Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.10.3, 3.0.1, 3.0.2, 3.1
-
None
-
OpenLDAP
Description
Bug Background
The page permission allows users to restrict other users/group from either viewing or editing the page. This would also work while using LDAP server. Problem occurs when LDAP server is down for some reason. The user is not allowed to even add the local confluence group such as confluence-users or confluence-administrators. There's no problem with restricting local users though.
Steps to reproduce
- Hook up Confluence with LDAP
- Make sure LDAP users can login and work with Confluence
- Shutdown LDAP server and restart Confluence instance
- Go to a page, edit it and try to add a local group to the page restriction:
- Scenario 1:
- User keys-in the group name(for example, confluence-users) in the text-field and click the 'Restrict' button
- Screenshot to depict this: Scenario1.png
- Scenario 2:
- User clicks the 'Group' button and select a group from the list using the Group Search
- Screenshot to depict this: Before selection and Result
- Upon checking the atlassian-confluence.log, the following stacktrace were found which could be the cause for the whole issue:
2010-01-27 14:54:09,958 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] hasMembership javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
– url: /pages/getpagepermissions.action | userName: admin | referer: http://localhost:8080/pages/editpage.action?pageId=5767172
2010-01-27 14:54:09,962 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] hasMembership javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
– url: /pages/getpagepermissions.action | userName: admin | referer: http://localhost:8080/pages/editpage.action?pageId=5767172
2010-01-27 14:54:09,965 ERROR [http-8080-4] [bucket.user.DefaultUserAccessor] hasMembership javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
– url: /pages/getpagepermissions.action | userName: admin | referer: http://localhost:8080/pages/editpage.action?pageId=5767172
- Scenario 1:
Additional Information
- The issue above also affects other permissions in Confluence
- For example, in space permission and global permission, both confluence-administrators and confluence-users are shown as not found.
- Screenshot for space permission
- Screenshot for global permission
Findings
- If in atlassian-user.xml, the hibernate datasource is declared above the ldap datasource, this problem won't occur.
Attachments
Issue Links
- is duplicated by
-
CONFSERVER-19131 "Group not found" for local groups, on space and global permissions screens, if LDAP server if offline
- Closed
-
CONFSERVER-13747 Handle LDAP repository outage and "group not found" message in global permissions
- Closed