

Configuring the Primary User Store¶

This is the main user store that is shared among all the tenants in the system. Only one user store can be configured as the primary user store. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon user stores, see Configuring User Stores.

Info

By default, the embedded H2 database (JDBC) that is shipped with WSO2 products is configured as the primary user store, except for WSO2 Identity Server, which has an embedded LDAP as its primary user store. It is recommended to change this default configuration in the production system.

Setting up the Primary User Store¶

Configure the primary userstore in the <IS_HOME>/repository/conf/deployment.toml file.

There are two steps involved in setting up the primary user store:

Select the User store manager that suits your user store.
The following table lists the available User store manager implementations and their usage:

User store	User store manager class	Description
LDAP ActiveDirectory	`org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager`	Used to do read-only operations for external LDAP or ActiveDirectory user stores.
LDAP	`org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager`	Used for external LDAP user stores to do both read and write operations.This is the default primary user store configuration in the deployment.toml file for WSO2 Identity Server.
ActiveDirectory	`org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager`	Used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use `org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.`
JDBC	`org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager`	Used for JDBC user stores. This is the default primary user store configuration in the deployment.toml file for all WSO2 Servers, except WSO2 Identity Server.

Or you can configure your own custom user store manager as well Writing a custom user store manager

Tip

From WSO2 IS 5.10.0 onwards, all user store managers have UniqueID included as part of the user store manager name (e.g., UniqueIDJDBCUserStoreManager). Use one of these when selecting the user store manager.

The user store managers that do not have **UniqueID as part of the user store manager name are only available for backward compatibility purposes and can only be used if you are migrating from a previous version of WSO2 Identity Server.

Configure user store manager properties.
In the following pages, you can find the information on the properties that you need to configure in user store manager types. It provides the additional steps and recommendations specific to each user store manager.
In deployment.toml file, you can configure user store managers by adding the relevant properties. But it is important to read each user store configuration document to find specific information that you need to follow when configuring particular user store.

Warning

Server system administrator who is capable of all the actions in the system is configured within the deployment.toml. If you have not configured the system administrator yet, see Configuring the System Administrator.
Now, restart the server.

Top