Same Problem for me. Although I know: It’s a problem with the mail attribute.
My Server issues the name “mail” for the attribute. When loging in a new user I get the same error “Maybe a realm violation”. When I subistute the attribute on the Admin Site with a wrong name (i.e. “email”) and login the new user it works fine, without syncing the e-mail-address from the LDAP server. Then changing the attribute back to “mail”, and login the before mentioned user in again syncronizes the e-mail-address from the LDAP server.
What to do?
Sounds like the tester tool returns a false-positive when the Realm and Login attributes are not being defined, I’ll clean up the tester tool so it’s less confusing.
Authentication and Realm issues most often stem from the settings in “LDAP Login Attribute” and optionally in the “LDAP Role Manager Attribute” setting.
The “LDAP Login Attribute” is the attribute used to determine who the logging-in user is. Whatever value the user enters for username, this value is checked against the LDAP directory attribute defined. If the match cannot find 1 and only 1 DN, the user will get a login fail notice. This is because the plugin is unable to determine a unique person. If you use an email attribute to map to username values, the email value must be one that matches 1 and only 1 person.
The “LDAP Role Manager Attribute” is 3 parts, older versions of the plugin didn’t document this well. The 3 parts are “{realm} {domain} {accesslevel}”.
The “{realm}” portion is always literally WP, which denotes WordPress Realm. The second is the literal value “__ALL__” for all domains of WordPress sites your managing logins for, or the FQDN value for specific domain. The “{accesslevel}” value is one of the standard WP access level, fixed words: administrator, author, editor, contributor, or subscriber.
A DN can have 1 or many “LDAP Role Manager Attribute”, the highest access level match is used. This way you can centrally manage access control to any level detail you need.
Hope that helps.
i have this same problem and i really don’t get it. what to do?
i am trying to solve this thing since so long but i couldn’t find a solution and i didn’t get it what did you explain here, can you please help us again to solve this problem.
why this testing toll shows okay and when we actually want to login into wordpress it shows realm error.
i am really confussed now what i can do.
i have hosted this wordpress on linux machin and my linux machine gives me error that “ldap_login password_ and_role_manager.php: funaction ldap_login_password_and_role_manager_update_wp_user(). user xxxx wp_update_user() error: empty_user_login: cannot creat a user with an empty login name.”
and then another massage thatz authentication failed
I managed to get this working – though I’m not sure why this should matter but the ldap login attribute could not have any uppercase letters in it. I fixed it by fluke really – I had the attribute as sAMaccountname and changed it to samaccountname and the realm violation stopped. Change it back and the realm violations start again. Hope this helps someone else.
I confirm : if the name of the attribute contening access rights (like “WP __ALL__ author”) have some uppercase letters, we obtain “Maybe a realm violation”.
With no uppercase letters, its OK.
Hi to all,
as read from alexperl, I got the same problem… so:
– changed LDAP Login Attribute all lower case: samaccountname;
– changed LDAP Email Attribute to “something wrong” and it worked (I can login and the user is created), but without populate the user “email address field”, than revert to “mail” and it works, it create new users and the “email address field” is correctly populated!
Regards, Stefano.
Actually there are still some problems… local users (eg. admin) cannot login. The login interface get users only via LDAP and doesn’t read (as first) from the local user db.
I guess this plugin is really not compatible with WP 3.7.1 (my currently release)… I read that is not supported but “the hope is the last to die ;)”. So, started using “Active Directory Integration” which works fine.
Regards.
