Unable to remove user from group(or Confluence) with "UserNotFoundException: User <USER_NAME> does not exist" thrown in the log

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Problem

When trying to remove a user from the group they belong to or from Confluence via the steps below:

The error message below appears:

  • Could not remove user 'USER_NAME' as a member of group 'GROUP_NAME'. Check your server logs for more information.


The following appears in the atlassian-confluence.log:

Remove from User Admin Page
2019-04-05 12:10:11,998 ERROR [http-nio-8090-exec-3] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'USER_NAME' as a member of 'GROUP_NAME'
 -- referer: http://<CONFLUENCE_URL>/admin/users/editusergroups.action | url: /admin/users/editusergroups.action | traceId: d885dc5cfdf3129f | userName: admin | action: editusergroups
com.atlassian.user.EntityException: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.removeMembership(EmbeddedCrowdGroupManager.java:223)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
...

OR 

Remove from Group Admin Page
2019-04-05 12:12:01,963 ERROR [http-nio-8090-exec-8] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'USER_NAME' as a member of 'GROUP_NAME'
 -- referer: http://<CONFLUENCE_URL>/admin/users/removeuserfromgroup.action?atl_token=62d26c95642d4d12967dbf970f4556ddabe0794b&membersOfGroupTerm=GROUP_NAME&username=USER_NAME | url: /admin/users/removeuserfromgroup.action | traceId: 88b5543a61debd05 | userName: admin | action: removeuserfromgroup
com.atlassian.user.EntityException: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.removeMembership(EmbeddedCrowdGroupManager.java:223)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
...

(info) The USER_NAME and GROUP_NAME will be the respective user and group that you're trying to edit.

Diagnosis

Environment

  • Confluence is connected with External Directory under either condition below:

    • Delegated External Directory
    • Read Only with Local Groups
    (info) Both of the situations above allow Confluence to have Internal Group and Local Group

Diagnostic Steps

  • Run the SQL Query below to find if you have incorrect pair of User and Group in cwd_membership table:

    select cm.id, cm.parent_id, cg.group_name, cg.directory_id as group_directory_id, cm.child_user_id, cu.user_name, cu.directory_id as user_directory_id 
    from cwd_membership cm
    join cwd_user cu on cu.id=cm.child_user_id
    join cwd_group cg on cg.id=cm.parent_id
    where cg.directory_id != cu.directory_id
    and cu.user_name='<USER_NAME>';

    (info) Replace <USER_NAME> with the affected user's username.

Only if the query above return with any result(s), the user is affected by this issue and should follow the Resolution steps to manually remove the group membership.

Cause

By right, the user from External Directory is located in the Internal Group that belongs to Internal Directory or vice versa. An incorrect entry will cause Confluence to still recognize the membership of the user in permission or restriction setting, but admin will not be able to remove them from the incorrect group memberships.

User from the External Directory must be in the Local Group that belongs to the External Directory, while user from Internal Directory must be in the Internal Group that belongs to the Internal Directory.

(info) Below are some definitions of the Local Group vs Internal Group:

Local GroupA group that exists in External Directory but is being managed locally in Confluence
Internal GroupA group that exists in the Confluence Internal Directory


Resolution

Manually remove the incorrect entry in the cwd_membership table using the SQL query below:

Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

delete from cwd_membership where id=<ID_FROM_DIAGNOSTIC_STEP>;

(info) Replace the <ID_FROM_DIAGNOSTIC_STEP> using the id from Diagnostic step above


DescriptionUnable to remove user from group when Group Membership is set wrongly
ProductConfluence

Last modified on Nov 19, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.