Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The WSO2 User Manager authenticates users from different types of user stores and currently has the capability to easily plug-in to LDAP, Active Directory and XConfiguring External User Stores JDBC to perform authentication.

How to Configure an External LDAP User Store / Active Directory User Store
Anchor
LDABActive
LDABActive

All WSO2 Carbon based products can read and write users and roles from external LDAP user stores. You can configure Carbon products to access LDAP in one of the following modes.

Read-Only Mode
Anchor
Read-Only Mode
Read-Only Mode

All WSO2 Carbon based products can read users and roles from external LDAP/Active Directory user stores. You can configure Carbon products to read users/roles from your company LDAP. The "Read Only" mode does not write any data into the LDAP.

...

Property Name

Description

MaxUserNameListLength 

ConnectionURL

The connection URL to the database.

ConnectionName

The user name used to connect to the database.
This user must have permissions to read the user list and user's attributes.

ConnectionPassword

Password of the connection username.

UserSearchBase

Search base of users.
Note that different databases have different search bases.

UserNameListFilter

The LDAP query that should be used to search users.

UserNameAttribute

Users can be authenticated using their email address, uid and etc.
The name of the attribute considered as the username.

ReadLDAPGroups

Indicates whether to read groups from the LDAP.
If this is set off, none of the following attributes need to be set.

GroupSearchBase

Search base for groups.

GroupNameListFilter 

GroupSearchFilter

The LDAP query used to search for groups.

GroupNameAttribute

The attribute to be treated as the group name.

MembershipAttribute

Attribute that contains users.

UserRolesCacheEnabled 
ReplaceEscapeCharactersAtUserLogin 

Read/Write Mode
Anchor
Read/Write Users and Read-Only Groups
Read/Write Users and Read-Only Groups

If you wish to connect to external LDAP user store such that only the user entries are written to external LDAP and roles are not written to external LDAP, the only difference from the steps in section "Read-Only Mode" is in following:

Code Block
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">

How to Configure an External JDBC User Store 
Anchor
JDBC
JDBC

All Carbon based products can work with external RDBMSs. You can configure Carbon to read users/roles from your company RDBMS and even write to it. Therefore, the user core connected to two databases.

...