This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The default configuration of WSO2 products has a single user store. If required, you can configure WSO2 products to connect to several secondary user stores as well. After configuration, users from different stores can log in and perform operations depending on their roles/permissions. You can also configure your own customized user stores and connect them with the products as secondary stores.

The topics below show how to configure secondary user stores manually or using the management console: 

Configuring using the management console

  1. Log in to the management console and click User Store Management sub menu under Configure menu.

  2. The User Store Management page opens. Initially, there are no secondary user stores.

    Note: You cannot update the PRIMARY user store at run time, so it is not visible on this page.

  3. Click Add Secondary User Store.

  4. The User Store Manager page opens. Enter a unique domain name and fill in the rest of the data.

    Do not include underscore character (_) in domain names.

    For details on each property, see the respective property description that is provided. Also, select the required implementation of user store manager from the User Store Manager Class drop-down list. The displayed property list varies depending on the selected user store manager implementation. By default, all WSO2 products come with four user store manager implementations as follows:

    • ReadWriteLDAPUserStoreManager
    • ReadOnlyLDAPUserStoreManager
    • ActiveDirectoryUserStoreManager
    • JDBCUserStoreManager

    You can also populate this drop-down list with custom user store manager implementations by adding them to the server. A sample custom user store manager can be found in the repository.
    See the following for detailed information on some properties in this form.

    PropertyDescription
    Connection NameThe username used to connect to the database and perform various operations. This user does not have to be an administrator in the user store or have an administrator role in the WSO2 product that you are using, but this user MUST have permissions to read the user list and users' attributes and to perform search operations on the user store. The value you specify is used as the DN (Distinguish Name) attribute of the user. This property is mandatory.
    Connection URLThis is the connection URL to the user store server. In the case of default LDAP in Carbon, the port is specified in the carbon.xml file, and a reference to that port is included in this configuration.
    Connection PasswordThis is the password associated with the Connection Name you entered.
    User Search BasedDN of the context or object under which the user entries are stored in the user store. In this case, it is the "users" container. When the user store searches for users, it will start from this location of the directory. Different databases have different search bases.
    User Object ClassThe filtering criteria used to list out all user entries in the LDAP.
    Username AttributeThe attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, UID, etc. The name of the attribute is considered as the user name.
    User Search FilterThis is the filtering criteria used to search for a particular user entry.
    User Entry Object ClassThe object class is used to construct user entries. By default, it is a custom object class defined with the name wso2Person.
    Group Entry Object ClassThe object class is used to construct group entries.
    Group Search BaseThis is the DN of the context under which user entries are stored in the user store.
    Group Name AttributeAttribute used for uniquely identifying a user entry. This attribute is to be treated as the group name.
    Group Object ClassCriteria used to filter all the group entries in LDAP.
    Membership AttributeAttribute used to define members of groups.
    Group Search FilterThe query used to search for groups.

  5. Ensure that all the mandatory fields are filled and a valid domain name is given and click Add

  6. A message appears saying that the user stores are being added. 

    Note: The above message does not imply that the user store is added successfully. It simply means that the server is attempting to add the new user store to the end of the available chain of stores.

  7. Refresh the page after a few seconds to check the status. 

  8. If the new user store is successfully added, it will appear in the User Store Management page.

  9. After adding to the server, you can edit the properties of the new secondary user store and enable/disable it in a dynamic manner.

Configuring manually

By default, the configuration of the primary user store is saved in the user-mgt.xml file. When you create a secondary user store, its configuration is saved to an XML file with the same name as the domain you specified. If required, you can create this XML file manually and save it as follows:

    • If it is configuration of a super tenant, save the secondary user store definitions in <PRODUCT_HOME>/repository/deployment/server/userstores directory.
    • If it is a general tenant, save the configuration in <PRODUCT_HOME>/repository/tenants/<tenantid>/userstores directory.
    • The secondary user store configuration file must have the same name as the domain with an underscore (_) in place of the period. For example, if the domain is wso2.com, name the file as  wso2_com.xml.
    • One file only contains the definition for one user store domain.
  • No labels