Skip to content

Configuring a User Store

An external user store (such as an LDAP or RDBMS) can be used with the Micro Integrator for the following two scenarios:

Configuring an LDAP user store

An LDAP user store is recommended for the Micro Integrator. Follow the instruction given below.

Step 1: Setting up an LDAP

See the documentation of your LDAP provider for instructions on setting up the LDAP, and for managing users and roles.

Note

The current release of the Micro Integrator does not offer user management functionality. Therefore, you must manage users and roles from your LDAP and then connect it to the Micro Integrator.

Step 2: Connecting to the LDAP

Follow the steps given below to connect the Micro Integrator to the LDAP user store.

Note

The following configuration defines read-only access to the LDAP from the Micro Integrator. The Micro Integrator does not require write access since it will not manage the user data in the LDAP.

  1. Open the deployment.toml file stored in the <MI_HOME>/conf/ directory.
  2. Add the following configurations and update the required values.

    [user_store]
    connection_url = "ldap://localhost:10389"  
    connection_name = "uid=admin,ou=system" 
    connection_password = "admin"  
    user_search_base = "ou=system"   

    Parameters used above are explained below.

    Parameter Value
    connection_url The URL for connecting to the LDAP. If you are connecting over ldaps (secured LDAP), you need to import the certificate of the user store to the truststore (wso2truststore.jks by default). See the instructions on how to add certificates to the truststore.
    connection_name The username used to connect to the user store and perform various operations. This user does not need to be an administrator in the user store. However, the user requires permission to read the user list and user attributes, and to perform search operations on the user store. The value you specify is used as the DN (Distinguish Name) attribute of the user who has sufficient permissions to perform operations on users and roles in LDAP.
    connection_password Password for the connection user name.
    user_search_base The DN of the context or object under which the user entries are stored in the user store. When the user store searches for users, it will start from this location of the directory.

See the complete list of parameters you can configure for the ldap user store.

Configuring an RDBMS user store (Optional)

If you are already using a JDBC user store (database) with another WSO2 product (WSO2 API Manager, WSO2 Identity Server, or an instance of WSO2 Enterprise Integrator 6.x.x), you can connect the same database to the Micro Integrator of WSO2 Enterprise Integrator 7 as explained below.

Warning

You cannot manage users and roles when you use a JDBC user store with the Micro Integrator. Therefore, be sure that your database is already up-to-date before connecting it to the Micro Integrator. Alternatively, you can shift to an LDAP user store.

  1. Open the deployment.toml file (stored in the <MI_HOME>/conf directory).
  2. Add the following datasource configuration and update the values for your database.

    [[datasource]]
    id = "WSO2_CARBON_DB"
    url= "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
    username="username"
    password="password"
    driver="org.h2.Driver"

    Parameters used above are explained below.

    Parameter Value
    id The name given to the datasource.
    url The URL for connecting to the database. The type of database is determined by the URL string..
    username The username used to connect to the user store and perform various operations. This user does not need to be an administrator in the user store. However, the user requires permission to read the user list and user attributes, and to perform search operations on the user store.
    password Password for the connection user name.
    driver The driver class specific to the JDBC user store.

    See the complete list of database connection parameters and their descriptions. Also, see the recommendations for tuning the JDBC connection pool.

  3. Add the JDBC user store manager under the [user_store] toml heading as shown below.

    [user_store]
    class = "org.wso2.micro.integrator.security.user.core.jdbc.JDBCUserStoreManager"
    The datasource configured under the [[datasource]] toml heading will now be the effective user store for the Micro Integrator.

Top