diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java
index b18a712a6d14f..3bcda7c3a419e 100644
--- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java
+++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java
@@ -194,7 +194,8 @@ public boolean supports( AuthenticationToken token )
         {
             if ( token instanceof ShiroAuthToken )
             {
-                return ((ShiroAuthToken) token).getScheme().equals( "basic" );
+                ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
+                return shiroAuthToken.getScheme().equals( "basic" ) && (shiroAuthToken.supportsRealm( "neo4j" ));
             }
             return false;
         }
diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/LdapRealm.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/LdapRealm.java
index d0a65d9830ebd..cb7c01c008a7a 100644
--- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/LdapRealm.java
+++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/LdapRealm.java
@@ -60,6 +60,7 @@
 import javax.naming.ldap.StartTlsResponse;
 
 import org.neo4j.kernel.api.security.AuthenticationResult;
+import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
 import org.neo4j.kernel.configuration.Config;
 import org.neo4j.logging.Log;
 import org.neo4j.logging.LogProvider;
@@ -270,6 +271,29 @@ protected void clearCachedAuthorizationInfo( PrincipalCollection principals )
         authorizationInfoCache.remove( username );
     }
 
+    @Override
+    public boolean supports( AuthenticationToken token )
+    {
+        return super.supports( token ) && realmUnspecifiedOrMatched( token );
+    }
+
+    private boolean realmUnspecifiedOrMatched( AuthenticationToken token )
+    {
+        try
+        {
+            if ( token instanceof ShiroAuthToken )
+            {
+                ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
+                return shiroAuthToken.getScheme().equals( "basic" ) && (shiroAuthToken.supportsRealm( "ldap" ));
+            }
+            return false;
+        }
+        catch ( InvalidAuthTokenException e )
+        {
+            return false;
+        }
+    }
+
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals )
     {
diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthToken.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthToken.java
index baa67a0bfdabd..420b62286a0a9 100644
--- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthToken.java
+++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthToken.java
@@ -28,6 +28,7 @@
 
 public class ShiroAuthToken implements AuthenticationToken
 {
+    private static final String REALM_KEY = "realm";
     private final Map<String,Object> authToken;
 
     public ShiroAuthToken( Map<String,Object> authToken )
@@ -56,4 +57,10 @@ Map<String,Object> getAuthTokenMap()
     {
         return authToken;
     }
+
+    /** returns true if token map does not specify a realm, or if it specifies the requested realm */
+    public boolean supportsRealm( String realm )
+    {
+        return !authToken.containsKey( REALM_KEY ) || authToken.get( REALM_KEY ).equals( realm );
+    }
 }
diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java
index 5e4a4cf888fcc..26d43ece6e9fb 100644
--- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java
+++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java
@@ -129,7 +129,7 @@ public BoltSubject login( String username, String password ) throws Exception
         }
         subject.client.connect( address ).send( TransportTestUtil.acceptedVersions( 1, 0, 0, 0 ) )
                 .send( TransportTestUtil.chunk( InitMessage.init( "TestClient/1.1",
-                        map( "principal", username, "credentials", password, "scheme", "basic" ) ) ) );
+                        map( "realm", "neo4j", "principal", username, "credentials", password, "scheme", "basic" ) ) ) );
         assertThat( subject.client, TransportTestUtil.eventuallyReceives( new byte[]{0, 0, 0, 1} ) );
         subject.setLoginResult( TransportTestUtil.receiveOneResponseMessage( subject.client ) );
         return subject;