Open marohamamjyan opened 2 months ago
Hi @marohamamjyan, thanks for the report. LDAP authentication and authorization is an enterprise only feature, could it be that you are trying this in community? If you are in enterprise I would suggest in the first instance, the best way to get assistance with it is to open a support ticket with Neo4j support if you are able to do that.
Hi @marohamamjyan , did the above suggestion help your issue? Can we close this issue? Thanks!
Hello @LinneaAndersson , I am on community version. I've noticed in neo4j-comminity.conf this part `dbms.security.auth_enabled=true
dbms.security.auth_provider=ldap dbms.security.ldap.auth_provider.type=unsecured dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword`
If this part should not be used, can you please advice how should I use authorization part? Or did I understand you right that as I use community version I shouldn't use any authorization?
Thank you
hi @marohamamjyan,
For Community Edition you should just set:
dbms.security.auth_enabled=true
if you want authentication enabled.
Community edition supports "native" (i.e. username and password) authentication only. It does not support other types of authentication like LDAP, so you should remove all config settings containing ldap
. Nor does it support fine-grained authorization.
Here is a useful configuration reference. Any settings with the Enterprise Edition
label are not supported in the Community Edition.
Thanks
@LinneaAndersson In neo4j-comminity.conf I have chnaged settings like so
dbms.security.auth_enabled=false
and commented all the other settings I described above
deployed neo4j one more time, now in browser I've tried to login without authentication and get this error:
In pod logs I have this:
Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time. 2024-06-13 12:08:48.267+0000 INFO Logging config in use: File '/config/user-logs.xml/user-logs.xml' 2024-06-13 12:08:48.275+0000 INFO Command expansion is explicitly enabled for configuration 2024-06-13 12:08:48.336+0000 INFO Starting... 2024-06-13 12:08:50.460+0000 INFO This instance is ServerId{1f178455} (1f178455-8ac3-48f7-859c-af3584938834) 2024-06-13 12:08:52.460+0000 INFO ======== Neo4j 5.19.0 ======== 2024-06-13 12:08:55.973+0000 INFO Bolt enabled on 0.0.0.0:7687. 2024-06-13 12:08:57.437+0000 INFO HTTP enabled on 0.0.0.0:7474. 2024-06-13 12:08:57.438+0000 INFO Remote interface available at http://localhost:7474/ 2024-06-13 12:08:57.440+0000 INFO id: B0613C840A939C96DE3FF8B347864DE10F907E564F00C8DBC572A9A044D209E5 2024-06-13 12:08:57.441+0000 INFO name: system 2024-06-13 12:08:57.441+0000 INFO creationDate: 2024-04-09T08:33:32.535Z 2024-06-13 12:08:57.441+0000 INFO Started. 2024-06-13 12:09:20.974+0000 WARN [bolt-12] The client is unauthorized due to authentication failure. 2024-06-13 12:09:20.997+0000 WARN [bolt-13] The client is unauthorized due to authentication failure. 2024-06-13 12:09:21.016+0000 WARN [bolt-14] The client is unauthorized due to authentication failure.
Hello @phil198 thanks for information. I changed the neo4j-comminity.conf like so now dbms.security.auth_enabled=true
dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword
after deployment when I try to sign in browser with authentication I get this error:
Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row.
In pod I have this logs:
Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time. 2024-06-13 12:22:41.460+0000 INFO Logging config in use: File '/config/user-logs.xml/user-logs.xml' 2024-06-13 12:22:41.468+0000 INFO Command expansion is explicitly enabled for configuration 2024-06-13 12:22:41.535+0000 INFO Starting... 2024-06-13 12:22:43.957+0000 INFO This instance is ServerId{1f178455} (1f178455-8ac3-48f7-859c-af3584938834) 2024-06-13 12:22:45.974+0000 INFO ======== Neo4j 5.19.0 ======== 2024-06-13 12:22:49.491+0000 INFO Bolt enabled on 0.0.0.0:7687. 2024-06-13 12:22:51.038+0000 INFO HTTP enabled on 0.0.0.0:7474. 2024-06-13 12:22:51.039+0000 INFO Remote interface available at http://localhost:7474/ 2024-06-13 12:22:51.042+0000 INFO id: B0613C840A939C96DE3FF8B347864DE10F907E564F00C8DBC572A9A044D209E5 2024-06-13 12:22:51.042+0000 INFO name: system 2024-06-13 12:22:51.042+0000 INFO creationDate: 2024-04-09T08:33:32.535Z 2024-06-13 12:22:51.043+0000 INFO Started. 2024-06-13 12:23:35.071+0000 WARN [bolt-20] The client is unauthorized due to authentication failure. 2024-06-13 12:23:35.892+0000 WARN [bolt-23] The client is unauthorized due to authentication failure. 2024-06-13 12:23:37.442+0000 WARN [bolt-24] The client is unauthorized due to authentication failure. 2024-06-13 12:25:27.603+0000 WARN [bolt-69] The client is unauthorized due to authentication failure. 2024-06-13 12:25:27.634+0000 WARN [bolt-70] The client has provided incorrect authentication details too many times in a row. 2024-06-13 12:25:27.670+0000 WARN [bolt-71] The client has provided incorrect authentication details too many times in a row. m.hamamjyan@srv-kma-1-t:~$
Hi @marohamamjyan, the following config entries are not valid / used:
dbms.security.auth_provider.username=neo4j
dbms.security.auth_provider.password=mypassword
The password that is being checked and is incorrect is the one you're passing in via the front-end.
Hi @phil198 , you are right, can you please advise how the password that should be used via front-end, should be configured? Thanks
Hi @marohamamjyan,
you can either run the set-initial-password
command before the first time you run the database for the first time (assuming you have already run the database, then this will no longer be possible unless you delete your installation and start again).
Or you can use the default password of neo4j
(which you will be prompted to change the first time you log in).
See here for details.
Hello, I am a new user for neo4j, I've installed it from scratch, I have set username and password in values.yaml file and when I try to enter I get this error: Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row.
Later I also added this lines in neo4j-community.conf
dbms.security.auth_enabled=true dbms.security.auth_provider=ldap dbms.security.ldap.auth_provider.type=unsecured dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword
Nut it didn't help as well Please help to solve the problem, I've tried helm delete and then helm install, it didn't help.