Here’s the overview of the setup:
- I have a multisite installation of WordPress 3.4.2.
- I’ve installed the Active Directory Authentication Integration plugin to allow users to use their AD credentials. This also allows assigning AD groups to each site, so that the site admins do not manually have to assign permissions.
- I have installed the Network Privacy plugin, so that certain sites must be logged into before you are able to see any content. Anonymous users only see the login page.
In many regards, this setup works. I am having one problem however, which is stopping me from rolling this out to our primary WordPress multi-site installation:
- Bob is a member of the “IT Support” group in AD.
- Bob is also a member of the “Domain Users” group in AD.
- The main site (www.mysite.com) is locked down to only allow “
Domain Users
” members to login. - The sub-site (www.mysite.com/itsupport) is locked down to only allow “
IT Support
” members to login. - Bob visits www.mysite.com and is prompted for authentication. He enters his AD credentials and is allowed into the site.
- Now that he’s logged in on www.mysite.com, Bob clicks the link to go to www.mysite.com/itsupport and receives an error that he is not a member of the site.
- It appears that no user entry has been created in the WordPress database for this sub-site.
- Bob logs out of www.mysite.com.
- Now that he is logged out, Bob goes directly to www.mysite.com/itsupport and is prompted for authentication. He enters his AD credentials and is allowed into the site.
- It appears that the user entry in the WordPress database is created at this point for this sub-site.
- Now if he logs out and logs into www.mysite.com, he can traverse to the itsupport site without any issues.
If I delete Bob’s user entries for both sites and disable the Network Privacy plugin, Bob is able to login to www.mysite.com and then traverse to the itsupport site. But if I delete his user entries and re-enable the Network Privacy plugin, the problem reappears.
I had the same problem with one other privacy plugin, though I can’t remember which one.
If you can spot the problem or if you have setup something similar, I’m willing to try anything, as long as I meet the basic criteria of using AD groups and being able to lock down certain sites.
Try a different approach. Instead of using plugins, I suggest modifying wordpress a little as described in the following answer.
https://stackoverflow.com/a/39195424/3157038
So in your case you should setup the wordpress installations like this:
than in addition to the configuration given in the answer which i linked to, add the following to the wp-config files of both the wordpress installations:
If you have a multi-site install you should switch your IT Tech Support site to a subdomain.
You are probably experiencing a cookie login mismatch. Since it is set at the root of the domain it is the same for both of the sites. So if you set up support.example.com it should be clearer than example.com/support
Unless I’m misunderstanding completely, in which case, try a different plugin to restrict the content to the user and don’t run this as a sub-site.