Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version 5

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagehtml/xml
linenumberstrue
<UserManager>
 <Realm>
   <Configuration>
      <AdminRole>admin</AdminRole>
      <AdminUser>
         <UserName>admin</UserName>
         <Password>XXXXXX</Password>
      </AdminUser>
      <EveryOneRoleName>everyone</EveryOneRoleName>
      <!-- By default users in thsi role sees the registry root -->
      <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
      <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
   </Configuration>
 
   <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager"> 
      <Property name="ConnectionURL">ldap://localhost:10389</Property>
      <Property name="ConnectionName">uid=admin,ou=system</Property>
      <Property name="ConnectionPassword">admin123</Property>
      <Property name="UserSearchBase">ou=system</Property>
      <Property name="UserNameListFilter">(objectClass=person)</Property>
      <Property name="UserNameAttribute">uid</Property>
      <Property name="ReadLDAPGroups">false</Property>
      <Property name="GroupSearchBase">ou=system</Property>
      <Property name="GroupNameSearchFilter">(objectClass=groupOfNames)</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="MembershipAttribute">member</Property>
   </UserStoreManager>
 
 </Realm>
</UserManager>

  

  • A sample file for Active Directory is given below:
Code Block
languagehtml/xml
linenumberstrue
<UserManager>
  <Realm>
   <Configuration>
      <AdminRole>admin</AdminRole>
      <AdminUser>
         <UserName>admin</UserName>
         <Password>XXXXXX</Password>
      </AdminUser>
      <EveryOneRoleName>everyone</EveryOneRoleName>
      <!-- By default users in thsi role sees the registry root -->
      <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
      <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
   </Configuration>
 
    <!-- Active directory configuration follows -->
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">>
       <Property name="ConnectionURL">ldap://10.100.1.211:389</Property>
       <Property name="ConnectionName">cn=Administrator,cn=users,dc=wso2,dc=lk</Property>
       <Property name="ConnectionPassword">admin123</Property>
       <Property name="UserSearchBase">cn=users,dc=wso2,dc=lk</Property>
       <Property name="UserNameListFilter">(objectClass=person)</Property>
       <Property name="UserNameAttribute">sAMAccountName</Property>
       <Property name="ReadLDAPGroups">true</Property>
       <Property name="GroupSearchBase">cn=users,dc=wso2,dc=lk</Property>
       <Property name="GroupNameSearchFilter">(objectcategory=group)</Property>
       <Property name="GroupNameAttribute">cn</Property>
       <Property name="MembershipAttribute">member</Property>
    </UserStoreManager> 
   </Realm>
</UserManager>

Copy the user-mgt-ldap.xml file and save it as <carbon-home>/repository/conf/user-mgt.xml. When you are configuring for ActiveDirectory, do the same to user-mgt-actdir.xml.

...

So the user-mgt.xml file must contain details for two database connections. The connection details mentioned earlier is used by the Authorization manager. If we specify another set of database connection details inside UserStoreManager, it will read/write users to that database. Step by step guidelines for connecting to an external JDBC user store in read-only mode is given below.

Step 1 : Backup Back-up the <carbon-home>/repository/conf/user-mgt.xml file. A sample file for JDBC user store (user-mgt-jdbc.xml) is available in <carbon-home>/repository/conf directory . Download the relevant file and save it as <carbon-home>/repository/conf/user-mgt.xml. Note the following in your file.

...

Code Block
<AdminUser>
   <UserName>AdminSOA</UserName>
   <Password>XXXXXX</Password>
</AdminUser>

Step 3 : In user-mgt.xml file, add passwordHashMethod property within the JDBCUserStoreManager. For example,

Code Block
languagehtml/xml
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
     <Property name="passwordHashMethod">SHA</Property>
     ...
</UserStoreManager>

The passwordHashMethod property specifies how the password should be stored, and usually has the values:

Step 4 : Update connection details inside <UserStoreManager> class.

Step 5 : In user-mgt.xml file, under realm configuration, set the value of MultiTenantRealmConfigBuilder property to org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder. For example,

Code Block
languagehtml/xml
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>

Step 6 : Enable JDBCTenantManager in tenant-mgt.xml and comment out the config section for CommonHybridLDAPTenantManager.

Step 7 : Add the JDBC driver to the classpath by dropping the jar to <carbon-home>/repository/components/libdirectory.

Step 4 : Update the connection details inside the <UserStoreManager> class.Step 5 : 8  Edit the SQLs as you desire and start the server.

Excerpt
hiddentrue

Information on managing external user stores in WSO2 Carbon.

...