Users Cannot Log in when Using ConfluenceGroupJoiningAuthenticator or ConfluenceLDAPGroupJoiningAuthenticator

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

Failure when login to Confluence 3.5 when configured with ConfluenceGroupJoiningAuthenticator or ConfluenceLDAPGroupJoiningAuthenticator.

The following error is shown in the logs:

1 2 3 4 5 6 java.lang.NullPointerException at com.atlassian.crowd.embedded.core.CrowdServiceImpl.isUserMemberOfGroup(CrowdServiceImpl.java:265) at com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator.addUserToGroup(ConfluenceGroupJoiningAuthenticator.java:59) at com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator$1.doInTransactionWithoutResult(ConfluenceGroupJoiningAuthenticator.java:48) at org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)

Cause

This is caused by a null pointer exception in com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator and com.atlassian.confluence.user.ConfluenceLDAPGroupJoiningAuthenticator, which are unable find local confluence-administrator group.

Workaround

  1. Find the authenticator element in your <Confluence-Installation-Directory>/confluence/web-inf/classes/seraph-config.xmlfile and replace this element with the default Confluence Authenticator:

    1 <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>

    ℹ️ This authenticator will not add any users to confluence-users automatically

  2. Restart Confluence is required for the default authenticator to be activated.

Resolution

Login as a confluence administrator:

  1. Go to the 'Administration Console' and click 'User Directories' in the left-hand panel.

    (Auto-migrated image: description temporarily unavailable)

  2. A user list of user directories will be shown Click 'Edit' next to the directory you want to have users automatically added to a group.

  3. Under the 'LDAP Permissions' section, ensure the 'Read Only with Local Groups' option is selected.

  4. Then type in the group name in the 'Default Group memberships' field (eg 'confluence-users').

  5. Click the 'Test Settings' then the 'Save' button at the bottom of the screen.

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSymptomsCauseWorkaroundResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community