Unknown macro: {next_previous_links}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

The following can give you a better understanding of the properties used to configure primary user stores:

Using properties

Property name

Description

MaxUserNameListLengthThis property controls the number of users listed in the user store of a WSO2 product. You might have hundreds or even thousands of users hence you may not want to list them all. While you have the ability to control hundreds of users with this property, you can use the number 0 as well.
ConnectionURL

Connection URL to the LDAP server. In the case of default LDAP in Carbon, the port is mentioned in the carbon.xml file and a reference to that port is mentioned in the above configuration.

ConnectionName

This is the username used to connect to the database. This user must have permissions to read the user list and user's attributes. This property is used to perform various operations on the external LDAP. In the case of ReadOnlyLDAPUserStoreManager, use this for search operations such as user searches or group searches on the external LDAP user store. This user does not have to be an administrator in the LDAP user store or have an administrator role in the WSO2 product that you are using, but this user MUST be able to do search operations on the LDAP user store. The value we put here is the DN (Distinguish Name) attribute of the user. Note that this is a mandatory configuration.

ConnectionPasswordPassword relevant to the ConnectionName of the user.
passwordHashMethodPassword Hash method when storing user entries in the LDAP.
UserNameListFilterFiltering criteria for listing all the user entries in the LDAP. This LDAP query or filter is used when doing search operations on users. In this case, the search operation only provides the objects created from the specified class.
UserEntryObjectClassObject class used to construct user entries. In the case of default LDAP in Carbon, it is a custom object class defined with the name- wso2Person
UserSearchBase

DN of the context or object under which the user entries are stored in the LDAP. In this case it is the "users" container.

Different databases have different search bases.

UserNameSearchFilterFiltering criteria for searching a particular user entry.
UserNameAttribute

This is the attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, uid etc.

The name of the attribute is considered as the username.

PasswordJavaScriptRegEx

Policy that defines the password format.
UsernameJavaScriptRegExThe regular expression used by the front-end components for username validation.
UsernameJavaRegExA regular expression to validate usernames. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
RolenameJavaScriptRegExThe regular expression used by the front-end components for role name validation.
RolenameJavaRegExA regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
ReadLDAPGroupsSpecifies whether groups should be read from LDAP. If this is disabled by setting it to false, none of the groups in the LDAP user store can be read. If you are setting the value of this to "false", the following group configurations are NOT mandatory: GroupSearchBase, GroupNameListFilter and GroupNameAttribute.
WriteLDAPGroupsSpecifies whether groups should be written to LDAP.
EmptyRolesAllowedSpecifies whether the underlying LDAP user store allows empty groups to be created. In the case of LDAP in Carbon, the schema is modified such that empty groups are allowed to be created. Usually LDAP servers do not allow to create empty groups.
GroupSearchBaseDN of the context under which user entries are stored in the LDAP.
GroupSearchFilterThe LDAP query used to search for groups.
GroupNameListFilterFiltering criteria for listing all the group entries in the LDAP. Groups are created using the "groupOfName" class. The group search operation only returns objects created from the above class.
GroupEntryObjectClassObject class used to construct user entries.
GroupNameSearchFilterFiltering criteria for searching a particular group entry.
GroupNameAttributeAttribute used for uniquely identifying a user entry. This attribute is to be treated as the group name.
MembershipAttributeAttribute used to define members of LDAP groups.
UserRolesCacheEnabledThis is to indicate whether to cache the role list of a user. By default this is set to true. Set it to false if the user roles are changed by external means and those changes should be instantly reflected in the Carbon instance.
UserDNPatternThe patten for user's DN. It can be defined to improve the LDAP search. When there are many user entries in the LADP, defining a UserDNPattern provides more impact on performances as the LDAP does not have to travel through the entire tree to find users.
ReplaceEscapeCharactersAtUserLoginIf the user name has special characters it replaces it to validate the user logging in. Only "\" and "\\" are identified as escape characters.
TenantManagerIncludes the location of the tenant manager.

ReadOnly

Indicates whether the user store of this realm operates in the user read only mode or not.

IsEmailUserName

Indicates whether the user's email is used as their username (apply when realm operates in read only mode).

DomainCalculation

Can be either default or custom (this applies when the realm operates in read only mode).

PasswordDigest

Digesting algorithm of the password. Has values such as, PLAIN_TEXT, SHA etc.

StoreSaltedPassword

Indicates whether to salt the password.

UserNameUniqueAcrossTenants

An attribute used for multi-tenancy.

PasswordJavaRegEx

A regular expression to validate passwords. By default, strings having a length between 5 to 30 with non-empty characters are allowed.

PasswordJavaScriptRegEx

The regular expression used by the front-end components for password validation.

UsernameJavaRegEx

A regular expression to validate usernames. By default, strings having a length 5 to 30 between with non-empty characters are allowed.
UsernameJavaScriptRegExThe regular expression used by the front-end components for username validation.

RolenameJavaRegEx

A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed.

RolenameJavaScriptRegEx

The regular expression used by the front-end components for rolename validation.
MultiTenantRealmConfigBuilder
Tenant Manager specific realm config parameter. Can be used to build different types of realms for the tenant.
  • No labels