WordPress MultiSite Active Directory integration and site privacy

Here’s the overview of the setup:

  • I have a multisite installation of WordPress 3.4.2.
  • I’ve installed the Active Directory Authentication Integration plugin to allow users to use their AD credentials. This also allows assigning AD groups to each site, so that the site admins do not manually have to assign permissions.
  • I have installed the Network Privacy plugin, so that certain sites must be logged into before you are able to see any content. Anonymous users only see the login page.

In many regards, this setup works. I am having one problem however, which is stopping me from rolling this out to our primary WordPress multi-site installation:

  • Bob is a member of the “IT Support” group in AD.
  • Bob is also a member of the “Domain Users” group in AD.
  • The main site (www.mysite.com) is locked down to only allow “Domain Users” members to login.
  • The sub-site (www.mysite.com/itsupport) is locked down to only allow “IT Support” members to login.
  • Bob visits www.mysite.com and is prompted for authentication. He enters his AD credentials and is allowed into the site.
  • Now that he’s logged in on www.mysite.com, Bob clicks the link to go to www.mysite.com/itsupport and receives an error that he is not a member of the site.
    • It appears that no user entry has been created in the WordPress database for this sub-site.
  • Bob logs out of www.mysite.com.
  • Now that he is logged out, Bob goes directly to www.mysite.com/itsupport and is prompted for authentication. He enters his AD credentials and is allowed into the site.
    • It appears that the user entry in the WordPress database is created at this point for this sub-site.
  • Now if he logs out and logs into www.mysite.com, he can traverse to the itsupport site without any issues.

If I delete Bob’s user entries for both sites and disable the Network Privacy plugin, Bob is able to login to www.mysite.com and then traverse to the itsupport site. But if I delete his user entries and re-enable the Network Privacy plugin, the problem reappears.

I had the same problem with one other privacy plugin, though I can’t remember which one.

If you can spot the problem or if you have setup something similar, I’m willing to try anything, as long as I meet the basic criteria of using AD groups and being able to lock down certain sites.

2

Try a different approach. Instead of using plugins, I suggest modifying wordpress a little as described in the following answer.

https://stackoverflow.com/a/39195424/3157038

So in your case you should setup the wordpress installations like this:

  • mysite.com
    • root: */domains/mysite.com/public_html
    • db: user_mysite
    • table prefix: root_
  • mysite.com/itsupport
    • root: */domains/mysite.com/public_html/itsupport
    • db: user_mysite
    • table prefix: itsupport_

than in addition to the configuration given in the answer which i linked to, add the following to the wp-config files of both the wordpress installations:

define( 'CUSTOM_USER_TABLE', 'mysite_users );
define( 'CUSTOM_USER_META_TABLE', 'mysite_usermeta' );

Leave a Comment