Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row. about neo4j HOT 9 CLOSED

Hi @marohamamjyan, thanks for the report. LDAP authentication and authorization is an enterprise only feature, could it be that you are trying this in community? If you are in enterprise I would suggest in the first instance, the best way to get assistance with it is to open a support ticket with Neo4j support if you are able to do that.

from neo4j.

Hi @marohamamjyan , did the above suggestion help your issue? Can we close this issue? Thanks!

from neo4j.

Hello @LinneaAndersson , I am on community version. I've noticed in neo4j-comminity.conf this part
dbms.security.auth_enabled=true #My added# dbms.security.auth_provider=ldap dbms.security.ldap.auth_provider.type=unsecured dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword

If this part should not be used, can you please advice how should I use authorization part? Or did I understand you right that as I use community version I shouldn't use any authorization?

Thank you

from neo4j.

hi @marohamamjyan,

For Community Edition you should just set:

dbms.security.auth_enabled=true if you want authentication enabled.

Community edition supports "native" (i.e. username and password) authentication only. It does not support other types of authentication like LDAP, so you should remove all config settings containing ldap. Nor does it support fine-grained authorization.

Here is a useful configuration reference. Any settings with the Enterprise Edition label are not supported in the Community Edition.

Thanks

from neo4j.

@LinneaAndersson In neo4j-comminity.conf I have chnaged settings like so
dbms.security.auth_enabled=false
and commented all the other settings I described above

#dbms.security.auth_provider=ldap
#dbms.security.ldap.auth_provider.type=unsecured
#dbms.security.auth_provider.username=neo4j
#dbms.security.auth_provider.password=mypassword

deployed neo4j one more time, now in browser I've tried to login without authentication and get this error:

In pod logs I have this:
Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time. 2024-06-13 12:08:48.267+0000 INFO Logging config in use: File '/config/user-logs.xml/user-logs.xml' 2024-06-13 12:08:48.275+0000 INFO Command expansion is explicitly enabled for configuration 2024-06-13 12:08:48.336+0000 INFO Starting... 2024-06-13 12:08:50.460+0000 INFO This instance is ServerId{1f178455} (1f178455-8ac3-48f7-859c-af3584938834) 2024-06-13 12:08:52.460+0000 INFO ======== Neo4j 5.19.0 ======== 2024-06-13 12:08:55.973+0000 INFO Bolt enabled on 0.0.0.0:7687. 2024-06-13 12:08:57.437+0000 INFO HTTP enabled on 0.0.0.0:7474. 2024-06-13 12:08:57.438+0000 INFO Remote interface available at http://localhost:7474/ 2024-06-13 12:08:57.440+0000 INFO id: B0613C840A939C96DE3FF8B347864DE10F907E564F00C8DBC572A9A044D209E5 2024-06-13 12:08:57.441+0000 INFO name: system 2024-06-13 12:08:57.441+0000 INFO creationDate: 2024-04-09T08:33:32.535Z 2024-06-13 12:08:57.441+0000 INFO Started. 2024-06-13 12:09:20.974+0000 WARN [bolt-12] The client is unauthorized due to authentication failure. 2024-06-13 12:09:20.997+0000 WARN [bolt-13] The client is unauthorized due to authentication failure. 2024-06-13 12:09:21.016+0000 WARN [bolt-14] The client is unauthorized due to authentication failure.

from neo4j.

Hello @phil198
thanks for information. I changed the neo4j-comminity.conf like so now
dbms.security.auth_enabled=true
#dbms.security.auth_provider=ldap
#dbms.security.ldap.auth_provider.type=unsecured
dbms.security.auth_provider.username=neo4j
dbms.security.auth_provider.password=mypassword

after deployment when I try to sign in browser with authentication I get this error:
Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row.

In pod I have this logs:

Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time. 2024-06-13 12:22:41.460+0000 INFO Logging config in use: File '/config/user-logs.xml/user-logs.xml' 2024-06-13 12:22:41.468+0000 INFO Command expansion is explicitly enabled for configuration 2024-06-13 12:22:41.535+0000 INFO Starting... 2024-06-13 12:22:43.957+0000 INFO This instance is ServerId{1f178455} (1f178455-8ac3-48f7-859c-af3584938834) 2024-06-13 12:22:45.974+0000 INFO ======== Neo4j 5.19.0 ======== 2024-06-13 12:22:49.491+0000 INFO Bolt enabled on 0.0.0.0:7687. 2024-06-13 12:22:51.038+0000 INFO HTTP enabled on 0.0.0.0:7474. 2024-06-13 12:22:51.039+0000 INFO Remote interface available at http://localhost:7474/ 2024-06-13 12:22:51.042+0000 INFO id: B0613C840A939C96DE3FF8B347864DE10F907E564F00C8DBC572A9A044D209E5 2024-06-13 12:22:51.042+0000 INFO name: system 2024-06-13 12:22:51.042+0000 INFO creationDate: 2024-04-09T08:33:32.535Z 2024-06-13 12:22:51.043+0000 INFO Started. 2024-06-13 12:23:35.071+0000 WARN [bolt-20] The client is unauthorized due to authentication failure. 2024-06-13 12:23:35.892+0000 WARN [bolt-23] The client is unauthorized due to authentication failure. 2024-06-13 12:23:37.442+0000 WARN [bolt-24] The client is unauthorized due to authentication failure. 2024-06-13 12:25:27.603+0000 WARN [bolt-69] The client is unauthorized due to authentication failure. 2024-06-13 12:25:27.634+0000 WARN [bolt-70] The client has provided incorrect authentication details too many times in a row. 2024-06-13 12:25:27.670+0000 WARN [bolt-71] The client has provided incorrect authentication details too many times in a row. m.hamamjyan@srv-kma-1-t:~$

from neo4j.

Hi @marohamamjyan, the following config entries are not valid / used:

dbms.security.auth_provider.username=neo4j
dbms.security.auth_provider.password=mypassword

The password that is being checked and is incorrect is the one you're passing in via the front-end.

from neo4j.

Hi @phil198 , you are right, can you please advise how the password that should be used via front-end, should be configured?
Thanks

from neo4j.

Hi @marohamamjyan,

you can either run the set-initial-password command before the first time you run the database for the first time (assuming you have already run the database, then this will no longer be possible unless you delete your installation and start again).

Or you can use the default password of neo4j (which you will be prompted to change the first time you log in).

See here for details.

from neo4j.