

Working with Properties of User Stores¶

The following table provides descriptions of the key properties you use to configure primary user stores.

Property Id	Primary User Store Property	Description
`MaxUserName ListLength`	`max_user_name _list_length`	Controls the number of users listed in the user store of a WSO2 product. This is useful when you have a large number of users and don't want to list them all. Setting this property to 0 displays all users.
`Connection URL`	`connection _url`	Connection URL to the user store server. In the case of default LDAP in Carbon, the port is specified in the `carbon.xml` file, and a reference to that port is included in this configuration.
`Connection Name`	`connection _name`	The username used to connect to the database and perform various operations. This user does not have to be an administrator in the user store or have an administrator role in the WSO2 product that you are using, but this user MUST have permissions to read the user list and users' attributes and to perform search operations on the user store. The value you specify is used as the DN ( `Distinguish Name` ) attribute of the user. This property is mandatory.
`Connection Password`	`connection_ password`	Password for the `ConnectionName` user.
`Display NameAttribute`	`display_ name_attribute`	This is an optional property. The Display Name Attribute is the name by which users will be listed when you search for users in the management console (Go to Configuration -> Users tab).
`Password HashMethod`	`password_ hash_method`	Password hash method to use when storing user entries in the user store.
`UserName ListFilter`	`user_name_ list_filter`	Filtering criteria for listing all the user entries in the user store. This query or filter is used when doing search operations on users. In this case, the search operation only provides the objects created from the specified class. This query is the same as listing out all the available users in the management console.
`UserEntry ObjectClass`	`user_entry_ object_class`	Object class used to construct user entries. By default, it is a custom object class defined with the name `wso2Person` .
`User SearchBase`	`user_ search_base`	DN of the context or object under which the user entries are stored in the user store. In this case, it is the "users" container. When the user store searches for users, it will start from this location of the directory. Different databases have different search bases.
`UserName SearchFilter`	`user_name_ search_filter`	Filtering criteria used to search for a particular user entry.
`UserName Attribute`	`user_name _attribute`	The attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, UID, etc. The name of the attribute is considered as the username. For information on using email address to authenticate users, click here .
`PasswordJava ScriptRegEx`	`password_java_ script_regex`	Policy that defines the password format.
`UsernameJava ScriptRegEx`	`username_java_ script_regex`	The regular expression used by the front-end components for username validation.
`Username JavaRegEx`	`username_ java_regex`	A regular expression to validate usernames. By default, strings have a length of 5 to 30. Only non-empty characters are allowed. You can provide ranges of alphabets, numbers and also ranges of ASCII values in the RegEx properties. `<Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-\|/]{3,30}$</Property>`
`ReadGroups`	`read_groups`	Specifies whether groups should be read from the user store. If this is disabled by setting it to `false` , none of the groups in the user store can be read, and the following group configurations are NOT mandatory: `GroupSearchBase` , `GroupNameListFilter` , or `GroupNameAttribute` .
`WriteGroups`	`write_groups`	Specifies whether groups should be written to user store.
`Group SearchBase`	`group_ search_base`	DN of the context under which user entries are stored in the user store.
`GroupName ListFilter`	`group_name_ list_filter`	Filtering criteria for listing all the group entries in the user store. Groups are created in LDAP using the " `groupOfName` " class. The group search operation only returns objects created from this class.
`GroupEntry ObjectClass`	`group_entry_ object_class`	Object class used to construct group entries.
`GroupName SearchFilter`	`group_name_ search_filter`	Filtering criteria used to search for a particular group entry.
`GroupName Attribute`	`group_name_ attribute`	Attribute used for uniquely identifying a user entry. This attribute is to be treated as the group name.
`Membership Attribute`	`membership _attribute`	Attribute used to define members of groups.
`Membership AttributeRange`	`membership_ attribute_range`	Attribute used by Active Directories where they need limit membership attributes. The default value for this is 1500.
`UserRoles CacheEnabled`	`user_roles_ cache_enabled`	This is to indicate whether to cache the role list of a user. By default this is set to `true` . Set it to `false` if the user roles are changed by external means and those changes should be instantly reflected in the Carbon instance.
`UserDNPattern`	`user_dn_pattern`	(LDAP) The patten for the user's DN, which can be defined to improve the search. When there are many user entries in the LDAP user store, defining a `UserDNPattern` provides more impact on performances as the LDAP does not have to travel through the entire tree to find users.
`ReplaceEscape Characters AtUserLogin`	`replace_escape_ characters_at_user_login`	(LDAP) If the user name has special characters it replaces it to validate the user logging in. Only " \ " and " \\ " are identified as escape characters.
`Password JavaRegEx`	`password_ java_regex`	(LDAP and JDBC) A regular expression to validate passwords. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
`PasswordJava ScriptRegEx`	`password_java _script_regex`	The regular expression used by the front-end components for password validation.
`Username JavaRegEx`	`username_ java_regex`	A regular expression to validate usernames. By default, strings having a length 5 to 30 between with non-empty characters are allowed.
`Username JavaScript RegEx`	`username_java_ script_regex`	The regular expression used by the front-end components for username validation.
`Rolename JavaRegEx`	`rolename_ java_regex`	A regular expression to validate role names. By default, strings having a length between 5 to 30 with non-empty characters are allowed.
`MultiTenant Realm ConfigBuilder`	`config _builder`	Tenant Manager specific realm config parameter. Can be used to build different types of realms for the tenant.
`LDAPConnection Timeout`	`ldap_connection _timeout`	If the connection to an LDAP is inactive for the length of time (in milliseconds) specified by this property, the connection will be terminated.

Top