The user management feature in WSO2 products allows you to maintain multiple user stores for your system that are used to store the users and their roles. You can set up any of the following types of user stores:
- JDBC user stores
- Active Directory user stores
- Read-Only LDAP user stores
- Read-Write LDAP user stores
The Primary User Store in every WSO2 product is configured in the <PRODUCT_HOME>/repository/conf/user-mgt.xml
file. By default, the embedded H2 database (JDBC) that is shipped with WSO2 products is configured as the primary user store, except for WSO2 Identity Server, which has an embedded LDAP as its primary user store. You can change the default configuration by replacing the default database according to your requirement. The primary user store is shared among all the tenants in the system.
With the user management feature, any number of Secondary User Stores can be easily set up for your system using the management console. This will automatically create an XML file with the configurations corresponding to the secondary user store in the same <PRODUCT_HOME>/repository/conf/
directory. Alternatively, you can manually create the configuration file and store it in this directory without using the management console.
Although, information about users and roles are stored in the repositories that we call User Stores, which can be of any of the types described above, the permissions attached to roles are always stored in an RDBMS. According to the default configuration in WSO2 products, the embedded H2 database is used for storing permissions as well as users and roles. The instructions in this section explain how you can change the default user store. See the section on configuring the authorization manager for information on how to set up the RDBMS for storing permissions.