Introduction to Userstores¶
Userstores are used to store users and roles. MWARE IAM supports JDBC, LDAP, and Active Directory userstores by default with the capability of configuring custom userstores. There are different userstore adapters called userstore managers, which are used to connect with these userstore types.
There are two types of userstores.
- Primary userstore (Mandatory)
- Secondary userstores (Optional)
All the supported userstores can be categorized under these two types.
Primary userstore (mandatory)¶
This is the main user store that is shared among all the tenants in the system. Only one user store should be configured as the primary user store. By default, MWARE IAM uses the embedded H2 database as the primary user store. It is recommended to change this default configuration in the production system. See here for more information on configuring the primary user store. The primary user store can be changed to any of the following user stores based on user requirement. Alternatively, a custom user store manager can be configured as well.
Userstore | Userstore manager class | Description |
---|---|---|
LDAP ActiveDirectory |
org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager |
Used to do read-only operations for external LDAP or ActiveDirectory userstores. |
LDAP | org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager |
Used for external LDAP userstores to do both read and write operations. This is the default primary userstore configuration in the deployment.toml file for MWARE IAM. |
ActiveDirectory | org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager |
Used to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager. |
JDBC | org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager |
Used for JDBC userstores. This is the default primary userstore configuration in the deployment.toml file for all WSO2 Servers, except MWARE IAM. |
Secondary userstore(s) (optional)¶
Any number of secondary userstores can be easily set up for any system. These userstores are specific to the created tenant, and they are not shared among multiple tenants. A user can access and work with multiple secondary userstores based on the permissions they are granted. The admin portal can be used to create secondary userstores. Alternatively, they can be created manually as an xml file with the relevant configurations. See Configuring Secondary Userstores for more information on configuring secondary userstores.
Userstore Manager¶
Adapters used to connect with different userstores are called userstore managers. By default, there are userstore managers for JDBC, LDAP, and Active Directory userstores. If you need to add a new userstore implementation, see Write a Custom Userstore Manager.
Related topics