"
Hello everyone,
I'm trying to add a local user to a local group via OPNsense's REST API, but I keep getting the Option not in list. (or result: failed) error despite following the official documentation and various tips. Below are the details:
Version and Context
OPNsense Version: latest stable release (e.g., 25.1.1)
Authentication: The API user has full privileges (e.g., "System: User Manager" or "Administrator").
Environment: Primarily local setup (no LDAP/Radius servers involved).
What I'm Trying to Do
Create a new local user and directly associate it with a local group via the API.
I have tried both the "user side" approach (using group_memberships in user/add or user/set) and the "group side" approach (updating the member field in group/set).
Achieve the same result as using the GUI ("Add User," select a group, and save) but programmatically through the API.
Errors Encountered
When attempting to specify the group during user creation (/api/auth/user/add) with JSON like this:
json
{
"user": {
"name": "PROVA555",
"password": "12345678Ab!",
"scope": "local",
"authserver": "Local Database",
"disabled": "0",
"group_memberships": {
"8ed3818e-cd33-46b5-977b-6d258215a1a2": "1"
}
}
}
I receive the error:
json
Copia
Modifica
"result": "failed",
"validations": {
"user.group_memberships": "Option not in list."
}
The same happens when trying scope: "user" instead of "local", or sending an array instead of an object for the group memberships.
On the group side (e.g., /api/auth/group/set?uuid=<GROUP_UUID>), I retrieve the JSON via group/get, add the user's UUID in the member array, but still get result: failed or a similar "Option not in list" error.
Preliminary Checks Already Performed
Verified the group's UUID and the user's UUID via search/get calls, so I'm certain the IDs are correct.
Attempted:
Creating a new group via /api/auth/group/add (local scope, empty member list).
Creating a new user via /api/auth/user/add (local scope, no group).
Updating the group to add the user in member.
This still results in the same error.
The API user definitely has full administrative privileges (or "System: User Manager").
Checked field validity (name, scope, description, priv) to ensure no invalid characters.
Running the latest OPNsense release and have tried disabling plugins that might interfere.
Additional Details
The error message is almost always "Option not in list." on user.group_memberships, or user.group_memberships=Option not in list..
I haven't found a more detailed error in System Logs or Backend logs.
If I create a user without any groups, it works fine. Adding the group afterwards still fails.
I've tried various combinations like scope="local", authserver="Local Database", and disabled="0".
Question
What could cause Option not in list for local groups/users, given that I've verified the UUID and permissions? Is there an additional step required to make the group "selectable"? Or might this be a bug in this version? Any advice on where to check logs or possible extra configuration steps is appreciated!
Thank you in advance for any help!
(All sensitive data has been omitted; names and UUIDs are just examples.)
I'm trying to add a local user to a local group via OPNsense's REST API, but I keep getting the Option not in list. (or result: failed) error despite following the official documentation and various tips. Below are the details:
Version and Context
OPNsense Version: latest stable release (e.g., 25.1.1)
Authentication: The API user has full privileges (e.g., "System: User Manager" or "Administrator").
Environment: Primarily local setup (no LDAP/Radius servers involved).
What I'm Trying to Do
Create a new local user and directly associate it with a local group via the API.
I have tried both the "user side" approach (using group_memberships in user/add or user/set) and the "group side" approach (updating the member field in group/set).
Achieve the same result as using the GUI ("Add User," select a group, and save) but programmatically through the API.
Errors Encountered
When attempting to specify the group during user creation (/api/auth/user/add) with JSON like this:
json
{
"user": {
"name": "PROVA555",
"password": "12345678Ab!",
"scope": "local",
"authserver": "Local Database",
"disabled": "0",
"group_memberships": {
"8ed3818e-cd33-46b5-977b-6d258215a1a2": "1"
}
}
}
I receive the error:
json
Copia
Modifica
"result": "failed",
"validations": {
"user.group_memberships": "Option not in list."
}
The same happens when trying scope: "user" instead of "local", or sending an array instead of an object for the group memberships.
On the group side (e.g., /api/auth/group/set?uuid=<GROUP_UUID>), I retrieve the JSON via group/get, add the user's UUID in the member array, but still get result: failed or a similar "Option not in list" error.
Preliminary Checks Already Performed
Verified the group's UUID and the user's UUID via search/get calls, so I'm certain the IDs are correct.
Attempted:
Creating a new group via /api/auth/group/add (local scope, empty member list).
Creating a new user via /api/auth/user/add (local scope, no group).
Updating the group to add the user in member.
This still results in the same error.
The API user definitely has full administrative privileges (or "System: User Manager").
Checked field validity (name, scope, description, priv) to ensure no invalid characters.
Running the latest OPNsense release and have tried disabling plugins that might interfere.
Additional Details
The error message is almost always "Option not in list." on user.group_memberships, or user.group_memberships=Option not in list..
I haven't found a more detailed error in System Logs or Backend logs.
If I create a user without any groups, it works fine. Adding the group afterwards still fails.
I've tried various combinations like scope="local", authserver="Local Database", and disabled="0".
Question
What could cause Option not in list for local groups/users, given that I've verified the UUID and permissions? Is there an additional step required to make the group "selectable"? Or might this be a bug in this version? Any advice on where to check logs or possible extra configuration steps is appreciated!
Thank you in advance for any help!
(All sensitive data has been omitted; names and UUIDs are just examples.)
