Trying to add Confluence users to a group throws "<directory> does not allow updates" error in logs

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

アトラシアン社外秘

この記事は未検証なのでお客様と共有できません。

症状

When trying to add users into a group, the user cannot be added, and the following popup appears:

and the following error log appears in the atlassian-confluence.log:

2012-09-20 07:03:09,718 INFO [read-only-transaction:thread-1] [atlassian.confluence.user.DefaultUserAccessor] getUserNamesWithConfluenceAccess Could not find group configured with USE permission: null
2012-09-20 07:05:29,343 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] addMembership Failed to add '<username>' as a member of '<group-name>'
 -- referer: http://<confluence-url>/admin/users/docreateuser.action | url: /admin/users/docreateuser.action | userName: admin | action: docreateuser
com.atlassian.user.EntityException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update group '<group-name>' because directory '<user-directory-name>' does not allow updates.
...
Caused by: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update group '<group-name>' because directory '<user-directory-name>' does not allow updates.

Feature request raised to improve the error message being thrown in the UI:  CONFSERVER-54111 - Getting issue details... STATUS

原因

The affected user directory does not have permission to perform the required tasks (e.g., creating, editing, and deleting a group/user, etc.). 

外部ディレクトリ

Use the following steps to diagnose and resolve the issue if you have problems adding External Directory users to a group. If the issue is with Internal Directory, skip the steps below and continue with the workaround under the title Internal Directory below.

Diagnosis (External Directory)

  1. Log in to Confluence as an admin user on the local Confluence directory.

  2. Navigate to  > Confluence Admin User Directories.

  3. Click Edit on the user directory where the affected user is from.
  4. Under Permissions, check what is the permission of this current directory, follow the steps below for each permission accordingly below:

Resolution (External Directory)

Resolution 1 - Permission set to Read-Only:

Change the Directory Permissions to Read-Only with Local Groups or Read and Write:

  • Read-Only with Local Groups permission will allow you to associate LDAP/External users with local Confluence groups. Changes will not be reflected on the LDAP/External side
  • Read and Write permission will allow you to assign LDAP users to any groups. Changes will be reflected in the LDAP/External side.

Resolution 2 - Permission set to Read-Only with Local Groups:

Should the issue persists when the External Directory permission has already been set to Read-Only with Local Groups, This means that the group that we're inserting the user into already exists in LDAP side. Confluence Admins will not be able to add users into groups that already exist on the LDAP side. Choose either the following as a solution:

  • Change the Directory Permissions to Read and Write.
  • Add the user-group membership from the LDAP side.
  • Remove the group from the LDAP side.

内部ディレクトリ

Use the following steps to diagnose and resolve the issue if you are having problems adding a local Confluence user to a Confluence group:

Diagnosis (Internal directory)

Run the following SQL queries against the Confluence database:

Query 1 
SELECT COUNT(*)
FROM CWD_DIRECTORY_OPERATION O, CWD_DIRECTORY D
WHERE O.DIRECTORY_ID = D.ID
  AND D.DIRECTORY_NAME = 'Confluence Internal Directory';
Query 2 
SELECT COUNT(*)
FROM
  CWD_APP_DIR_OPERATION O,
  CWD_APP_DIR_MAPPING M,
  CWD_DIRECTORY D
WHERE O.APP_DIR_MAPPING_ID=M.ID
  AND M.DIRECTORY_ID = D.ID
  AND D.DIRECTORY_NAME = 'Confluence Internal Directory';
Using SQL Server 
Query 1 
SELECT COUNT(*)
FROM dbo.cwd_directory_operation O, dbo.cwd_directory D
WHERE O.directory_id = D.id
  AND D.directory_name = 'Confluence Internal Directory';
Query 2 
SELECT COUNT(*)
FROM
  dbo.cwd_directory_operation O,
  dbo.cwd_app_dir_mapping M, 
  dbo.cwd_directory D    
WHERE O.app_dir_mapping_id=M.id 
  AND M.directory_id=D.id        
  AND D.directory_name = 'Confluence Internal Directory';



Depending on your output to these queries, proceed to the following resolution below:

  • If the output is 12 for both queries: Go to Resolution 1.
  • If the output is less than 12 for either query: Go to Resolution 2 (only for Confluence 3.5.x and above).

Resolution 1 (Internal directory)

Flush Confluence's cache by going to  > General ConfigurationCache Statistics and click Flush All.

Resolution 2 (Internal directory)

データベースの変更を行う場合は必ず事前にバックアップを取得してください。可能な場合は、まずステージング サーバーで SQL コマンドの変更、挿入、更新、または削除を行うようにします。

If "Query 1" returns a value less than 12:

ここをクリックして展開...

  1. Replace <user-directory-name> with the problematic user directory name and execute this SQL query to find out about the Directory ID:

    SELECT ID AS 'Directory ID' FROM CWD_DIRECTORY WHERE DIRECTORY_NAME='<user-directory-name>';
  2. Replace <directory-id> in the following queries with the Directory ID acquired from Step 1.

  3. Execute the following queries to grant permissions for the directory. If an error is returned that such row with those values exists, ignore and proceed to the next query. One or more permissions are missing and they will be added using these queries.

    INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'CREATE_GROUP');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'CREATE_ROLE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'CREATE_USER');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'DELETE_GROUP');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'DELETE_ROLE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'DELETE_USER');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_GROUP');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_GROUP_ATTRIBUTE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_ROLE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_ROLE_ATTRIBUTE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_USER');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_USER_ATTRIBUTE');
  4. Confluence を再起動します。


If "Query 2" returns a value less than 12:

ここをクリックして展開...

  1. Replace <user-directory-name> with the problematic user directory name and run the following query to get the Mapping ID of the Directory:

    SELECT M.ID AS 'Mapping ID' FROM CWD_APP_DIR_MAPPING M, CWD_DIRECTORY D WHERE M.DIRECTORY_ID=D.ID AND D.DIRECTORY_NAME='<user-directory-name>';
  2. Replace <mapping-id> in the following queries with the Mapping ID acquired from Step 1.

  3. Execute the following queries to grant permissions for the application directory. If an error is returned that such row with those values exists, ignore and proceed to the next query. One or more permissions are missing and they will be added using these queries.

    INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'CREATE_GROUP');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'CREATE_ROLE');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'CREATE_USER');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'DELETE_GROUP');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'DELETE_ROLE');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'DELETE_USER');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'UPDATE_GROUP');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'UPDATE_GROUP_ATTRIBUTE');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'UPDATE_ROLE');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'UPDATE_ROLE_ATTRIBUTE');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'UPDATE_USER');
INSERT INTO CWD_APP_DIR_OPERATION VALUES(<mapping-id>, 'UPDATE_USER_ATTRIBUTE');

  4. Confluence を再起動します。

Last modified on Mar 27, 2024

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.