Unable to add user due to 'Cannot write to read-only GroupManager'
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When adding a user, or perhaps adding a user to a group, it fails with the following error: "Cannot write to read-only GroupManager".
Environment
Using LDAP as a user management directory in Bamboo.
Diagnosis
The error below is thrown to <bamboo-home>/logs/atlassian-bamboo.log when adding a user in LDAP to a group named bamboo-admin or bamboo-users:
INFO [http-nio-8085-exec-14] [AccessLogFilter] username POST https://<bamboo_url>/admin/group/updateGroup.action 1637292kb
ERROR [http-nio-8085-exec-14] [ExceptionMappingInterceptor] Cannot write to read-only GroupManager [ldapRepository]
java.lang.UnsupportedOperationException: Cannot write to read-only GroupManager [ldapRepository]
at com.atlassian.user.impl.ReadOnlyGroupManager.addMembership(ReadOnlyGroupManager.java:40)
at com.atlassian.user.impl.cache.CachingGroupManager.addMembership(CachingGroupManager.java:172)
at com.atlassian.user.impl.delegation.DelegatingGroupManager.addMembership(DelegatingGroupManager.java:250)Cause
This indicates that there is a group with a duplicate name in the LDAP user directory, usually bamboo-admin or bamboo-users.
By default, a special group called bamboo-admin is automatically created when Bamboo is installed, therefore cannot be the same group name in LDAP.
Solution
Make sure these group names, reserved for internal use in Bamboo, are not used in the LDAP user directory.