.java:178)
	at com.atlassian.user.impl.delegation.DelegatingGroupManager.removeMembership(DelegatingGroupManager.java:234)
	at bucket.user.DefaultUserAccessor.removeMembership(DefaultUserAccessor.java:529)
	at com.atlassian.confluence.user.DefaultUserAccessor.removeMembership(DefaultUserAccessor.java:98)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Cause

In order for Confluence to remove a group, it tries to access the user record of the user. This causes an error, as the user no longer exists. The most common reason for the above case is if a previous employee is no longer with the company, and their LDAP record gets removed from LDAP without first removing them from all Confluence groups.

Workaround

Add a user with the same username as the deleted ldap user. You can do this by going to Confluence Admin> Manage Users. You can then disable login by ensuring that this new user belongs to no groups and does not have an entry in the Global Permissions.

Resolution

This problem was resolved in Confluence 3.5 as per CONF-14104.