Configure the Primary User store

This is the main user store that is used in the system. Only one user store can be configured as the primary user store. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon user stores, see Manage user stores.

Note

WSO2 Identity Server uses the embedded H2 database as its primary user store. It is recommended to change this default configuration in the production system.

Set up the primary user store

Configure the primary user store in the <IS_HOME>/repository/conf/deployment.toml file.

There are two steps involved in setting up the primary user store:

1. Select the user store manager that suits your user store.
   The following table lists the available user store manager implementations and their usage.

   User store	User store manager class	Description
   LDAP ActiveDirectory	org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager	Used to do read-only operations for LDAP or ActiveDirectory user stores
   LDAP	org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager	Used for LDAP user stores to do both read and write operations. This is the default primary user store configuration in the deployment.toml file for WSO2 Identity Server.
   ActiveDirectory	org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager	This is used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.
   JDBC	org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager	This is used for JDBC user stores.

   You can configure your own custom user store manager. For more information, see Write a custom user store manager.

2. Configure user store manager properties.

   In the deployment.toml file, you can configure the user store manager by adding the relevant properties of the seleted user store manager type.

   Refer properties used in user store managers for the complete list of user store configurations and properties. You can configure them as follows by adding to <IS-HOME>/repository/conf/deployment.toml.

   [user_store]
   <Property-Name> = <Property-Value>
   

   For example:

   [user_store]
   read_groups = true
   

   Following pages will guide you to change the primary user store to one of the available user store manager types.

   • Configure a JDBC user store
   • Configure a read-only LDAP user store
   • Configure a read-Write Active Directory user store
   • Configure a read-write LDAP user store

   Warning

   Server system administrator who is capable of all the actions in the system is configured within the deployment.toml file. If you have not configured the system administrator yet, see Configure the System Administrator.

3. Restart the server.