Reputation: 386
WSO2 IS expose secondary user store as ldap
I would like to expose users configured in a secondary user store in WSO2 IS as an ldap. I found out that WSO2 IS has its own internal ldap but just for primary user store, and secondary user stores are not available through this method.
I couldn't find any ldap connector neither.
Is there a way to do this OOB?
Cheers
Upvotes: 0
Views: 301
Answers (1)
Reputation: 1149
You don't need any explicit connector to configure an LDAP server as Primary or Secondary userstore of the Identity Server. It's supported out of the box.
If you want to add your LDAP as the Primary userstore of the WSO2 server, you can configure the "ReadWriteLDAPUserStoreManager" in the
<IS_HOME>/repository/conf/user-mgt.xmlfile. Documentation WSO2 Identity Server does come with an OOB in-built LDAP server configured as the primary user store. This can also be confiured as a secondary user store if you want. But, please note that it's NOT recommended to use this embedded LDAP server in the production. You should configure an external dedicated LDAP server in production.You can also add LDAP servers as secondary user stores from the Management Console. Documentation If you want to test adding an LDAP server as the secondary, you can try that by pointing the same in-built LDAP server. Just copy the LDAP server configs from the
user-mgt.xmland fill the details in the Management Console. Again, it's recommended to use an external LDAP server in production.- If you are using 5.9.0 or above, PRIMARY user store configurations should be done in the
deployment.tomlfile which will get reflected in theuser-mgt.xmlfile after a restart. Any lower, you should change the configs directly in theuser-mgt.xmlfile. Secondary userstores can be configured from the Management Console in all the versions. - In case you are interested in configuring the in-built LDAP as a secondary user store; Either you can change the PRIMARY to JDBC User store and use the in-built LDAP as a secondary. Or else, you can start another Identity Server(with a port offset to avoid port conflicts), which will expose another LDAP server. Then, point your secondary LDAP to that server's in-built LDAP.
- If you are using 5.9.0 or above, PRIMARY user store configurations should be done in the
Upvotes: 1
Related Questions
- Secondary Custom UserStore using JDBCUserStoreManagerin WSO IS 5.9
- WSO2 IS Create a secondary user store using internal LDAP
- Unable to setup OpenLDAP as primary user store for wso2is 5.6.0: LDAP Error 65 when adding a new user in management console
- How to configure WSO2 Identity Server to add claim from second user store
- WSO2 (IdM) cannot add user in Active Directory as primary user store
- WSO2 Identity Server - distinguish users from Primary userstore and secondary userstore
- wso2 identity server ldap browsing
- WSO 2 Identity Server LDAP settings do not work
- WSO2 Identity Server - LDAP user store not working
- Configure an External LDAP User Store with WSO2 Identity Server