Federated users in Drupal

I'm working with a complex network of Drupal sites and trying to find the best way to do federated users. The Drupal Module approach is a little too shotgun for this case. I need fine control, roles, taxonomy access etc. for each site but would like to have a common username and password. In the best of all possible worlds single-sign-on.

One approach uses MySQL views to accomplish this. So far this seems a good approach but it is not as simple to administer as I'd like. The Open Journal Systems approach is very much what I'd like to implement. An administrator goes to the main site and can see all the users and can assign users to various sites. It would be possible to do this with the roles in Drupal but one would quickly end up with a huge number of roles in managing just a few sites.

Authenticating all sites to LDAP would be another option worthy of consideration.

A discovery in this process has been that to share the sequences table most effectively using MySQL's ability to handle symbolic links for tables seems to be the best way. This solves two problems. One is modules that don't work well with table prefixing. The other problem it avoids is one of table locking when trying to use a MySQL view in place of a table. The drawback is you need an up-to-date version of MySQL and it may not work with other databases.


1 Comment

I need this too

Let me know when you solve the problem. :)

On the MySQL approach - is that essentially just a symbolic link from the users table from one db to another? I didn't know that was possible.

One issue I have is that I want each site's statistics to accurately reflect the number of "real" users. So if someone has a reserved username across all my sites A, B & C (the desired approach), BUT they never log in to site C, I don't want site C's latest users block or statistics to list that person as a real user.