By 'admin account', we are referring to the account that was setup during the Confluence setup wizard.

If you have just integrated Confluence with LDAP or Active Directory, but find yourself not being able to login with this account but instead get a 'not permitted' screen: here's the explanation and fix:

Explanation

This is caused by there being an account on LDAP with the same username as your admin account. (so for example, your Confluence admin account is 'admin' and there's a user on LDAP that also has username 'admin').

Fix

  1. Shutdown Confluence
  2. Open confluence/WEB-INF/classes/atlassian-user.xml in a text editor and comment out the LDAP statements for now. For example: 
    <atlassian-user>
    <repositories>

		<osuser key="osuserRepository" name="OSUser Repository"/>

        <!--
        <ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
			<host>hecate.atlassian.com</host>
			<port>389</port>
			<securityPrincipal>cn=admin,dc=atlassian,dc=private</securityPrincipal>
			<securityCredential>secret</securityCredential>
			<securityProtocol>plain</securityProtocol>
			<securityAuthentication>simple</securityAuthentication>
			<baseContext>dc=atlassian,dc=private</baseContext>

			<baseUserNamespace>dc=staff,dc=perftest,dc=atlassian,dc=private</baseUserNamespace>
			<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
			<usernameAttribute>cn</usernameAttribute>
			<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
			<firstnameAttribute>givenname</firstnameAttribute>
			<surnameAttribute>sn</surnameAttribute>
			<emailAttribute>mail</emailAttribute>
			<groupnameAttribute>cn</groupnameAttribute>
			<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
			<membershipAttribute>member</membershipAttribute>
		</ldap>
		-->

		<hibernate name="Hibernate Repository" key="hibernateRepository"  description="Hibernate Repository" />

    </repositories>
</atlassian-user>
    Notice the <!-- and --> symbols added before and after the <ldap> tags.
  3. Start up Confluence. You should now be able to login with your admin account
  4. Create another admin account that has a different name to the one that exists in LDAP or Active Directory.
  5. Undo the changes you made to atlassian-user.xml and restart Confluence.

Alternative Fix

Alternatively, you can either rename or remove the admin account present on LDAP or Active Directory. But if this is not an option, stick to the fix above.

  • No labels

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.