Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User can log in but is not added to confluence-users group

Fajar Suryawan
Fajar Suryawan
Contributor
July 10, 2014

Some LDAP users were just added as users of confluence, and the LDAP Permissions are set to "Read Only, with Local Groups ". Those LDAP user can log in but he/she isn't added to the confluence-users group (it used to be the case). Nor he/she is in the confluence-users group member listing.

Furthermore, we also have this related problem. A user, say abc123, is listed in the confluence-users member listing, the kind you have from https://confluence.example.com/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users.

But when you click that user's name, which brings you to https://confluence.example.com/admin/users/viewuser.action?username=abc123, it says "This user isn't in any groups." Strange.

Some user can still log in and is a valid member of confluence-users group.

Where should I start to troubleshoot this problem?

Answer
Watch
Like Be the first to like this
946 views

1 answer

1 accepted

0 votes
Answer accepted
Fajar Suryawan
Fajar Suryawan
Contributor
July 11, 2014

Problems solved. This was our mistake in the LDAP configuration.

We use Confluence 5.4.4 with permissions set to "Read Only, with Local Groups ".

Lessons we learned (not necessarily the best practice or even correct, so your comments are most welcome):

  • Do not make a group called 'confluence-users' in the LDAP server (intended for confluence), since confluence will confuse it and unexpected things can happen.
  • Do make the "Default Group Memberships" be 'confluence-users' in LDAP Permissions.
  • To filter in users of confluence in the LDAP (in our company, not everyone in the 'ou=Employee' have access to confluence), we're not using groups, but instead we use filter like title=cnf. So one with a title attribute set to 'cnf' will generally have access to confluence. (Thank you pak Suyadi Abu Farros.)
  • The new users will join (internal) confluence-users group upon login.
  • If you want, as an admin, you can assign any groups (including confluence-users) to any user even if they haven't logged-in yet.

I'd be grateful if someone can point out a number of best practices pertaining to this issue.

Thanks!

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.