Neo4j

shanthi_viswana · ‎01-05-2021

I am connecting to LDAP and I get an error. More than the error what confuses me is the message in the debug.log that says DB health is okay. A portion of the log is pasted below.

2021-01-06 00:29:03.354+0000 INFO [o.n.k.a.DatabaseAvailabilityGuard] [movies] Fulfilling of requirement 'Database unavailable' makes database movies available.
2021-01-06 00:29:03.355+0000 INFO [o.n.k.a.DatabaseAvailabilityGuard] [movies] Database movies is ready.
2021-01-06 00:29:03.355+0000 INFO [o.n.i.i.l.LabelScanStore] [neo4j] Label index cleanup job closed
2021-01-06 00:29:03.355+0000 INFO [o.n.m.DatabaseHealth] [movies] Database health set to OK
2021-01-06 00:29:03.358+0000 INFO [c.n.k.i.p.PageCacheWarmer] [movies] Page cache warmup started.
2021-01-06 00:29:03.407+0000 INFO [o.n.k.a.DatabaseAvailabilityGuard] [neo4j] Requirement Database unavailable makes database neo4j unavailable.
2021-01-06 00:29:03.408+0000 INFO [o.n.k.a.DatabaseAvailabilityGuard] [neo4j] Database neo4j is unavailable.
2021-01-06 00:29:03.441+0000 WARN [o.n.k.i.s.MetaDataStore] [neo4j] Missing counts store, rebuilding it.
2021-01-06 00:29:03.457+0000 WARN [o.n.k.i.s.MetaDataStore] [neo4j] Counts store rebuild completed.
2021-01-06 00:29:03.462+0000 INFO [o.n.k.a.DatabaseAvailabilityGuard] [neo4j] Fulfilling of requirement 'Database unavailable' makes database neo4j available.
2021-01-06 00:29:03.462+0000 INFO [o.n.k.a.DatabaseAvailabilityGuard] [neo4j] Database neo4j is ready.
2021-01-06 00:29:03.463+0000 INFO [o.n.m.DatabaseHealth] [neo4j] Database health set to OK

In the security.log, I see an error
2021-01-06 00:29:04.533+0000 INFO Performing postInitialization step for component 'security-users' with version 2 and status CURRENT
2021-01-06 00:29:04.535+0000 INFO Updating the initial password in component 'security-users'
2021-01-06 00:29:04.543+0000 DEBUG Opened auth.ini file to find the initial user
2021-01-06 00:29:04.545+0000 DEBUG Valid auth.ini file: found initial user
2021-01-06 00:29:04.546+0000 INFO Updating initial user password from auth.ini file: neo4j
2021-01-06 00:29:12.123+0000 ERROR [neo4j]: failed to log in: invalid principal or credentials (LDAP authentication failed.) ([LDAP: error code 32 - LDAP Error 32 : [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'OU=People,DC=yyyy,DC=xxxx,DC=com'
]])

What is the username neo4j uses to log in to LDAP in the sense where is it getting the string to substitute the {0} with?

Thanks
Shanthi

michael_hunger · ‎01-09-2021

Can you share your LDAP config (the non sensitive parts)

You should also be able to just raise a support ticket for your Enterprise Edition.

dana_canzano · ‎01-09-2021

Integration with LDAP directory services - Operations Manual describes how to configue Neo4j to connect to the LDAP server based upon 1 of 3 methods. Which one are you configured for.

Additionally said doc provides example of a ldapsearch command to validate connectivity.
Has this been validated

anthapu · ‎01-09-2021

It seems you are are trying to login as "neo4j" user. Do you have neo4j user in Active directory? If not try with the actual user in active directory. Also, if you do want to login using neo4j user you might want to add native also to the authentication and authorization providers.

Also it would be good if you can provide the config section to see how it is defined.

Neo4j

Connecting neo4j 4.1.3 enterprise edition with ldap