Configuring a User Store

An external user store (such as an LDAP or RDBMS) can be used with the Micro Integrator for the following two scenarios:

Configuring an LDAP user store

An LDAP user store is recommended for the Micro Integrator. Follow the instruction given below.

Step 1: Setting up an LDAP

See the documentation of your LDAP provider for instructions on setting up the LDAP, and for managing users and roles.

Note

The current release of the Micro Integrator does not offer user management functionality. Therefore, you must manage users and roles from your LDAP and then connect it to the Micro Integrator.

Step 2: Connecting to the LDAP

Follow the steps given below to connect the Micro Integrator to the LDAP user store.

Note

The following configuration defines read-only access to the LDAP from the Micro Integrator. The Micro Integrator does not require write access since it will not manage the user data in the LDAP.

  1. Open the deployment.toml file stored in the <MI_HOME>/conf/ directory.

  2. Add the following configurations and update the required values. 

    [user_store]
connection_url = "ldap://localhost:10389"  
connection_name = "uid=admin,ou=system" 
connection_password = "admin"  
user_search_base = "ou=system"

    Note

    If you have taken a WUM update after 28/11/2019, you need to add the following configuration under [user_store] in addition to the above. 

    type = "read_only_ldap"

    Parameters used above are explained below.

    Parameter Value
    connection_url The URL for connecting to the LDAP. If you are connecting over ldaps (secured LDAP), you need to import the certificate of the user store to the truststore (wso2truststore.jks by default). See the instructions on how to add certificates to the truststore.
    connection_name The username used to connect to the user store and perform various operations. This user does not need to be an administrator in the user store. However, the user requires permission to read the user list and user attributes, and to perform search operations on the user store. The value you specify is used as the DN (Distinguish Name) attribute of the user who has sufficient permissions to perform operations on users and roles in LDAP.
    connection_password Password for the connection user name.
    user_search_base The DN of the context or object under which the user entries are stored in the user store. When the user store searches for users, it will start from this location of the directory.

See the complete list of parameters you can configure for the ldap user store.

Configuring an RDBMS user store (Optional)

If you are already using a JDBC user store (database) with another WSO2 product (WSO2 API Manager, WSO2 Identity Server, or an instance of WSO2 Enterprise Integrator 6.x.x), you can connect the same database to the Micro Integrator of WSO2 Enterprise Integrator 7 as explained below.

Warning

You cannot manage users and roles when you use a JDBC user store with the Micro Integrator. Therefore, be sure that your database is already up-to-date before connecting it to the Micro Integrator. Alternatively, you can shift to an LDAP user store.

  1. Open the deployment.toml file (stored in the <MI_HOME>/conf directory).

  2. Add the following datasource configuration and update the values for your database.

    [[datasource]]
id = "WSO2_CARBON_DB"
url= "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
username="username"
password="password"
driver="org.h2.Driver"

    Parameters used above are explained below.

    Parameter Value
    id The name given to the datasource.
    url The URL for connecting to the database. The type of database is determined by the URL string..
    username The username used to connect to the user store and perform various operations. This user does not need to be an administrator in the user store. However, the user requires permission to read the user list and user attributes, and to perform search operations on the user store.
    password Password for the connection user name.
    driver The driver class specific to the JDBC user store.

    See the complete list of database connection parameters and their descriptions. Also, see the recommendations for tuning the JDBC connection pool.

  3. Add the JDBC user store manager under the [user_store] toml heading as shown below.

    [user_store]
class = "org.wso2.micro.integrator.security.user.core.jdbc.JDBCUserStoreManager"
    The datasource configured under the [[datasource]] toml heading will now be the effective user store for the Micro Integrator.

    Note

    If you have taken a WUM update after 28/11/2019, you need to add the following configuration under [user_store] in addition to the above. 

    type = "database"

Disabling lazy loading of user store configurations (Optional)

By default, the Micro Integrator initializes the user store configurations on demand (lazy loading). That is, user store configurations are initialized only when the configurations are engaged for the first time and not when the server starts. This behavior improves the server startup time; however, this first server request (that engages user store configurations) will experience a delay due to the initialization.

Tip

Note that only the first server request will experience a delay due to lazy loading. Subsequent server requests received during the server's run time will not be affected.

If you want the user store configurations to be initialized during server start up, you can disable lazy loading of user store configurations as explained below. This delays the server start up; however, the first server request that engages the user store configurations will not experience any delay.

  1. Open the carbon.properties file from the <MI_HOME>/conf directory.
  2. Add the following parameter and save the file: 
    mi.security.usermgt.lazy.init=false
Top