This is the main user store in the system and shared among all the tenants in the system. Only one user store can be configured as the primary user store. This documentation explains the process of setting up a primary user store. If you need more information on WSO2 Carbon user stores see Configuring User Stores.
By default, the embedded H2 database (JDBC) that is shipped with WSO2 products is configured as the primary user store, except for WSO2 Identity Server, which has an embedded LDAP as its primary user store. Its recommended to change this default configuration in the production system.
Setting up a Primary User Store
Primary user store is configured in the
<PRODUCT_HOME>/repository/conf/user-mgt.xml file within the
There are two steps involved in setting up a primary user store:
- Select the User store manager that suites your user store. (See User store manager section in Configuring User Stores for more information. Or you configure your own custom user store manager as well)
- Configure user store manager properties.
In the following pages, you can find the information of the properties that you need to configure in user store manager types. It provides the additional steps and recommendations specific to each user store manager.
- Configuring a JDBC User Store
- Configuring a Read-Only LDAP User Store
- Configuring a Read-Write Active Directory User Store
- Configuring a Read-Write LDAP User Store
In the user-mgt.xml file there are configuration for each user store manager, you can simply uncomment the correct user store configuration and fill the properties (All the other UserStoreManager configurations should be commented out or removed ). But it is important to read each user store configuration document to find specific information that you need to follow configuring particular user store.
For primary user store only you need to set TenantManager property under user store manager properties:
This is only applicable to the WSO2 Identity server. Once you configure a primary user store, make sure you disable the default embedded user store from the system. To do this, open the
<IS_HOME>/repository/conf/identity/embedded-ldap.xmlfile and make the following change to the enable property.
If you haven’t configure the system administrator yet see, Configuring the System Administrator
- Restart the server