Configure the Primary User store¶
This is the main user store that is used in the system. Only one user store can be configured as the primary user store. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon user stores, see Manage user stores.
Note
WSO2 Identity Server uses the embedded H2 database as its primary user store. It is recommended to change this default configuration in the production system.
Set up the primary user store¶
Configure the primary user store in the
<IS_HOME>/repository/conf/deployment.toml
file.
There are two steps involved in setting up the primary user store:
-
Select the user store manager that suits your user store.
The following table lists the available user store manager implementations and their usage.User store User store manager class Description LDAP ActiveDirectory
org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager
Used to do read-only operations for LDAP or ActiveDirectory user stores LDAP org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager
Used for LDAP user stores to do both read and write operations. This is the default primary user store configuration in the deployment.toml
file for WSO2 Identity Server.ActiveDirectory org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager
This is used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager
.JDBC org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager
This is used for JDBC user stores. You can configure your own custom user store manager. For more information, see Write a custom user store manager.
-
Configure user store manager properties.
In the
deployment.toml
file, you can configure the user store manager by adding the relevant properties of the seleted user store manager type.Refer properties used in user store managers for the complete list of user store configurations and properties. You can configure them as follows by adding to
<IS-HOME>/repository/conf/deployment.toml
.For example:[user_store] <Property-Name> = <Property-Value>
[user_store] read_groups = true
Following pages will guide you to change the primary user store to one of the available user store manager types.
- Configure a JDBC user store
- Configure a read-only LDAP user store
- Configure a read-Write Active Directory user store
- Configure a read-write LDAP user store
Warning
Server system administrator who is capable of all the actions in the system is configured within the
deployment.toml
file. If you have not configured the system administrator yet, see Configure the System Administrator. -
Restart the server.