Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
hiddentrue

Note to writers- The following should be copied to the product spaces before pulling this page content:

"User management functionality is provided by default in all WSO2 Carbon-based products and is configured in the user-mgt.xml file found in the <PRODUCT_HOME>/repository/conf/ directory. This documentation explains the process of setting up a primary user store for your system."

Info
titleThe default User Store

The primary user store that is configured by default in every WSO2 product is a JDBC user store, which reads/writes into the internal database of the product server. By default, the internal database is H2 (except for WSO2 IS, which uses an LDAP as the default user store). This database is used by the Authorization Manager (for user authentication information) as well as the User Store Manager (for defining users and roles).

Every WSO2 product comes with an embedded, internal user store, which is configured in <PRODUCT_HOME>/repository/conf/user-mgt.xml. In WSO2 Carbon products, the embedded user store is JDBC. Because the domain name (unique identifier) of this default user store is set to PRIMARY by default, it is called the primary user store. 

Instead of using the embedded user storedatabase, you can set your own user store as the up a separate repository and configure it as your primary user store. Since the user store you want to connect to might have different schemas from the ones available in the embedded user store, it needs to go through an adaptation process. WSO2 products provide the following adapters, for connecting to LDAP, Active Directory and JDBC. Thereby, these adapters enable you to authenticate users from different types of user stores and plug into LDAP, Active Directory, and JDBC to perform authentication:.

User store manager classDescription
org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager

Use ReadOnlyLDAPUserStoreManager to do read-only operations for external LDAP user stores.

org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager

Use ReadWriteLDAPUserStoreManager for external LDAP user stores to do both read and write operations. This is the user store configuration which is uncommented in the code in the user-mgt.xml file for WSO2 Identity Server.

org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager

Use ActiveDirectoryUserStoreManager to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.

org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager

Use JDBCUserStoreManager for both internal and external JDBC user stores. This is the user store configuration which is uncommented in the code in the user-mgt.xml file for all WSO2 products, except WSO2 Identity Server (which uses the ReadWriteLDAPUserStoreManager).

The user-mgt.xml file already has sample configurations for all of the above user stores. To enable the required user store configuration, you must uncomment them in the code and comment out the ones that you do not need as explained below.

Child pages (Children Display)

Working with Properties of Primary User Stores - For a comprehensive understanding on the configuration detailsin the following topics.