Automatically adding users into groups when users first login does not work

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問


プラットフォームについて: サーバーと Data Center のみ。この記事は、サーバーおよび Data Center プラットフォームのアトラシアン製品にのみ適用されます。

問題

When connecting Confluence to an external user directory, Confluence has a setting to automatically add users into Default Groups when users first login:

However, when users login, they are not automatically assigned to this group. This usually accompanied by getting "Not Permitted" error as usually the group assigned is the group that has the "Can-Use" permission.

atlassian-confluence.log に次の内容が記録される。

2019-03-13 12:27:04,562 ERROR [http-nio-26141-exec-3] [core.event.listener.AutoGroupAdderListener] handleEvent Could not auto add user to group: Group <confluence-users> is read-only and cannot be updated
 -- referer: http://localhost:26141/c6141/dologin.action | url: /c6141/dologin.action | traceId: 5a4b7669ec417ff8
com.atlassian.crowd.exception.ReadOnlyGroupException: Group <confluence-users> is read-only and cannot be updated
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addUserToGroup(DbCachingRemoteDirectory.java:727)
	at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addUserToGroup(DirectoryManagerGeneric.java:633)
	at com.atlassian.crowd.core.event.listener.AutoGroupAdderListener.handleEvent(AutoGroupAdderListener.java:86)
	at com.atlassian.crowd.core.event.listener.AutoGroupAdderListener.handleEvent(AutoGroupAdderListener.java:53)
	...

診断

  • User directory is a Connector with Read Only, with Local Groups permission
  • User Directory is a Delegated directory (Internal with LDAP Authentication)
    • Copy User on Login has been ticked

原因

A group with the same name exists in LDAP side. This causes users unable to be added to the groups automatically. For the example error message above, the issue is due to there's already exist a group in LDAP side with the name "confluence-users"

ソリューション

In order for automatically assign users into groups in Confluence when they first login to work, the group should not exist in LDAP side. 

The resolution is either to

  • Delete the group in LDAP side
  • Manual group assignment, as well as changing the Permission to 
    • Read Only (The group assignment is only done in LDAP side) or 
    • Read and Write (Allow Confluence to change group membership to LDAP side)


説明Default Group Memberships setting in Confluence does not work and users are not automatically assigned to groups when they logged in
製品Confluence
Last modified on Mar 13, 2019

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.