Cannot add new user accounts


We use a Plone site for our company intranet. I inherited it from the previous IT manager here and we lost pretty much all the knowledge of Plone when he went, so I know very little about how the back end of it is put together.

About a year after he left we stopped being able to add new accounts to the site. It lets you go through the motions of creating the account and says that it was successful, but the account doesn't then appear in the list of users.

This has been going on for a while now and I've not worried about it too much as we've just reused all of the existing accounts, but it would be great to get it working again properly.

I have also just noticed today that my account (which has full site admin privileges) is only able to delete a few accounts - the rest of them have the 'Remove User' box greyed out - if this isn't related to the main issue, just ignore this bit for now. Creating new users is the more important thing to get fixed and I'll worry about removing old users later.

Here are my component versions in case they help:

  • Plone (4206)
  • CMF 2.2.6
  • Zope 2.13.15
  • Python 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)]
  • PIL 2.0.0 (Pillow)

Thanks in advance,

@Perranw: It may be that you have an add-on responsible for setting up and storing users which has stopped working for some reason. Would you be able to send us a list of the add-ons that are activated for your site? You can find that list in the Site Settings under Add-Ons. There are two sections, one for active, and one for inactive. The important list is the active one.

Hi Cris,

Thanks for getting in touch :slight_smile:

Here's the list of activated add-ons. Sorry about the formatting - I hope it's legible.

  • Attachment support 4.3 Simple attachment content types and widget
  • Carousel for Plone 2.2.1 Carousel allows you to add user-configurable rotating banners to any section of a Plone site.
  • Diazo theme support 1.0 Installs a control panel to allow on-the-fly theming with Diazo
  • EstateLite Theme 6.0.6 Free Diazo Theme for Plone
  • FSD Simplifier 1.3 Simplifies FacultyStaffDirectory (FSD) for the end-user.
  • FacultyStaffDirectory 3.1.3 Provides content types for creating and organizing personnel directories within educational institutions. Integrates with Plone's users and groups infrastructure and supports an extensibility framework for custom requirements.
  • HTTP caching support 1.1 Installs
  • Image Repository 1.0.2 A flexible tag-driven image repository
  • Kupu 1.5.0 Kupu is a cross-browser visual editor. This add-on has been upgraded. Old profile version was unknown. New profile version is 2. There is no upgrade procedure defined for this add-on. Please consult the add-on documentation for upgrade information, or contact the add-on author.
  • Marshall 2.1.1
  • Membrane: content-based users and groups 2.1.7
  • Page Turner 1.3.4 Provides an embedded document viewer like for Plone's File type if file is a PDF.
  • Plone Classic Theme 1.2.2 The old theme used in Plone 3 and earlier.
  • Plone JQuery Integration 1.4.4 Profile for Plone's JQuery resources.
  • Plone JQuery Tools Integration 1.3.2 Profile for Plone's JQuery Tools resources.
  • Plone Quick Upload 1.5.8 A quick upload form for Plone. This add-on has been upgraded. Old profile version was 3. New profile version is 4.
  • Plone Survey 1.4.5 A survey product for Plone.
  • Plone True Gallery 3.3.1a1 Extension profile for the "collective.plonetruegallery" Plone product.
  • PloneFormGen 1.7.7 Makes it possible to build forms via a through-the-web UI
  • Ploneboard 3.3 Install the Ploneboard forum product
  • Reflecto: a window unto the filesystem 3.0b1 Reflecto provides access to the filesystem from a Plone site. This add-on has been upgraded. Old profile version was unknown. New profile version is 3.0b1. There is no upgrade procedure defined for this add-on. Please consult the add-on documentation for upgrade information, or contact the add-on author.
  • Relations 0.9b1 Extension profile for the Relations Product.
  • Session refresh support 3.5 Optional plone.session refresh support.
  • SmartColorWidget 1.1.4 Profile for SmartColorWidget.
  • Solgema ContextualContentMenu 0.1 Adds a javascript Contextual Content Menu
  • Solgema Fullcalendar 2.1.2 Adds a Full editable Calendar based on fullcalendar (
  • Static resource storage 1.0.1 A folder for storing and serving static resource files
  • Workflow Policy Support (CMFPlacefulWorkflow) 1.5.7 Add in Plone the capability to change workflow chains for types in every object. Includes a dependency on core Plone types.
  • Working Copy Support (Iterate) 2.1.5 Adds working copy support (aka. in-place staging) to Plone.
  • collective.z3cform.datetimewidget 1.2.0 Enable support for date-time widget
  • jQuery Color Picker 1.0 jQuery Color Picker integration for Plone. This add-on has been upgraded. Old profile version was unknown. New profile version is 1.0. There is no upgrade procedure defined for this add-on. Please consult the add-on documentation for upgrade information, or contact the add-on author.
  • jQuery FullCalendar plugin jQuery FullCalendar plugin for Plone (
  • jQuery UI jQuery UI for Plone. This add-on has been upgraded. Old profile version was 2200. New profile version is 3101. 1.0.4 Adds support for new style collections to Plone

And there are also these 'available' add-ons that don't appear to be activated:

  • BlingPortlet 2.1 A portlet that brings bling to your site
  • ContentWellPortlets 4.2.1 Enables the addition of portlets to the central column in a page.
  • OpenID Authentication Support 2.0.2 Adds support for authenticating with OpenID credentials in a Plone site


Plone has a very flexible component for all tasks associated with authentication, among them user management: "PlonePAS", based on "PAS" (= "Pluggable Authentication System"). It is based on plugins. Its behavior heavily depends on what plugins are registered and activated; even the order may be important.

You can use the ZMI (= "Zope Management Interface") of the "acl_users" object in your site (available under the url "/acl_users/manage_main"). You will see there a list of plugin objects which may (or may not) have been activated. One of those entries is not really a plugin but instead an access point for plugin management; it is called "plugins". Click on this entry to get at its ZMI page.

The ZMI page for "plugins" shows you a list corresponding to authentication subtasks. The relevant entries for user management are "User_Adder plugins", "User_Enumeration plugins" and "User_Introspection plugins". Clicking on the respective entry allows for the management of the corresponding plugins.

Under normal conditions, the plugin activated as a "User_Adder plugin" is also activated as "User_Enumeration" and "User_Introspection" plugin. Check what user management plugins are activated for your site and come back with the found plugins should the condition above be violated.


I see that you are using FacultyStaffDirectory. That add-on allows you to create profiles for people in your organization and then organize them into groups. Each profile provides login capability to the person it represents, and rights within the site are managed by the groups you put people into.

There may be an issue with FSD or with Membrane beneath it (the mechanism that causes profile content objects to behave as Users)

@dieter's suggestion is very good. Finding a list of the PAS plugins that are active will help to diagnose the problem. You may also wish to look in your zope log (generally found in the site buildout at var/log/instance.log (or clientN.log or some similar name). That will contain exceptions thrown by the system while running and you may find that there are some related to FSD or to Membrane.

You might also try tailing that log while you attempt to create a new user to see if you can spot the problem in action. If we could get a traceback of that error, it would certainly help clear up the issue.

1 Like

Thanks guys,

So, I've found all the items that you've mentioned.

Here are the screenshots of the user plugins:

And I found the error in the 'instance.log' file that appears when trying to add a user and allocate them to a user permission group:

2017-03-16T09:48:33 ERROR Zope.SiteErrorLog 1489657713.010.875807956924 http://SERVERNAME:8080/SITE/@@new-user
Traceback (innermost last):
  Module ZPublisher.Publish, line 126, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 46, in call_object
  Module zope.formlib.form, line 795, in __call__
  Module five.formlib.formbase, line 50, in update
  Module zope.formlib.form, line 776, in update
  Module zope.formlib.form, line 620, in success
  Module, line 560, in action_join
  Module <string>, line 3, in addPrincipalToGroup
  Module plone.protect.utils, line 43, in _curried
  Module <string>, line 3, in addPrincipalToGroup
  Module AccessControl.requestmethod, line 70, in _curried
  Module, line 188, in addPrincipalToGroup
  Module, line 69, in addPrincipalToGroup
  Module <string>, line 8, in addPrincipalToGroup
  Module AccessControl.requestmethod, line 70, in _curried
  Module Products.PluggableAuthService.plugins.ZODBGroupManager, line 274, in addPrincipalToGroup
KeyError: 'admin-marketing'

However, you made me wonder whether the problem was related to allocating users to the permissions groups, so I just tried adding a user without adding them to any groups (can't believe I didn't try this before!) and it was successful! So it does look like the issue is with the groups.

This will work as a bodge for now, but do you know what I need to do to get the permissions groups working again?


"KeyError" indicates that the group is unknown. Likely, you will have some way to manage the groups. In case, the internal data structures got inconsistent, it might be necessary to delete and then recreate the problematic group.

Hi Dieter,

Thanks for that. Unfortunately I really don't know my way around Plone. I'll have a look around to see if I can find how to do what you've asked, but any pointers on how to do this would be appreciated. Firstly, when you say that I should 'manage the groups' would that be done within Plone or AD? At the moment I can't see how to change the FacultyStaffDirectory addin settings - is that something you can point me towards?

Thank you,

I cannot help you with this - as I do not know "FacultyStaffDirectory" nor "Membrane".

I have "worked" (only) with the information provided in this discussion: you wrote that you tried to add the new member to a permission group and that this resulted in a KeyError "admin-marketing". This indicates that the id corresponding to your permission group is likely "admin-marketing" and that it is not known. I do not know where "FacultyStaffDirectory" looks for permission groups. It might be, that it takes them from AD (then they are likely managed in AD itself); if they are managed locally (i.e. inside your Plone, then you would have some way to manage them). At this stage, I would say, you must learn something about "FacultyStaffDirectory" (or get help from someone who knows it well).


I would add an admin-marketing group to see what happen. I think the previous admin has registered an handler on member creation that require an existing admin-marketing group. Add it and see what happen.

Thanks for all the suggestions and sorry that I've gone quiet on this, but I've had to concentrate on other stuff this week. I'll try to spend some more time on this soon and will let you know how I get on. At least I can create new accounts now :slight_smile: which is a great improvement on where I was before.