How do I allow for authentication using Active Directory attribute samAccountName
Commencing with Neo4j 3.2.2, it is now possible to authenticate using
Active Directory attribute samAccountName as opposed to the LDAP Display Name attribute. The following conf/neo4j.conf
parameters
must be enabled to use samAccountName.
dbms.security.auth_enabled=true
dbms.security.auth_provider=ldap
dbms.security.ldap.authentication.use_samaccountname=true
dbms.security.ldap.host=<the LDAP hostname>
dbms.security.ldap.authorization.use_system_account=true
dbms.security.ldap.authorization.system_username=cn=Administrator,cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.system_password=<password for the Administrator>
dbms.security.ldap.authorization.user_search_base=cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.user_search_filter=(&(objectClass=*)(samaccountname={0}))
dbms.security.ldap.authorization.user_search_base=cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.group_to_role_mapping=\
"cn=Neo4j Read Only,cn=Users,dc=example,dc=com" = reader ;\
"cn=Neo4j Read-Write,cn=Users,dc=example,dc=com" = publisher ;\
"cn=Neo4j Schema Manager,cn=Users,dc=example,dc=com" = architect ;\
"cn=Neo4j Administrator,cn=Users,dc=example,dc=com" = admin ;\
"cn=Neo4j Procedures,cn=Users,dc=example,dc=com" = allowed_role
With the following AD setup we can demonstrate successful authenication
Upon doing so connection is possible, as evidence
$ ./cypher-shell
username: neouser
password: ********
Connected to Neo4j 3.2.2 at bolt://localhost:7687 as user neouser.
Type :help for a list of available commands or :exit to exit the shell.
Note that Cypher queries must end with a semicolon.
neo4j> create (n:Person {id:1});
0 rows available after 231 ms, consumed after another 1 ms
Added 1 nodes, Set 1 properties, Added 1 labels
neo4j> match (n:Person {id:1}) return n;
+-------------------+
| n |
+-------------------+
| (:Person {id: 1}) |
+-------------------+
1 row available after 106 ms, consumed after another 8 ms
Is this page helpful?