Skip to content

Configure the Primary User store

This is the main user store that is used in the system. Only one user store can be configured as the primary user store. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon user stores, see Manage user stores.


WSO2 Identity Server uses the embedded H2 database as its primary user store. It is recommended to change this default configuration in the production system.

Set up the primary user store

Configure the primary user store in the <IS_HOME>/repository/conf/deployment.toml file.

There are two steps involved in setting up the primary user store:

  1. Select the user store manager that suits your user store.
    The following table lists the available user store manager implementations and their usage.

    User store User store manager class Description

    LDAP ActiveDirectory

    org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager Used to do read-only operations for LDAP or ActiveDirectory user stores
    LDAP org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager Used for LDAP user stores to do both read and write operations. This is the default primary user store configuration in the deployment.toml file for WSO2 Identity Server.
    ActiveDirectory org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager This is used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.
    JDBC org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager This is used for JDBC user stores.

    You can configure your own custom user store manager. For more information, see Write a custom user store manager.

  2. Configure user store manager properties.

    In the deployment.toml file, you can configure the user store manager by adding the relevant properties of the seleted user store manager type.

    Refer properties used in user store managers for the complete list of user store configurations and properties. You can configure them as follows by adding to <IS-HOME>/repository/conf/deployment.toml.

    <Property-Name> = <Property-Value>
    For example:
    read_groups = true

    Following pages will guide you to change the primary user store to one of the available user store manager types.


    Server system administrator who is capable of all the actions in the system is configured within the deployment.toml file. If you have not configured the system administrator yet, see Configure the System Administrator.

  3. Restart the server.