Skip to content

Configuring a User Store

An external user store (such as an LDAP) can be used with the Micro Integrator for the following two scenarios:

Setting up an LDAP

See the documentation of your LDAP provider for instructions on setting up the LDAP, and for managing users and roles.

Note

The current release of the Micro Integrator does not offer user management functionality. Therefore, you must manage users and roles from your LDAP and then connect it to the Micro Integrator.

Connecting to the LDAP

Follow the steps given below to connect the Micro Integrator to the LDAP user store.

Note

The following configuration defines read-only access to the LDAP from the Micro Integrator. The Micro Integrator does not require write access since it will not manage the user data in the LDAP.

  1. Open the deployment.toml file stored in the <MI_HOME>/conf/ directory.
  2. Add the following configurations and update the required values.

    [user_store]
    connection_url = "ldap://localhost:10389"  
    connection_name = "uid=admin,ou=system" 
    connection_password = "admin"  
    user_search_base = "ou=system"   

    Parameters used above are explained below.

    Parameter Value
    connection_url The URL for connecting to the LDAP. If you are connecting over ldaps (secured LDAP), you need to import the certificate of the user store to the truststore (wso2truststore.jks by default). See the instructions on how to add certificates to the truststore.
    connection_name The username used to connect to the user store and perform various operations. This user does not need to be an administrator in the user store. However, the user requires permission to read the user list and user attributes, and to perform search operations on the user store. The value you specify is used as the DN (Distinguish Name) attribute of the user who has sufficient permissions to perform operations on users and roles in LDAP.
    connection_password Password for the connection user name.
    user_search_base The DN of the context or object under which the user entries are stored in the user store. When the user store searches for users, it will start from this location of the directory.

See the complete list of parameters you can configure for the ldap user store.

Top