User cannot login to Confluence with LDAP synchronization enabled
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Symptoms
A User reports that they can not login to Confluence. You can see the user in your User Search in Confluence, however, if you navigate to user profile page, you will receive an error:
1
The following error(s) occurred: No user with the specified email address existsThe following errors appears in the atlassian-confluence.log from the user's attempted login(s):
1
2
2014-10-27 22:16:46,882 WARN [http-8090-91] [atlassian.seraph.auth.DefaultAuthenticator]
login login : 'user@domain.com' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.Diagnosis
You have configured LDAP with synchronization to establish users and groups in Confluence. You know that synchronization is working, you can validate that the user exists in both your Confluence's internal user tables and LDAP.
The first thing to do, is to verify that the user exists in the Confluence database:
1
SELECT * FROM cwd_user WHERE lower_user_name = '<name_of_user>';This will reveal the details of the user as they exist within the Confluence database. If the user's Active field is marked as T for true, then the user is active and in the system., but there is a problem with the user's record.
You can then check the user_mapping table to see if the user exists within the table or has an issue there:
1
SELECT * FROM user_mapping WHERE lower_username != username;This will highlight any users with mismatched entries in the user_mapping table, but may also show an edge case where a user rename may not have succeeded and the user cannot login.
1
SELECT * FROM user_mapping WHERE lower_username = '<name_of_user>';If this returns no records, then the user cannot login and cannot be found in your Confluence.
Cause
The cause in this case is not clear, but the issue is that the user record in the user_mapping table has become corrupted or has been nulled. The user cannot be found in Confluence and therefore, cannot login.
Solution
Resolution
Login as the Administrator for Confluence by selecting the
Cog icon and clicking the Confluence Admin link
Stand up a second LDAP directory that mirrors the LDAP already in use and configured in your instance
ℹ️ SEE: Connecting to an LDAP Directory for more information on LDAP configuration but this new directory must mirror the original directory
Insure that the original LDAP already in use is disabled in Confluence
Perform a full sync of the second (or mirrored, LDAP)
Flush the cache in Confluence by selecting the
Cog icon and clicking the Confluence Admin link
Click on the Administration section Link for Cache Statistics
Click the Flush All link at the bottom right of the Cache Statistics screen
Click on the Users link under Users & Security
Search for the user with the problem
Verify that the user's profile can be viewed
Remove the mirrored LDAP directory from your instance
Re-enable the previous LDAP instance
Your user should now be restored with all original groups from the directory and should be able to login
ℹ️ if you have a directory set to Read Only, with Local Groups, please be aware that local groups will need to be rebuilt in this case and users will need to be restored to each group.
Was this helpful?