Post-installation settings

Propagation of users in a cluster

In a Neo4j cluster, "neo4j" users are not synchronized between all servers. This means that if you change a user's password, the change will not be reflected to all servers in the cluster. For more details and ways to synchronize, please see section 8.4.3 of the pdf documentation (or online).

The user database is located in the NEOJ_HOME/data/dbms of Neo4j. As mentioned in the Neo4j documentation, we can consider several solutions to synchronize the user base:

You are free to choose the implementation.

SECollab will not work if its Neo4j user "secollab" is not the same on each server in the cluster.

Changing the administrator account

By default, there is only one user on a Neo4j database. This one has the role "admin" and its identifiers are "neo4j" for the login and "neo4j" for the password. This account is not usable because it is mandatory to change the default password to use it. For that, we will use the command-line utility "neo4j-admin".

neo4j-admin set-initial-password aV3ryChall3ngingPassw0rd
Changed password for user 'neo4j'

Related documentation is available in section 4.4 of the pdf (or online).

Creating an application account for SECollab

To work SECollab needs an account with an "architect" role. To create a user, we will use the client cypher-shell to connect to the Neo4j database and pass user management queries (the cypher-shell tool is available in the NEO4J_HOME/bin of the Neo4j installation folder). To do this, follow these instructions:

With the same method, you can create a new user, give them a role "admin" and delete the user "neo4j" present by default to the installation of Neo4j.

For more information, see section 8.4 of the pdf documentation (or online).

Firewall settings

For authorization of network flows, see section 4.3 of the pdf documentation (or online).

Some details: