Unable to manage groups when integrated with LDAP in Confluence 3.4 or earlier
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
This document only applies to Confluence 3.4 and earlier. For help with later versions please visit http://support.atlassian.com
Symptoms
When managing a group, the message appears:
You must have system administrator privileges to update the membership of a group with system administrator permissions
When viewing the Global Permissions, a message in red reports Group not found:
The following appears in the atlassian-confluence.log:
1
2
3
4
5
6
7
8
9
10
11
2010-12-09 17:23:07,629 ERROR [http-8081-2] [atlassian.confluence.user.DefaultUserAccessor] isReadOnly Error determining if Group [some group] is readonly
-- referer: http://domain.com:8081/admin/users/browsegroups.action?startIndex=100 | url: /admin/users/browsegroups.action | userName: someuser | action: browsegroups
com.atlassian.user.impl.RepositoryException: Exception when retrieving LDAP group Some group (base DN: ou=Groups,OU=Accounts,DC=domain,DC=com. filter: (&(cn=some group)(objectClass=group)))
at com.atlassian.user.impl.ldap.adaptor.AbstractLDAPGroupAdaptor.getGroup(AbstractLDAPGroupAdaptor.java:79)
at com.atlassian.user.impl.ldap.LDAPGroupManagerReadOnly.getGroup(LDAPGroupManagerReadOnly.java:48)
at com.atlassian.user.impl.cache.CachingGroupManager.getGroup(CachingGroupManager.java:124)
at com.atlassian.user.impl.delegation.DelegatingGroupManager.isReadOnly(DelegatingGroupManager.java:258)
at com.atlassian.confluence.user.DefaultUserAccessor.isReadOnly(DefaultUserAccessor.java:411)
...
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'OU=Accounts,DC=domain,DC=com'
Cause
The LDAP configuration for group or user base is invalid in atlassian-user.xml: There is no such node to base either user searches or group searches off.
Resolution
Double check that the configuration listed in atlassian-user.xml is accurate. Of note is the base context, base usernamespace, and base groupnamespace.
Was this helpful?