This documentation is for WSO2 Carbon 4.4.1. View documentation for the latest release.
Configuring the Primary User Store - Carbon 4.4.1 - WSO2 Documentation
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Skip to end of metadata
Go to start of metadata

The default User Store

The primary user store that is configured by default in every WSO2 product is a JDBC user store, which reads/writes into the internal database of the product server. By default, the internal database is H2 (except for WSO2 IS, which uses an LDAP as the default user store). This database is used by the Authorization Manager (for user authentication information) as well as the User Store Manager (for defining users and roles).

Instead of using the embedded database, you can set up a separate repository and configure it as your primary user store. Since the user store you want to connect to might have different schemas from the ones available in the embedded user store, it needs to go through an adaptation process. WSO2 products provide the following adapters, for connecting to LDAP, Active Directory and JDBC. Thereby, these adapters enable you to authenticate users from different types of user stores.

User store manager classDescription

Use ReadOnlyLDAPUserStoreManager to do read-only operations for external LDAP user stores.


Use ReadWriteLDAPUserStoreManager for external LDAP user stores to do both read and write operations. This is the user store configuration which is uncommented in the code in the user-mgt.xml file for WSO2 Identity Server.


Use ActiveDirectoryUserStoreManager to configure an Active Directory Domain Service (AD DS) or Active Directory Lightweight Directory Service (AD LDS). This can be used only for read/write operations. If you need to use AD as read-only, you must use org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.


Use JDBCUserStoreManager for both internal and external JDBC user stores. This is the user store configuration which is uncommented in the code in the user-mgt.xml file for all WSO2 products, except WSO2 Identity Server (which uses the ReadWriteLDAPUserStoreManager).

The user-mgt.xml file already has sample configurations for all of the above user stores. To enable the required user store configuration, you must uncomment them in the code and comment out the ones that you do not need as explained in the following topics.

  • No labels