Create local users in each subdomain

What about constructing your own signup page instead, and hard coding it in there? I’m at a loss to which function you’d want here ?? I’d have to play around with all of them.

Yes, it may have to come down to this (although this sounds like a bigger project!)

How do I start going about replacing the ‘Add New User’ admin page in the subdomain only? Any pointers would be appreciated…

P.S. I think I just need to be able to call the function that inserts the user into the wpmu_signups table, which I think is wpmu_signup_user, but I don’t seem to be able to hook up there.

sontru –
Sorry I am late to this discussion but I do not completely understand your requirements. It seems you want two authentication systems: shibboleth and local (WP). Anyone who authenticates via Shibboleth is created an WP admin account with which you want to append the subdomain to the username… is that correct? What kind of user attributes are you getting from Shibboleth – uid, email?

Let me tell you a bit about our multisite(domain) WP system at USC. At USC we use Shibboleth as our main sign-on and ldap as a secondary auth system. For WP, we configured it to use all three systems: Shib, ldap, and local. When a user logs in, WP attempts to log the user into each system until successful. We had to write our own Shib and ldap auth WP plugin – using other plugins as a template. However we do not auto-provision users. We also wrote a “bulk” user plugin which allows us to create WP accounts for a list of users, giving the user privilege to a specific blog. Afterwards the user can log into that site using Shibboleth or ldap. We only use local authentication for special cases, for example consultants who are not in any USC system.

Let me know if anything interests you and I can provide more info.

No you are not too late – thanks for the interest.

OK, this is a short breakdown. I had to set up a WP MS system and integrate it with our SSO – Shibboleth. I have done this now, and it works. However, I have found that with MS, users are all global. We want local users (users created and maybe restricted to a specific subdomain) as well as global users (Shib). This is so ‘external’ users can be created and allow to login/contribute within the subdomains.

Now because users who login using Shib gets an account created automatically, what happens if a subdomain creates a user (login name) that is the same as the Shib user? (Note the two users are different people).

So this is the problem, which I think can be solved with this. Shib users login and get created as per plugin. User created in a subdomain gets the login name suffixed with the subdomain.

So Shib user ‘bob’ is different from user bob_subdomain1, different from bob_subdomain2.

I think one problem to understand is that we are allowing Admins of our subdomain the ability to create users. So they could create login names that could potentially clash with the ‘global’ Shib logins. Also, we can not guarantee that a subdomain user created today with a unique login name that does not clash with Shib user, will be the same user that get created in Shib tomorrow…

You have a name space issue and you want to limit users to a specific subdomain. The latter requirement kind of conflicts with WP MS. One possibility is to use email address as the username (at least for Shib) – that would solve name space problems.

I see a few potential problems with appending subdomains onto usernames:
– Most likely no one else has done this and you will need to do some plugin development.
– For the username, will the subdomain be shown to the user so that they need to provide the ‘username_subdomain’ to login or is the subdomain “hidden”
– Changing username will confuse the user and admin. For example: emails sent to the user will show their username (that includes the subdomain), users will see their username in the profile, etc. It will be an administrative problem.
– What happens if you change the subdomain?
– I see potential problems with authentication, depends on how you design it.

The way I see it, you may need to create two plugins: one for authentication and another for creating users. Depends on whether you want to hide subdomain in the user names and if you will have site admins follow a certain policy when creating users. There might be other issues I have not thought of.

Thanks for the ideas, but I think I have it solved ?? You are right that I have a namespace clash – out of interest, if you use Shibboleth (assuming using the same plugin as everybody else) and also have local users – how do you resolve the namespace clash problem? (Say, what happens in your case, if you have a local user in your database – Bob, then comes along a user who logs in via Shibboleth authentication who’s login name is als Bob – what happens?)

My solution is (1) ‘local’ wp user who can login using Shib, (2) email login enabled, and (3) local wp users with domain suffix (who might be restricted only to the subdomain they were created for – depending if I can find the right user management plugin).

The locally created subdomain users do not have their login name changed – they are created by the admin who will be informed that the user they are creating has the suffix added to the login name (and the email that goes to the user will inform them that their login is bob_subdomain) no confusion there. Email login is enabled so users can use their email address to login (so so fuss there with remembering login names).

I have hacked the ms-functions.php so that it appends the suffix to users created in/for a subdomain – and this works. The remaining issue is how to write a plugin to do this so that whenever the WP MS code is changed, I do not need to constantly hack it again…

Ipstenu (Mika Epstein) and I have been trying to locate the hook that will allow me to write a plugin, and we have concluded that it is not as simple as we might expect. We think the plugin will need to replace the Create New User admin (in the subdomain) page, which might be a good thing because that would be where I inform them that they are creating local (to the subdomain user) whose login name will be suffixed with the name of their subdomain. (But who can login using their email address if they want to or can’t remember the strange login name.)

It will take some work to get a plugin to do the simple task of adding the subdomain suffix, so for the meantime I will leave the hack code in the ms-functions.php to do its work, and hope I don’t need to upgrade MS WP anytime soon…

sontru –
We avoid namespace clashes as 99% of our users are USC members. The 1% that are not, we use email address as their username. FYI, we can also assign Shibboleth user’s with a WP password, so if Shibboleth service is out, a shib user (really admins only) can use local auth to gain access.

I see your dilemma. Here are a few suggestions that I think would be better than modifying core WP files (kind of a hassle every time you upgrade):
1) Add a plugin to add javascript to the header. With javascript you can grab the content from the username field and append the subdomain.
2) wpmu_new_user – this is a hook that is called after the user has been created. Not sure if it is possible to change the username of an existing user. If it is possible, then you could use this hook to append the subdomain to the username
3) Modify the add user file (new-user.php?)… bad but slightly better than modifying ms-functions.php

By default users belong to the network.

They have ‘subscriber’ access to all sites (read-only and comment).

If you need more roles, they get provided ad hoc.

So … that’s kind of similar?

I am not wanted this option , my need is every subdomain is seperate site so need not to have access to other subdomain .

could u help me

I don’t know what version of WordPress Multisite you are using, but for me with 3.4.2, network users are not members of any subdomain unless you make them so (either manually or using a plugin).

I am currently writing a plugin to replace the add new user page but this is taking me a while. In the meantime I have modified the wpmu_signup_user function as detailed above (to add the domain suffix).

sontru – it’s the same in all WP (except 3.0, which make users members of the main site)

I am not wanted this option , my need is every subdomain is seperate site so need not to have access to other subdomain .

That’s how it’s supposed to work, anandbala. If you need help with that, please post your own topic, though.