Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.5
Affects Version/s: 2.10.3, 3.0.1, 3.0.2, 3.1
Component/s: None
Labels:
Environment:

OpenLDAP

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Bug Background

The page permission allows users to restrict other users/group from either viewing or editing the page. This would also work while using LDAP server. Problem occurs when LDAP server is down for some reason. The user is not allowed to even add the local confluence group such as confluence-users or confluence-administrators. There's no problem with restricting local users though.

Steps to reproduce

Hook up Confluence with LDAP
Make sure LDAP users can login and work with Confluence
Shutdown LDAP server and restart Confluence instance
Go to a page, edit it and try to add a local group to the page restriction:
- Scenario 1:
  - User keys-in the group name(for example, confluence-users) in the text-field and click the 'Restrict' button
  - Screenshot to depict this: Scenario1.png
- Scenario 2:
  - User clicks the 'Group' button and select a group from the list using the Group Search
  - Screenshot to depict this: Before selection and Result
- Upon checking the atlassian-confluence.log, the following stacktrace were found which could be the cause for the whole issue:
  
  2010-01-27 14:54:09,958 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] hasMembership javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
  – url: /pages/getpagepermissions.action | userName: admin | referer: http://localhost:8080/pages/editpage.action?pageId=5767172
  2010-01-27 14:54:09,962 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] hasMembership javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
  – url: /pages/getpagepermissions.action | userName: admin | referer: http://localhost:8080/pages/editpage.action?pageId=5767172
  2010-01-27 14:54:09,965 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] hasMembership javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
  – url: /pages/getpagepermissions.action | userName: admin | referer: http://localhost:8080/pages/editpage.action?pageId=5767172

Additional Information

The issue above also affects other permissions in Confluence
For example, in space permission and global permission, both confluence-administrators and confluence-users are shown as not found.
Screenshot for space permission
Screenshot for global permission

Findings

If in atlassian-user.xml, the hibernate datasource is declared above the ldap datasource, this problem won't occur.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

GlobalPermission.png
184 kB
27/Jan/2010 7:27 AM
Scenario1.png
107 kB
27/Jan/2010 7:26 AM
Scenario2.png
286 kB
27/Jan/2010 7:26 AM
Scenario2a.png
111 kB
27/Jan/2010 7:26 AM
SpacePermission.png
157 kB
27/Jan/2010 7:27 AM

Issue Links

is duplicated by

CONFSERVER-19131 "Group not found" for local groups, on space and global permissions screens, if LDAP server if offline

Closed

CONFSERVER-13747 Handle LDAP repository outage and "group not found" message in global permissions

Closed

Activity

People

Assignee:: Matt Ryall

Reporter:: Sashidaran Jayaraman [Atlassian]

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27/Jan/2010 7:26 AM

Updated:: 11/Oct/2018 9:04 AM

Resolved:: 17/Mar/2011 1:22 AM