I believe I may be using parameters incorrectly


(Paul Drangeid) #1

Attempting to perform a nested apoc.load.ldap

1st query (return all domain controllers and their DNS name) (this works fine!)

2nd query take each domain controller, connect to it, and query the lastlogon property for users on that domain controller. (then use this to create [:LOGGED_ON] relationships between LDAP users and domain controllers). I don't think I'm properly parameterizing the resulting values for use in the 2nd apoc.local.ldap call. Here's my code:

call apoc.load.ldap({ldapHost:'edc-dc3.mydomain.com',loginDN:'cn=_queryuser,cn=Managed Service Accounts,DC=mydomain,DC=com',loginPW:'MyPassw0rd'},
{searchBase:'ou=Domain Controllers,dc=mydomain,dc=com',searchScope:'SCOPE_SUB',
attributes:['dn','dNSHostName'],
searchFilter:'(&(objectCategory=computer)(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'})
yield entry as dc
with dc
:params {ldapprops: [{ldapHost: dc.dNSHostName, loginDN: "n=_queryuser,cn=Managed Service Accounts,DC=mydomain,DC=com", loginPW: "MyPassw0rd"}]}
call apoc.load.ldap(ldapprops,{searchBase:'ou=Hosted,dc=mydomain,dc=com',searchScope:'SCOPE_SUB',attributes:['userPrincipalName','LastLogon','userAccountControl'],
searchFilter:'(&(samAccountType=805306368))'})
yield entry as user
return user

The error I'm getting is:
Neo.ClientError.Statement.SyntaxError: Invalid input 'c': expected whitespace, comment or a relationship pattern (line 8, column 1 (offset: 580))
"call apoc.load.ldap(ldapprops,{searchBase:'ou=Hosted,dc=mydomain,dc=com',searchScope:'SCOPE_SUB',attributes:['userPrincipalName','LastLogon','userAccountControl'],"
^


(Michael Hunger) #2

The params line in between is wrong, you have to call params in its own separate browser command:
Note that what you pass there is JSON. (There is an alternative syntax where you pass Cypher expressions instead).

:params {"ldapprops": {"ldapHost":"edc-dc3.mydomain.com", "loginDN":"cn=_queryuser,cn=Managed Service Accounts,DC=mydomain,DC=com","loginPW":"MyPassw0rd"}} 

alternative:

:param ldapprops => {ldapHost:'edc-dc3.mydomain.com',loginDN:'cn=_queryuser,cn=Managed Service Accounts,DC=mydomain,DC=com',loginPW:'MyPassw0rd'}

and only after use them in your query with $ldapprops

What you're probably looking for is to declare a new variable within the query with WITH. See below.

call apoc.load.ldap($ldapprops,
{searchBase:'ou=Domain Controllers,dc=mydomain,dc=com',searchScope:'SCOPE_SUB', 
attributes:['dn','dNSHostName'], 
searchFilter:'(&(objectCategory=computer)(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'}) 
yield entry as dc 

WITH {ldapHost: dc.dNSHostName, loginDN: "n=_queryuser,cn=Managed Service Accounts,DC=mydomain,DC=com", loginPW: "MyPassw0rd"} as dcConnection

call apoc.load.ldap(dcConnection, {searchBase:'ou=Hosted,dc=mydomain,dc=com',searchScope:'SCOPE_SUB',attributes:['userPrincipalName','LastLogon','userAccountControl'], searchFilter:'(&(samAccountType=805306368))'}) 
yield entry as user 
return user

(Ted) #3

I'm using Neo4j Desktop 1.1.9 and Neo4j 3.4.4 and I'm unable to set multiple params in the same query. I used to be able to do this. I have numerous params that affect all of my queries. How do I do this? I tried Michael's suggestion above and unable to get this to work. The only way I can make this work is to create and save individual :param queries which is extremely inefficient and inconvenient. Any ideas or is this no longer possible?
Thanks!


(Andrew Bowman) #4

It's possible, just there's something weird going on with the parsing. If you remove the outermost brackets it should work:

:params "ldapprops": {"ldapHost":"edc-dc3.mydomain.com", "loginDN":"cn=_queryuser,cn=Managed Service Accounts,DC=mydomain,DC=com","loginPW":"MyPassw0rd"}

(Andrew Bowman) #5

Update on this, it has been fixed with browser version 3.2.11, so if you're using the browser that comes with Neo4j Desktop you should be up to date (or be able to update the app so you use the latest browser version).

However the browser that comes with Neo4j 3.4.9 is only 3.2.10, so if you're just using the browser provided by this version (or prior) then it's still affected.