Thursday, June 25, 2015

WSO2 IS User Store as ReadOnly/ReadWrite LDAP secondary user store

In most of the testing scenarios, we need to connect our products in to a secondary user store which is ReadOnly or ReadWrite Ldap User stores.

This is a simple way to get it done with WSO2 Identity Server.

Not as other WSO2 products, IS ships LDAP User store as it's primary user store. So if we need to point any of the other products in to a LDAP secondary user store, we can easily use WSO2 IS for that.

Case 01: Pointing WSO2 AM to a ReadOnlyLDAP Secondary user store

  • Download, Extract, Start WSO2 IS
  • Download, Extract WSO2 AM
  • If we are running both products in the same machine, we need to change the offset of the AM
  • Open the carbon.xml file located in "wso2am-1.9.0/repository/conf" folder and change the Offset value to "1". (By default it is "0")
  • Start AM
  • Browse url https://localhost:9444/carbon/
  • Login with credentials admin/admin
  • From the left menu , click on "Configure"

  • Click on "User Store Management"
  • Then click on "Add Secondary User Store" button 
  • From the drop down at the top, select "ReadOnlyLdapUserStoreManager" as the user store manager class.
  • Then provide parameters as follow
    • Domain Name : Any Name (
    • Connection Name : uid=admin,ou=system
    • Connection URL : ldap://localhost:10389
    • Connection Password : admin
    • User search base : ou=Users,dc=wso2,dc=org
    • User Object Class : (objectClass=person)
    • Username Attribute : uid
    • User search filter : (&(objectClass=person)(uid=?))
  • Then click on Add. 
  • After few seconds, it will be displayed in the user Store list 
  • You can find these configurations in user-mgt.xml file located in  "wso2am-1.9.0/repository/conf" folder. But you need to focus on the parameter "User search base".  By default it is given as "ou=system". But with that you ll not be able to view the users of the secondary user store. Here i have added the correct parameter value " ou=Users,dc=wso2,dc=org"

Case 02: Pointing WSO2 AM to a ReadWriteLDAP Secondary user store

Please follow the documentation

No comments:

Post a Comment