How do I allow for authentication using Active Directory attribute samAccountName

Commencing with Neo4j 3.2.2, it is now possible to authenticate using Active Directory attribute samAccountName as opposed to the LDAP Display Name attribute. The following conf/neo4j.conf parameters must be enabled to use samAccountName.

dbms.security.auth_enabled=true
dbms.security.auth_provider=ldap
dbms.security.ldap.authentication.use_samaccountname=true

dbms.security.ldap.host=<the LDAP hostname>
dbms.security.ldap.authorization.use_system_account=true
dbms.security.ldap.authorization.system_username=cn=Administrator,cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.system_password=<password for the Administrator>

dbms.security.ldap.authorization.user_search_base=cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.user_search_filter=(&(objectClass=*)(samaccountname={0}))
dbms.security.ldap.authorization.user_search_base=cn=Users,dc=example,dc=com

dbms.security.ldap.authorization.group_to_role_mapping=\
"cn=Neo4j Read Only,cn=Users,dc=example,dc=com" = reader ;\
"cn=Neo4j Read-Write,cn=Users,dc=example,dc=com" = publisher ;\
"cn=Neo4j Schema Manager,cn=Users,dc=example,dc=com" = architect ;\
"cn=Neo4j Administrator,cn=Users,dc=example,dc=com" = admin ;\
"cn=Neo4j Procedures,cn=Users,dc=example,dc=com" = allowed_role

With the following AD setup we can demonstrate successful authenication

image

image

image

Upon doing so connection is possible, as evidence

./cypher-shell
username: neouser
password: ********
Connected to Neo4j 3.2.2 at bolt://localhost:7687 as user neouser.
Type :help for a list of available commands or :exit to exit the shell.
Note that Cypher queries must end with a semicolon.
neo4j> create (n:Person {id:1});
0 rows available after 231 ms, consumed after another 1 ms
Added 1 nodes, Set 1 properties, Added 1 labels
neo4j> match (n:Person {id:1}) return n;
+-------------------+
| n                 |
+-------------------+
| (:Person {id: 1}) |
+-------------------+

1 row available after 106 ms, consumed after another 8 ms

  • Last Modified: 2020-10-22 22:13:22 UTC by Dana Canzano.
  • Relevant for Neo4j Versions: 3.2.
  • Relevant keywords samaccountname, account, authentication, authorization.