如何使用 Active Directory 属性 samAccountName 进行身份验证
从 Neo4j 3.2.2 开始,现在可以使用 Active Directory 属性 samAccountName 进行身份验证,而不是使用 LDAP 显示名称属性。必须启用以下 conf/neo4j.conf 参数才能使用 samAccountName。
dbms.security.auth_enabled=true
dbms.security.auth_provider=ldap
dbms.security.ldap.authentication.use_samaccountname=true
dbms.security.ldap.host=<the LDAP hostname>
dbms.security.ldap.authorization.use_system_account=true
dbms.security.ldap.authorization.system_username=cn=Administrator,cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.system_password=<password for the Administrator>
dbms.security.ldap.authorization.user_search_base=cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.user_search_filter=(&(objectClass=*)(samaccountname={0}))
dbms.security.ldap.authorization.user_search_base=cn=Users,dc=example,dc=com
dbms.security.ldap.authorization.group_to_role_mapping=\
"cn=Neo4j Read Only,cn=Users,dc=example,dc=com" = reader ;\
"cn=Neo4j Read-Write,cn=Users,dc=example,dc=com" = publisher ;\
"cn=Neo4j Schema Manager,cn=Users,dc=example,dc=com" = architect ;\
"cn=Neo4j Administrator,cn=Users,dc=example,dc=com" = admin ;\
"cn=Neo4j Procedures,cn=Users,dc=example,dc=com" = allowed_role通过以下 AD 设置,我们可以演示成功的身份验证
这样做后,连接是可能的,作为证据
$ ./cypher-shell
username: neouser
password: ********
Connected to Neo4j 3.2.2 at bolt://localhost:7687 as user neouser.
Type :help for a list of available commands or :exit to exit the shell.
Note that Cypher queries must end with a semicolon.neo4j> create (n:Person {id:1});
0 rows available after 231 ms, consumed after another 1 ms
Added 1 nodes, Set 1 properties, Added 1 labels
neo4j> match (n:Person {id:1}) return n;
+-------------------+
| n |
+-------------------+
| (:Person {id: 1}) |
+-------------------+
1 row available after 106 ms, consumed after another 8 ms此页面是否有帮助?