問題

When trying to remove a user from the group they belong to or from Confluence via the steps below:

• Go to  > User Management > Remove membership via User Management
• Go to  > General Configuration > Groups > Remove membership via Group Management
• Go to  > User Management > Delete user.
  
  

The error message below appears:

• Could not remove user 'USER_NAME' as a member of group 'GROUP_NAME'. Check your server logs for more information.

The following appears in the atlassian-confluence.log:

2019-04-05 12:10:11,998 ERROR [http-nio-8090-exec-3] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'USER_NAME' as a member of 'GROUP_NAME'
 -- referer: http://<CONFLUENCE_URL>/admin/users/editusergroups.action | url: /admin/users/editusergroups.action | traceId: d885dc5cfdf3129f | userName: admin | action: editusergroups
com.atlassian.user.EntityException: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.removeMembership(EmbeddedCrowdGroupManager.java:223)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
...

または 

2019-04-05 12:12:01,963 ERROR [http-nio-8090-exec-8] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'USER_NAME' as a member of 'GROUP_NAME'
 -- referer: http://<CONFLUENCE_URL>/admin/users/removeuserfromgroup.action?atl_token=62d26c95642d4d12967dbf970f4556ddabe0794b&membersOfGroupTerm=GROUP_NAME&username=USER_NAME | url: /admin/users/removeuserfromgroup.action | traceId: 88b5543a61debd05 | userName: admin | action: removeuserfromgroup
com.atlassian.user.EntityException: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.removeMembership(EmbeddedCrowdGroupManager.java:223)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
...

 The USER_NAME and GROUP_NAME will be the respective user and group that you're trying to edit.

診断

環境

• Confluence is connected with External Directory under either condition below:

  • Delegated External Directory
  • Read Only with Local Groups
   Both of the situations above allow Confluence to have Internal Group and Local Group

Diagnostic Steps

• Run the SQL Query below to find if you have incorrect pair of User and Group in cwd_membership table:
  
  

  select cm.id, cm.parent_id, cg.group_name, cg.directory_id as group_directory_id, cm.child_user_id, cu.user_name, cu.directory_id as user_directory_id 
  from cwd_membership cm
  join cwd_user cu on cu.id=cm.child_user_id
  join cwd_group cg on cg.id=cm.parent_id
  where cg.directory_id != cu.directory_id
  and cu.user_name='<USER_NAME>';

   Replace <USER_NAME> with the affected user's username.

Only if the query above return with any result(s), the user is affected by this issue and should follow the Resolution steps to manually remove the group membership.

原因

By right, the user from External Directory is located in the Internal Group that belongs to Internal Directory or vice versa. An incorrect entry will cause Confluence to still recognize the membership of the user in permission or restriction setting, but admin will not be able to remove them from the incorrect group memberships.

User from the External Directory must be in the Local Group that belongs to the External Directory, while user from Internal Directory must be in the Internal Group that belongs to the Internal Directory.

 Below are some definitions of the Local Group vs Internal Group:

ソリューション

Manually remove the incorrect entry in the cwd_membership table using the SQL query below:

delete from cwd_membership where id=<ID_FROM_DIAGNOSTIC_STEP>;

 Replace the <ID_FROM_DIAGNOSTIC_STEP> using the id from Diagnostic step above