Authorization Issues

Hi team. We are struggling with some issues using Neo4j. Can anyone provide some help? Thanks...

  • Create new User with “CALL” function doesn’t work. This is in both 3.5.17 community and enterprise editions.

  • Log in with default user/pass after forced password change works. But once you log out of the Neo4j GUI with “:server disconnect”, you are unable to log back in. This is in both community and enterprise v3.5.17.

  • No place to add API key for v.3.5.17 enterprise.

Create new User with “CALL” function doesn’t work.

how so? which stored procedure and via a call statement was run? It doesn't work? Did it give you an error or did was the stored procedure successful but had no effect ? or ????

No place to add API key for v.3.5.17 enterprise.

which API key?

Dana: Thanks for the reply!

Q: Which API key?**
A: The API key that was provided in email upon acceptance into startup program.*

Q: Which stored procedure and via a call statement was run?**
A: I guess I should have been more descriptive, one cannot log out with ':server disconnect' and log back in.*

Logging back in id denied every time when users are created with:

CALL dbms.security.createUser('johnsmith', 'h6u4%kr', true)

Thanks, Jay

regarding

CALL dbms.security.createUser('johnsmith', 'h6u4%kr', true)

how is this being run? Is this via the Neo4j Browser? if so white Browser vendor. I'm using Chrome and when I run

CALL dbms.security.createUser('johnsmith', 'h6u4%kr', true);

and then :server disconnect I am able to then authenticate as user'johnsmith and password h6u4%kr and am prompted for a new password.

Also, Neo4j users and roles are recorded in data/dbms/auth and data/dbms/roles respectively. After running the stored procedure above do you see a johnsmith written to data\dbms\auth ?

Hi @dana.canzano, I work with @jay -
Yes we can see the values in data/dbms/* but am still unable to log back in. I am serving NEO4J via NGINX on SSL. Another peculiar thing is that the REST API routes 'CREATE" or 'MERGE' labels of nodes, but do not create the nodes themselves. Here is the build for it -> https://github.com/joehoeller/nginx-server-neo4j-graph-db

Also, where do we add the API key at for neo4j:3.5.16-enterprise?

@joehoeller simply as a means to further diagnose, if you restart docker are you then able to log in.
You github repo make reference to

url = "http://localhost:7474/db/neo4j/tx/commit"
headers = {
    'Content-Type': 'application/json',
    'Accept': 'application/json;charset=UTF-8',
}

r = requests.request("POST", url, data=json.dumps(create_my_store_with_customer), headers=headers)
print(r.text)

Addt'l documentation on the REST API can be found here: https://neo4j.com/docs/rest-docs/3.5/

the reference to /db/neo4j/tx/commit appears to be of 4.0.x syntax

And the usage of https://neo4j.com/docs/rest-docs/3.5/ indicates

The API described in this manual been deprecated and will be removed in Neo4j 4.0. Cypher and procedures should be used instead, either via the HTTP API, or via Bolt using the official drivers

so if you are just starting to build on Neo4j it might not be best to use a REST API that is deprecated come 4.0. For 3.5 we would recommend https://neo4j.com/docs/http-api/3.5/

why does it work on my desktop and not on a server, according to the docs, yes it is dep'd for v4, but works for v3.5.

why does it work on my desktop and not on a server, according to the docs, yes it is dep'd for v4, but works for v3.5.

??? sorry not sure I follow. 'why does it work' ?

I am saying it works fine locally, but once deployed to a server it does not.

@joehoeller I'm still confused by 'it'
Are you suggesting that

url = "http://localhost:7474/db/neo4j/tx/commit"

works fine locally but once deployed to the server it does not. Or is the 'it' something else? And if this is your issue are both the local and server instance running the same version of Neo4j?

As I stated previously, "REST API routes 'CREATE" or 'MERGE' labels of nodes, but do not create the nodes themselves".

Please stop answering questions with questions. That is not helpful.
Lets focus on 1 issue at a time:

Where do i enter the api key?

You can just keep the license key for your own documents. No need to add it anywhere.

I strongly recommend to not use the REST API's use a bolt driver instead for your language.

I think it might be your deployment setup that has a hiccup somewhere which makes it doesn't work.

As usual I suggest starting with the working local install and then add your deployment stuff bit bit bit until it fails.

Proxying etc. has a lot of additional complexities (including advertised URIs, proxy addresses to respond to etc.) that I wouldn't start with that.

Thank you @dana.canzano for being so patient. And yes answering questions with questions is necessary if the required details are missing from previous statements. "doesn't work" etc. is not helpful.