Configuring the Primary User Store

This documentation explains the process of setting up a primary user store for your system.

The default User Store

The primary user store in of WSO2 products is configured by default as a JDBC user store in the user-mgt.xml file, which reads/writes into the internal database of the product server. This internal database is typically H2 by default. This database is used by both the Authorization Manager (for managing user authentication data) and the User Store Manager (for defining users and roles). In the case of the WSO2 Identity Server 5.11.0, the default user store is an LDAP (Apache DS) that is shipped with the product. Note that the RDBMS used in the default configuration can remain as the database used for storing Authorization information.

Instead of using the embedded database in WSO2 API Manager, you can set up a separate repository and configure it as your primary user store. Since the user store you want to connect to might have different schemas from the ones available in the embedded user store, it needs to go through an adaptation process. We do the necessary adaptations depending on the user store type. We support the following primary user store types.

User store type User store manager class Description
read_only_ldap org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager

Use read_only_ldap to do read-only operations for external LDAP user stores.

read_write_ldap org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager

Use read_write_ldap for external LDAP user stores to do both read and write operations.

active_directory org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager

Use active_directory to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use read_only_ldap .

database org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager

Use database for both internal and external JDBC user stores. This is the user store configuration which is configured by default.

This can be defined in the [user_store] section of the <APIM_HOME>/repository/conf/deployment.toml file.

    [user_store]
    type = "database_unique_id"

Follow the links given below to setup the required type of primary user store.

Top