Working with Properties of User Stores

The following can give you a better understanding of the properties used to configure primary user stores:

Using properties

Property name	Description
`MaxUserNameListLength`	This property controls the number of users listed in the user store of a WSO2 product. You might have hundreds or even thousands of users hence you may not want to list them all. While you have the ability to control hundreds of users with this property, you can use the number 0 as well.
`ConnectionURL`	Connection URL to the LDAP server. In the case of default LDAP in Carbon, the port is mentioned in the `carbon.xml` file and a reference to that port is mentioned in the above configuration.
`ConnectionName`	This is the username used to connect to the database. This user must have permissions to read the user list and user's attributes. This property is used to perform various operations on the external LDAP. In the case of `ReadOnlyLDAPUserStoreManager`, use this for search operations such as user searches or group searches on the external LDAP user store. This user does not have to be an administrator in the LDAP user store or have an administrator role in the WSO2 product that you are using, but this user MUST be able to do search operations on the LDAP user store. The value we put here is the DN (`Distinguish Name`) attribute of the user. Note that this is a mandatory configuration.
`ConnectionPassword`	Password relevant to the `ConnectionName` of the user.
`PasswordHashMethod`	Password Hash method when storing user entries in the LDAP.
`UserNameListFilter`	Filtering criteria for listing all the user entries in the LDAP. This LDAP query or filter is used when doing search operations on users. In this case, the search operation only provides the objects created from the specified class.
`UserEntryObjectClass`	Object class used to construct user entries. In the case of default LDAP in Carbon, it is a custom object class defined with the name- `wso2Person`
`UserSearchBase`	DN of the context or object under which the user entries are stored in the LDAP. In this case it is the "users" container. Different databases have different search bases.
`UserNameSearchFilter`	Filtering criteria for searching a particular user entry.
`UserNameAttribute`	This is the attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, uid etc. The name of the attribute is considered as the username.
`PasswordJavaScriptRegEx`	Policy that defines the password format.
`UsernameJavaScriptRegEx`	The regular expression used by the front-end components for username validation.
`UsernameJavaRegEx`	A regular expression to validate usernames. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
`RolenameJavaScriptRegEx`	The regular expression used by the front-end components for role name validation.
`RolenameJavaRegEx`	A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
`ReadLDAPGroups`	Specifies whether groups should be read from LDAP. If this is disabled by setting it to `false`, none of the groups in the LDAP user store can be read. If you are setting the value of this to "false", the following group configurations are NOT mandatory: `GroupSearchBase`, `GroupNameListFilter` and `GroupNameAttribute`.
`WriteLDAPGroups`	Specifies whether groups should be written to LDAP.
`EmptyRolesAllowed`	Specifies whether the underlying LDAP user store allows empty groups to be created. In the case of LDAP in Carbon, the schema is modified such that empty groups are allowed to be created. Usually LDAP servers do not allow to create empty groups.
`GroupSearchBase`	DN of the context under which user entries are stored in the LDAP.
`GroupSearchFilter`	The LDAP query used to search for groups.
`GroupNameListFilter`	Filtering criteria for listing all the group entries in the LDAP. Groups are created using the "`groupOfName`" class. The group search operation only returns objects created from the above class.
`GroupEntryObjectClass`	Object class used to construct user entries.
`GroupNameSearchFilter`	Filtering criteria for searching a particular group entry.
`GroupNameAttribute`	Attribute used for uniquely identifying a user entry. This attribute is to be treated as the group name.
`MembershipAttribute`	Attribute used to define members of LDAP groups.
`UserRolesCacheEnabled`	This is to indicate whether to cache the role list of a user. By default this is set to `true`. Set it to `false` if the user roles are changed by external means and those changes should be instantly reflected in the Carbon instance.
`UserDNPattern`	The patten for user's DN. It can be defined to improve the LDAP search. When there are many user entries in the LADP, defining a `UserDNPattern` provides more impact on performances as the LDAP does not have to travel through the entire tree to find users.
`ReplaceEscapeCharactersAtUserLogin`	If the user name has special characters it replaces it to validate the user logging in. Only "\" and "\\" are identified as escape characters.
`TenantManager`	Includes the location of the tenant manager.
`ReadOnly`	Indicates whether the user store of this realm operates in the user read only mode or not.
`IsEmailUserName`	Indicates whether the user's email is used as their username (apply when realm operates in read only mode).
`DomainCalculation`	Can be either default or custom (this applies when the realm operates in read only mode).
`PasswordDigest`	Digesting algorithm of the password. Has values such as, PLAIN_TEXT, SHA etc.
`StoreSaltedPassword`	Indicates whether to salt the password.
`UserNameUniqueAcrossTenants`	An attribute used for multi-tenancy.
`PasswordJavaRegEx`	A regular expression to validate passwords. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
`PasswordJavaScriptRegEx`	The regular expression used by the front-end components for password validation.
`UsernameJavaRegEx`	A regular expression to validate usernames. By default, strings having a length 5 to 30 between with non-empty characters are allowed.
`UsernameJavaScriptRegEx`	The regular expression used by the front-end components for username validation.
`RolenameJavaRegEx`	A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
`RolenameJavaScriptRegEx`	The regular expression used by the front-end components for rolename validation.
MultiTenantRealmConfigBuilder	Tenant Manager specific realm config parameter. Can be used to build different types of realms for the tenant.
`SharedGroupEnabled`	This property is used to enable/disable the shared role functionality.
`SharedGroupSearchBase`	Shared roles are created for other tenants to access under the mentioned DN.
`SharedTenantObjectClass`	Object class for the shared groups created.
`SharedTenantNameAttribute`	Name attribute for the shared group.
`SharedTenantNameListFilter`	This is currently not used.