[resolved] Test Successful but actual authentication fails (10 posts)

  1. jrwmacdonald2
    Posted 2 years ago #

    Good day,

    Tests are successful but when actually trying to login (new or returning users) get "realm violation" error. I have double checked that the "LDAP Role Manager Attribute" is empty as suggested in frankkoenen's query from a year ago.

    Any other suggestions? Much appreciated. James


  2. alexperl
    Posted 2 years ago #

    Same Problem for me. Although I know: It's a problem with the mail attribute.

    My Server issues the name "mail" for the attribute. When loging in a new user I get the same error "Maybe a realm violation". When I subistute the attribute on the Admin Site with a wrong name (i.e. "email") and login the new user it works fine, without syncing the e-mail-address from the LDAP server. Then changing the attribute back to "mail", and login the before mentioned user in again syncronizes the e-mail-address from the LDAP server.

    What to do?

  3. esmi
    Forum Moderator
    Posted 2 years ago #

    As per the Forum Welcome, please post your own topic.

  4. frankkoenen
    Plugin Author

    Posted 1 year ago #

    Sounds like the tester tool returns a false-positive when the Realm and Login attributes are not being defined, I'll clean up the tester tool so it's less confusing.

    Authentication and Realm issues most often stem from the settings in "LDAP Login Attribute" and optionally in the "LDAP Role Manager Attribute" setting.

    The "LDAP Login Attribute" is the attribute used to determine who the logging-in user is. Whatever value the user enters for username, this value is checked against the LDAP directory attribute defined. If the match cannot find 1 and only 1 DN, the user will get a login fail notice. This is because the plugin is unable to determine a unique person. If you use an email attribute to map to username values, the email value must be one that matches 1 and only 1 person.

    The "LDAP Role Manager Attribute" is 3 parts, older versions of the plugin didn't document this well. The 3 parts are "{realm} {domain} {accesslevel}".
    The "{realm}" portion is always literally WP, which denotes WordPress Realm. The second is the literal value "__ALL__" for all domains of WordPress sites your managing logins for, or the FQDN value for specific domain. The "{accesslevel}" value is one of the standard WP access level, fixed words: administrator, author, editor, contributor, or subscriber.

    A DN can have 1 or many "LDAP Role Manager Attribute", the highest access level match is used. This way you can centrally manage access control to any level detail you need.

    Hope that helps.

    Posted 1 year ago #

    i have this same problem and i really don't get it. what to do?
    i am trying to solve this thing since so long but i couldn't find a solution and i didn't get it what did you explain here, can you please help us again to solve this problem.
    why this testing toll shows okay and when we actually want to login into wordpress it shows realm error.
    i am really confussed now what i can do.
    i have hosted this wordpress on linux machin and my linux machine gives me error that "ldap_login password_ and_role_manager.php: funaction ldap_login_password_and_role_manager_update_wp_user(). user xxxx wp_update_user() error: empty_user_login: cannot creat a user with an empty login name."
    and then another massage thatz authentication failed

  6. jrwmacdonald2
    Posted 1 year ago #

    I managed to get this working - though I'm not sure why this should matter but the ldap login attribute could not have any uppercase letters in it. I fixed it by fluke really - I had the attribute as sAMaccountname and changed it to samaccountname and the realm violation stopped. Change it back and the realm violations start again. Hope this helps someone else.

  7. m.ambrosy
    Posted 1 year ago #

    I confirm : if the name of the attribute contening access rights (like "WP __ALL__ author") have some uppercase letters, we obtain "Maybe a realm violation".
    With no uppercase letters, its OK.

  8. ste.giraldo
    Posted 1 year ago #

    Hi to all,
    as read from alexperl, I got the same problem... so:
    - changed LDAP Login Attribute all lower case: samaccountname;
    - changed LDAP Email Attribute to "something wrong" and it worked (I can login and the user is created), but without populate the user "email address field", than revert to "mail" and it works, it create new users and the "email address field" is correctly populated!

    Regards, Stefano.

  9. ste.giraldo
    Posted 1 year ago #

    Actually there are still some problems... local users (eg. admin) cannot login. The login interface get users only via LDAP and doesn't read (as first) from the local user db.

  10. ste.giraldo
    Posted 1 year ago #

    I guess this plugin is really not compatible with WP 3.7.1 (my currently release)... I read that is not supported but "the hope is the last to die ;)". So, started using "Active Directory Integration" which works fine.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.