Cannot Add New LDAP User to Confluence
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
Administrator is unable to add new LDAP user via Confluence.
This Knowledge Base article is an uncommon configuration. This is for administrators that wish to use add users to Confluence and have that user propagated back to LDAP.
The following appears in the atlassian-confluence.log:
com.atlassian.core.exception.InfrastructureException: com.atlassian.user.EntityException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Application 'crowd-embedded' has no directories that allow adding of users.Cause
User has not enabled the Read/Write connector to LDAP and it is in the primary position.
Below found in Confluence Admin > User Directories
NOTE: It is possible to diagnose this issue through the use of the Directory Configuration Summary.
Major Differences
Read Only
Allowed operations: [UPDATE_USER_ATTRIBUTE, UPDATE_GROUP_ATTRIBUTE]
"autoAddGroups": ""
"ldap.pool.initsize": "null"
"ldap.pool.maxsize": "null"
"ldap.pool.prefsize": "null"
"ldap.propogate.changes": "false"
Read/Write
Allowed operations: [UPDATE_ROLE, UPDATE_USER, CREATE_ROLE, DELETE_USER, CREATE_USER, UPDATE_GROUP_ATTRIBUTE, DELETE_GROUP, UPDATE_GROUP, UPDATE_USER_ATTRIBUTE, UPDATE_ROLE_ATTRIBUTE, DELETE_ROLE, CREATE_GROUP]
"com.atlassian.crowd.directory.sync.lastdurationms": "xxxx"
"com.atlassian.crowd.directory.sync.laststartsynctime": "yyyyyyyyyyyyyyy"
"ldap.propogate.changes": "true"
Workaround
Set the LDAP directory to use the Read/Write connector.
Confluence Admin > User Directories > Edit LDAP.
