Troubleshooting the "Not Permitted" Screen under LDAP Integration
You have set up Confluence with an LDAP User Directory. Upon logging in with an LDAP/AD account, "Not Permitted" is displayed.
2015-01-02 09:37:11,864 WARN [http-bio-8090-exec-9] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'user.name' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
Run the query below on your Confluence database:
SELECT o.list_index, d.active, d.id as DirectoryID, d.directory_name, d.directory_type, u.id as UserID, u.user_name, g.id as GroupID, g.group_name FROM cwd_user u LEFT JOIN cwd_directory d ON u.directory_id = d.id LEFT JOIN cwd_membership m ON u.id = m.child_user_id LEFT JOIN cwd_group g ON g.id = parent_id LEFT JOIN cwd_app_dir_mapping o ON d.id=o.directory_id where user_name='<affected user>' ORDER BY 2 DESC, 1 ASC;
Check whether the user is assigned to any Group that has the Can use permission at Global Permissions
The user is not assigned to any default group (confluence-users or confluence-administrators) or any other group that has the Can Use permission.
When configuring the directory, you can choose to make it read only, read only with local groups, or read/write. If you choose read/write, any changes made to user and group information in the application will also update the LDAP directory.
- If your Directory is Configured to Read-only, you will need to add the confluence-users group into your LDAP manually.
- If read only with local groups, or read/write, you can manually assign the group to the user in confluence user management
(Login as a Confluence administrator and go to Confluence Admin>>> Groups)
Users from LDAP are added to groups maintained in Confluence's internal directory the first time they log in. This is only done once per user. There is a known issue with Read Only, with Local Groups in Confluence that may apply to you. To do that, set the Default Group Memberships to confluence-users, so whenever a new user logs in, he/she will be automatically added to the confluence-users group.