Every WSO2 product comes with an embedded, internal user store, which is configured in <PRODUCT_HOME>/repository/conf/user-mgt.xml. In WSO2 Identity Server, the embedded user store is LDAP, and in other products it is JDBC. This user store is called a "primary user store" because the domain name (unique identifier) of this default user store is set to PRIMARY by default.
Instead of using the embedded user store that comes with the product, you can set your own user store as the primary user store.
Tip: You must disable the embedded user store that comes with the product. This ensures that it does not start up with the product.
Since the user store you want to connect to might have different schemas from the ones available in the embedded user store, it needs to go through an adaptation process. WSO2 products provide the following adapters to enable you to authenticate users from different types of user stores and plug into LDAP, Active Directory, and JDBC user stores to perform authentication.
| User store manager class | Description |
|---|---|
org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager | Use |
org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager | Use |
org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager | Use |
org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager | Use |
The user-mgt.xml file already has sample configurations for all of the above user stores. To enable these configurations, you must uncomment them in the code and comment out the ones that you do not need.
The following topics provide details on the various primary user stores you can configure.
If you are using LDAPS (secure) to connect to the Active Directory, you need to import its public certificate to the client-truststore.jks of the WSO2 product you are configuring.
Related Links
See Working with Properties of User Stores for a comprehensive understanding on the configuration details.