Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Every WSO2 product comes with an embedded, internal user store, which is configured in <PRODUCT_HOME>/repository/conf/user-mgt.xml. In WSO2 Identity Server, the embedded user store is LDAP, and in other products it is JDBC. This user store is called a "primary user store" because the domain name (unique identifier) of this default user store is set to PRIMARY by default. 

This is the main user store in the system and that is shared among all the tenants in the system. Only one user store should can be configured as the primary user store. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon user stores see , see Configuring User Stores.

Info

By default, the embedded H2 database (JDBC) that is shipped with WSO2 products is configured as the primary user store, except for WSO2 Identity Server, which has an embedded LDAP as its primary user store. Its It is recommended to change this default configuration in the production system. Instead of using the embedded user store that comes with the product, you can set your own user store as

Setting up the Primary User Store

The primary user store is configured in <PRODUCT_HOME>/repository/conf/user-mgt.xml file within <UserStoreManager> section.

There are two steps involved in setting up the primary user store

...

Tip

Tip: You must disable the embedded user store that comes with the product. This ensures that it does not start up with the product.

Since the user store you want to connect to might have different schemas from the ones available in the embedded user store, it needs to go through an adaptation process. WSO2 products provide the following adapters to enable you to authenticate users from different types of user stores and plug into LDAP, Active Directory, and JDBC user stores to perform authentication.:

  1. Select the User store manager that suits your user store. 
    The following table lists the available User store manager implementations and their usage:

    User storeUser store manager classDescription

    LDAP ActiveDirectory

    		org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager

...

  1. Used to do read-only operations for external LDAP or ActiveDirectory user stores.
    LDAPorg.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager

...

  1. Used for external LDAP user stores to do both read and write operations.This is the default primary user store

...

  1. configuration

...

  1. in

...

  1. user-mgt.xml file

...

  1. for WSO2 Identity Server.
    ActiveDirectoryorg.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager

...

  1. Used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.
    JDBCorg.wso2.carbon.user.core.jdbc.JDBCUserStoreManager

...

  1. Used for JDBC user stores. This is the default primary user store

...

  1. configuration in user-mgt.xml

...

Setting up a primary user store

Primary user store is configured in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file within the <UserStoreManager> section.

The following steps guides you on how to set up a primary user store.

  1. Select the User store manager that suites your User store.

    NoteSee User store manager section in Configuring User Stores for more information. You can also
    file for all WSO2 Servers, except WSO2 Identity Server.

    Or you can configure your own custom user store manager

    .

    as well

  2. Configure user store manager properties.
    In the following documents pages, you can find the information of on the properties that you need to configure in user store manager types. It provides the additional steps and recommendations specific to each user store manager.
    Child pages (Children Display)
    first5
    NoteIn the

    In user-mgt.xml

    file

     file, there are configurations for each user store manager

    . You

    , you can simply uncomment the correct user store configuration and fill the properties (All the other UserStoreManager configurations should be commented out or removed). But it is important to read each user store configuration document to find specific information that you need to follow when configuring particular user store.

    Info

    For primary user store you need to set TenantManager property under user store manager properties:

    JDBC : org.wso2.carbon.user.core.

    Restart the server.

    Note

    Note that this tenant.JDBCTenantManager

    LDAP/AD : org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager

    Info

    This is only applicable to the WSO2 Identity serverServer. Once you configure a the primary user store, make sure you disable the default embedded user store from the system. To do this, open <IS_HOME>/repository/conf/identity/embedded-ldap.xml file and make the following change to the enable property to 'false'.

    Code Block
    languagexml
    <EmbeddedLDAP>
    <Property name="enable">false</Property>
    .......................
 
</EmbeddedLDAP>
Info

If you are using LDAPS (secure) to connect to the Active Directory, you need to import its public certificate to the client-truststore.jks of the WSO2 product you are configuring.

...

  1. Warning

    Server system administrator who is capable of all the actions in the system is configured within the user-mgt.xml. If you have not configured the system administrator yet, see Configuring the System Administrator.

  2. Now, restart the server.