This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Default LDAP User Store Configuration

Following is the default configuration for the internal LDAP user store which is embedded ApacheDS LDAP. If ApacheDSUserStoreManager is enabled in the user-mgt.xml file with the following configuration, the user manager reads/writes into the default LDAP user store of Carbon.

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">

<Property name="ReadOnly">false</Property>

<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>

<Property name="ConnectionName">uid=admin,ou=system</Property>

<Property name="ConnectionPassword">admin</Property>

<Property name="passwordHashMethod">SHA</Property>

<Property name="UserNameListFilter">(objectClass=person)</Property>

<Property name="UserEntryObjectClass">wso2Person</Property>

<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>

<Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>

<Property name="UserNameAttribute">uid</Property>

<Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property>

<Property name="ReadLDAPGroups">true</Property>

<Property name="WriteLDAPGroups">true</Property>

<Property name="EmptyRolesAllowed">true</Property>

<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>

<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>

<Property name="GroupEntryObjectClass">groupOfNames</Property>

<Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>

<Property name="GroupNameAttribute">cn</Property>

<Property name="MembershipAttribute">member</Property>

</UserStoreManager>
Above configuration can be described as follows:

Property Name

Description

ReadOnly

Indicates whether the user store of this realm operates in the user read-only mode.

ConnectionURL

Connection URL to the LDAP server. In the case of default LDAP in Carbon, the port is named in carbon.xml and a reference to that port is included in the above configuration.

ConnectionName

This should be the DN (Distinguish Name) of the admin user in LDAP.

ConnectionPassword

Password of the admin user.

passwordHashMethod

Password Hash method when storing user entries in LDAP.

UserNameListFilter

Filtering criteria for listing all the user entries in LDAP.

UserEntryObjectClass

Object Class used to construct user entries. In the case of default LDAP in carbon, it is a custom object class defined with the name wso2Person.

UserSearchBase

DN of the context under which user entries are stored in LDAP.

UserNameSearchFilter

Filtering criteria for searching a particular user entry.

UserNameAttribute

Attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, UID, etc.

PasswordJavaScriptRegEx

Policy that defines the password format.

ReadLDAPGroups

Specifies whether groups should be read from LDAP.

WriteLDAPGroups

Specifies whether groups should be written to LDAP.

EmptyRolesAllowed

Specifies whether underlying LDAP user store allows empty groups to be created. In the case of LDAP in Carbon, the schema is modified such that empty groups are allowed to be created. Usually, LDAP servers do not allow you to create empty groups.

GroupSearchBase

DN of the context under which user entries are stored in LDAP.

GroupNameListFilter

Filtering criteria for listing all group entries in LDAP.

GroupEntryObjectClass

Object Class used to construct user entries.

GroupNameSearchFilter

Filtering criteria for searching a particular group entry.

GroupNameAttribute

Attribute used for uniquely identifying a user entry.

MembershipAttribute

Attribute used to define members of LDAP groups.