Properties of Primary User Stores
- Former user (Deleted)
The following can give you a better understanding of the properties used to configure primary user stores:
Using properties
Property name | Description |
|---|---|
MaxUserNameListLength | This property controls the number of users listed in the user store of a WSO2 product. You might have hundreds or even thousands of users hence you may not want to list them all. While you have the ability to control hundreds of users with this property, you can use the number 0 as well. |
ConnectionURL | Connection URL to the LDAP server. In the case of default LDAP in Carbon, the port is mentioned in the |
ConnectionName | This is the username used to connect to the database. This user must have permissions to read the user list and user's attributes. This property is used to perform various operations on the external LDAP. In the case of |
ConnectionPassword | Password relevant to the ConnectionName of the user. |
passwordHashMethod | Password Hash method when storing user entries in the LDAP. |
UserNameListFilter | Filtering criteria for listing all the user entries in the LDAP. This LDAP query or filter is used when doing search operations on users. In this case, the search operation only provides the objects created from the specified class. |
UserEntryObjectClass | Object class used to construct user entries. In the case of default LDAP in Carbon, it is a custom object class defined with the name- wso2Person |
UserSearchBase | DN of the context or object under which the user entries are stored in the LDAP. In this case it is the "users" container. Different databases have different search bases. |
UserNameSearchFilter | Filtering criteria for searching a particular user entry. |
UserNameAttribute | This is the attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, uid etc. The name of the attribute is considered as the username. |
| Policy that defines the password format. |
UsernameJavaScriptRegEx | The regular expression used by the front-end components for username validation. |
UsernameJavaRegEx | A regular expression to validate usernames. By default, strings having a length between 5 to 30 with non-empty characters are allowed. |
RolenameJavaScriptRegEx | The regular expression used by the front-end components for role name validation. |
RolenameJavaRegEx | A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed. |
ReadLDAPGroups | Specifies whether groups should be read from LDAP. If this is disabled by setting it to false, none of the groups in the LDAP user store can be read. If you are setting the value of this to "false", the following group configurations are NOT mandatory: GroupSearchBase, GroupNameListFilter and GroupNameAttribute. |
WriteLDAPGroups | Specifies whether groups should be written to LDAP. |
EmptyRolesAllowed | Specifies whether the underlying LDAP user store allows empty groups to be created. In the case of LDAP in Carbon, the schema is modified such that empty groups are allowed to be created. Usually LDAP servers do not allow to create empty groups. |
GroupSearchBase | DN of the context under which user entries are stored in the LDAP. |
GroupSearchFilter | The LDAP query used to search for groups. |
GroupNameListFilter | Filtering criteria for listing all the group entries in the LDAP. Groups are created using the "groupOfName" class. The group search operation only returns objects created from the above class. |
GroupEntryObjectClass | Object class used to construct user entries. |
GroupNameSearchFilter | Filtering criteria for searching a particular group entry. |
GroupNameAttribute | Attribute used for uniquely identifying a user entry. This attribute is to be treated as the group name. |
MembershipAttribute | Attribute used to define members of LDAP groups. |
UserRolesCacheEnabled | This is to indicate whether to cache the role list of a user. By default this is set to true. Set it to false if the user roles are changed by external means and those changes should be instantly reflected in the Carbon instance. |
UserDNPattern | The patten for user's DN. It can be defined to improve the LDAP search. When there are many user entries in the LADP, defining a UserDNPattern provides more impact on performances as the LDAP does not have to travel through the entire tree to find users. |
ReplaceEscapeCharactersAtUserLogin | If the user name has special characters it replaces it to validate the user logging in. Only "\" and "\\" are identified as escape characters. |
TenantManager | Includes the location of the tenant manager. |
| Indicates whether the user store of this realm operates in the user read only mode or not. |
| Indicates whether the user's email is used as their username (apply when realm operates in read only mode). |
| Can be either default or custom (this applies when the realm operates in read only mode). |
| Digesting algorithm of the password. Has values such as, PLAIN_TEXT, SHA etc. |
| Indicates whether to salt the password. |
| An attribute used for multi-tenancy. |
| A regular expression to validate passwords. By default, strings having a length between 5 to 30 with non-empty characters are allowed. |
| The regular expression used by the front-end components for password validation. |
| A regular expression to validate usernames. By default, strings having a length 5 to 30 between with non-empty characters are allowed. |
UsernameJavaScriptRegEx | The regular expression used by the front-end components for username validation. |
| A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed. |
| The regular expression used by the front-end components for rolename validation. |
MultiTenantRealmConfigBuilder | Tenant Manager specific realm config parameter. Can be used to build different types of realms for the tenant. |