問題

Confluence is connected to user directories that has Read and Write permission. However, users from that directory are unable to be deleted, edited, or added into groups.

The following messages appear in the UI

Attempting to delete user:

Attempting to edit user details:

Attempting to add user into groups:

The following appears in the atlassian-confluence.log

2019-06-27 12:02:31,006 ERROR [Long running task: Delete User: user1] [core.task.longrunning.AbstractLongRunningTask] runInternal Error during user deletion
 -- url: /admin/users/removeuser-confirm.action | referer: http://localhost:8090/admin/users/removeuser.action?username=user1 | traceId: 97102c882f315622 | userName: admin | action: removeuser-confirm
com.atlassian.confluence.user.UserManagementOperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'user1' because directory 'Example Directory' does not allow updates.</message></error>

診断

• The user is pulled from an external directory, such as JIRA or Crowd, with a Read and Write connection.

• In this external directory, the user is pulled from another external directory (eg. LDAP), with a Read Only Connection

原因

Because the directory between JIRA/Crowd and LDAP is read-only, user cannot be managed in JIRA/Crowd, nor can they be managed in Confluence side. Users can only be managed in LDAP side. 

In the example error message above, "user1" failed to be deleted, as the directory "Example Directory" Connected from JIRA/Crowd side, does not allow adding of groups.

ソリューション

• Manage user in LDAP side
• Change JIRA/Crowd - LDAP connection to Read and Write