Cannot add user

Checklist
[x ] I have read intro post: link removed to be able to post
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue

Running on a Debian 12 VM, just installed.
Followed directions on https://www.passbolt.com/docs/hosting/install/ce/debian/
Nginx server
Since I started with originally trying a docker setup, I kept traefik in docker for Let’s Encrypt TLS, and set it up to forward to the external Debian server. Debian server is dedicated to passbolt as configured in the documentation, leaving SSL off.

mysql Ver 15.1 Distrib 10.11.11-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
PHP 8.2.28 (cli) (built: Mar 13 2025 18:21:38) (NTS)

Open source password manager for teams

Healthcheck shell
If you want to have more information about the different checks, please take a look at the documentation: link removed to be able to post

Environment

[INFO] Linux passbolt 6.1.0-37-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.140-1 (2025-05-22) x86_64 GNU/Linux
[PASS] PHP version 8.2.28.
[PASS] PHP version is 8.2 or above.
[PASS] 64-bit architecture system detected.
[INFO] gpg (GnuPG) 2.2.40 / libgcrypt 1.10.1
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] System clock is synchronized and NTP service is active.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Cache is working.
[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to link removed to be able to post
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates.
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate.

SMTP settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[PASS] No custom SSL configuration for SMTP server.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled.
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (5.2.0).
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema is up to date.

Database

[PASS] The application is able to connect to the database
[PASS] 34 tables found.
[PASS] Some default content is present.

Metadata

[PASS] The server is able to decrypt the metadata private key.

[FAIL] 1 error(s) found. Hang in there!

I added myself during the initial login just fine, and added one additional user just fine. However, when I go to add another user, I get the following error:

There was an unexpected error…

Could not validate user data.
{
“code”: 400,
“body”: {
“role_id”: {
“validRole”: “The role identifier does not exist.”
}
}
}

Expected behavior is that the new user would be added without error.

Cheers paperpen,

seems like you’re trying to create a user where the role you try to apply is missing

Which command did you use ?

To be sure the role you’re trying to apply exists, check the Database
(Connect to your mysql or whatever you host)
switch into the sql database

#MariaDB [passbolt]> use passbolt;

Database changed

And take a look for the existing roles

#MariaDB [passbolt]> SELECT id, name FROM roles;

±-------------------------------------±------+
| id | name |
±-------------------------------------±------+
| 40a6………………………… | admin |
| d491………………………… | guest |
| 29c4………………………… | user |
±-------------------------------------±------+

Also be sure you only use lowercase-letters for the role you try to aplly, since you’re using linux :slight_smile:

If there aren’t any roles yet, try reinstalling / maybe the database doesn’t has any information yet

Best regards and good luck! :slight_smile: