Skip to content

Configure the Primary Userstore

This is the main userstore that is shared among all the tenants in the system. Only one userstore can be configured as the primary userstore. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon userstores, see Configure userstores.

Info

MWARE IAM uses the embedded H2 database as its primary user store. It is recommended to change this default configuration in the production system.

Set up the primary userstore

Configure the primary userstore in the <IS_HOME>/repository/conf/deployment.toml file.

There are two steps involved in setting up the primary userstore:

  1. Select the userstore manager that suits your userstore.
    The following table lists the available userstore manager implementations and their usage.

    userstore userstore manager class Description

    LDAP ActiveDirectory

    		 org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager Used to do read-only operations for LDAP or ActiveDirectory userstores
    LDAP org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager Used for LDAP user stores to do both read and write operations. This is the default primary user store configuration in the deployment.toml file for MWARE IAM.
    ActiveDirectory org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager This is used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.
    JDBC org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager This is used for JDBC userstores.

    You can configure your own custom userstore manager. For more information, see Write a custom userstore manager

    Tip

    From MWARE IAM 5.10.0 onwards, all userstore managers have UniqueID included as part of the userstore manager name (e.g.,UniqueIDJDBCUserStoreManager). Use one of these when selecting the userstore manager.

    The userstore managers that do not have UniqueID as part of the userstore manager name are only available for backward compatibility purposes and can only be used if you are migrating from a previous version of MWARE IAM.

  2. Configure userstore manager properties.
    In the following pages, you can find the information on the properties that you need to configure for different userstore manager types. It provides the additional steps and recommendations specific to each userstore manager.

    In the deployment.toml file, you can configure userstore managers by adding the relevant properties. However, it is important to read each userstore configuration document to find specific information that you need to follow when configuring a particular userstore.

    Warning

    Server system administrator who is capable of all the actions in the system is configured within the deployment.toml file. If you have not configured the system administrator yet, see Configure the System Administrator.

  3. Restart the server.

Top