Working with Properties of User Stores¶
The following table provides descriptions of the key properties you use to configure primary user stores.
Property Id |
Primary User Store Property |
Description |
---|---|---|
MaxUserName |
max_user_name |
Controls the number of users listed in the user store of a WSO2 product. This is useful when you have a large number of users and don't want to list them all. Setting this property to 0 displays all users. |
Connection |
connection |
Connection URL to the user store server. In the case of default LDAP in Carbon, the port is specified in the |
Connection |
connection |
The username used to connect to the database and perform various operations. This user does not have to be an administrator in the user store or have an administrator role in the WSO2 product that you are using, but this user MUST have permissions to read the user list and users' attributes and to perform search operations on the user store. The value you specify is used as the DN ( |
Connection |
connection_ |
Password for the ConnectionName user. |
Display |
display_ |
This is an optional property. The Display Name Attribute is the name by which users will be listed when you search for users in the management console (Go to Configuration -> Users tab). |
Password |
password_ |
Password hash method to use when storing user entries in the user store. |
UserName |
user_name_ |
Filtering criteria for listing all the user entries in the user store. This query or filter is used when doing search operations on users. In this case, the search operation only provides the objects created from the specified class. This query is the same as listing out all the available users in the management console. |
UserEntry |
user_entry_ |
Object class used to construct user entries. By default, it is a custom object class defined with the name wso2Person . |
User |
user_ |
DN of the context or object under which the user entries are stored in the user store. In this case, it is the "users" container. When the user store searches for users, it will start from this location of the directory. Different databases have different search bases. |
UserName |
user_name_ |
Filtering criteria used to search for a particular user entry. |
UserName |
user_name |
The attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, UID, etc. The name of the attribute is considered as the username. For information on using email address to authenticate users, click here . |
|
password_java_ |
Policy that defines the password format. |
UsernameJava |
username_java_ |
The regular expression used by the front-end components for username validation. |
Username |
username_ |
A regular expression to validate usernames. By default, strings have a length of 5 to 30. Only non-empty characters are allowed. You can provide ranges of alphabets, numbers and also ranges of ASCII values in the RegEx properties. |
ReadGroups |
read_groups |
Specifies whether groups should be read from the user store. If this is disabled by setting it to false , none of the groups in the user store can be read, and the following group configurations are NOT mandatory: GroupSearchBase , GroupNameListFilter , or GroupNameAttribute . |
WriteGroups |
write_groups |
Specifies whether groups should be written to user store. |
Group |
group_ |
DN of the context under which user entries are stored in the user store. |
GroupName |
group_name_ |
Filtering criteria for listing all the group entries in the user store. Groups are created in LDAP using the " groupOfName " class. The group search operation only returns objects created from this class. |
GroupEntry |
group_entry_ |
Object class used to construct group entries. |
GroupName |
group_name_ |
Filtering criteria used to search for a particular group entry. |
GroupName |
group_name_ |
Attribute used for uniquely identifying a user entry. This attribute is to be treated as the group name. |
Membership |
membership |
Attribute used to define members of groups. |
Membership |
membership_ |
Attribute used by Active Directories where they need limit membership attributes. The default value for this is 1500. |
UserRoles |
user_roles_ |
This is to indicate whether to cache the role list of a user. By default this is set to true . Set it to false if the user roles are changed by external means and those changes should be instantly reflected in the Carbon instance. |
UserDNPattern |
user_dn_pattern |
(LDAP) The patten for the user's DN, which can be defined to improve the search. When there are many user entries in the LDAP user store, defining a UserDNPattern provides more impact on performances as the LDAP does not have to travel through the entire tree to find users. |
ReplaceEscape |
replace_escape_ |
(LDAP) If the user name has special characters it replaces it to validate the user logging in. Only " \ " and " \\ " are identified as escape characters. |
|
password_ |
(LDAP and JDBC) A regular expression to validate passwords. By default, strings having a length between 5 to 30 with non-empty characters are allowed. |
|
password_java |
The regular expression used by the front-end components for password validation. |
|
username_ |
A regular expression to validate usernames. By default, strings having a length 5 to 30 between with non-empty characters are allowed. |
Username |
username_java_ |
The regular expression used by the front-end components for username validation. |
|
rolename_ |
A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed. |
MultiTenant |
config |
Tenant Manager specific realm config parameter. Can be used to build different types of realms for the tenant. |
|
ldap_connection |
If the connection to an LDAP is inactive for the length of time (in milliseconds) specified by this property, the connection will be terminated. |