Knowledge Base

How do I allow for authentication using Active Directory attribute samAccountName

Commencing with Neo4j 3.2.2, it is now possible to authenticate using Active Directory attribute samAccountName as opposed to the LDAP Display Name attribute. The following conf/neo4j.conf parameters must be enabled to use samAccountName.<the LDAP hostname>,cn=Users,dc=example,dc=com<password for the Administrator>,dc=example,dc=com*)(samaccountname={0})),dc=example,dc=com\
"cn=Neo4j Read Only,cn=Users,dc=example,dc=com" = reader ;\
"cn=Neo4j Read-Write,cn=Users,dc=example,dc=com" = publisher ;\
"cn=Neo4j Schema Manager,cn=Users,dc=example,dc=com" = architect ;\
"cn=Neo4j Administrator,cn=Users,dc=example,dc=com" = admin ;\
"cn=Neo4j Procedures,cn=Users,dc=example,dc=com" = allowed_role

With the following AD setup we can demonstrate successful authenication




Upon doing so connection is possible, as evidence

$ ./cypher-shell
username: neouser
password: ********
Connected to Neo4j 3.2.2 at bolt://localhost:7687 as user neouser.
Type :help for a list of available commands or :exit to exit the shell.
Note that Cypher queries must end with a semicolon.
neo4j> create (n:Person {id:1});
0 rows available after 231 ms, consumed after another 1 ms
Added 1 nodes, Set 1 properties, Added 1 labels
neo4j> match (n:Person {id:1}) return n;
| n                 |
| (:Person {id: 1}) |

1 row available after 106 ms, consumed after another 8 ms