Configuring the Primary User Store

This is the main user store that is shared among all the tenants in the system. Only one user store can be configured as the primary user store. This documentation explains the process of setting up a primary user store for your system.


The default User Store : The primary user store that is configured by default is a JDBC user store, which reads/writes into an internal database. By default, the internal database is H2. This database is used by the Authorization Manager (for user authorization information) as well as, the User Store Manager (for defining users and roles).

Instead of using the embedded database, you can set up a separate repository and configure it as your primary user store. As the user store you want to connect to might have different schemas from the ones available in the embedded user store, it needs to go through an adaptation process. WSO2 API Manager makes the necessary adaptations depending on the user store type. WSO2 API Manager supports the following primary user store types.

User store type User store manager class Description
read_only_ldap_unique_id org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager Use read_only_ldap to do read-only operations for external LDAP user stores.
read_write_ldap_unique_id org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager Use read_write_ldap for external LDAP user stores to do both read and write operations.
active_directory_unique_id org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager Use active_directory to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use read_only_ldap.
database_unique_id org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager Use database for both internal and external JDBC user stores. This is the user store configuration which is configured by default.

This can be defined in the [user_store] section of the <API-M_HOME>/repository/conf/deployment.toml file.

type = <type>
type = "database_unique_id"

Follow the links given below to setup the required type of primary user store.


You can create a simple custom user store manager for WSO2 API Manager. See Writing a custom user store manager.