Integrating any WSO2 product to the LDAP user store of WSO2 Identity Server


Integrating to an external user-store is a feature that is available in the carbon kernel hence all WSO2 products has this feature available. However most of the product distributions are shipped with the product been integrated to a JDBC user-store which is linked to the inbuilt H2 DB.

WSO2 Identity Server which is the Identity and Access Management product of WSO2 has an in-built LDAP user-store. It is possible to integrate any other WSO2 product to this internal LDAP user store of the Identity Server to carry out testing on any cross product scenarios where the user-store needs to be shared with each other. Let’s see how this can be done.


In order to get this working you will need a WSO2 Identity Server product. In this case we are using the latest Identity Server version available (5.1.0). We will also need another WSO2 product that needs to integrate to the LDAP of the Identity Server, in this case we will choose WSO2 API Manager (1.10). First of all open the following user-mgt.xml file in the API Manager configuration which can be found in the following location.



Inside this configuration file you would see the user-store configuration relating to the product. The default product distribution is integrated to the inbuilt H2 Database through the JDBCUserStoreManager. Let’s comment this configuration. Now add the below configuration that would provide details on the remote LDAP instances hosted inside the WSO2 Identity Server. Note that we are setting ‘ConnectionURL’ assuming that the Identity Server runs on localhost.



In this case we are integrating the API Manager so that it can both read and write from the user-store, it is possible to configure the instance to only read from the external user-store in such a case change the class name to ‘org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager’.


Start the Identity Server first and then the secondary WSO2 product (in this case the WSO2 API Manager). You can now see that users which resides in the WSO2 Identity Server is shared with the WSO2 API Manager instance.




How to enabling wirelogs from the Carbon UI

Wirelogs are an important tool that can be used in debugging message flow. Wirelogs allow you to view the actual HTTP message that comes in and goes out from the ESB. Wirelogs can be enabled from the log4J.conf file and you would find more information on how to do this from the following blog [1], however this method would require server restarting and access to the file system of the ESB server.

Sometimes as a developer you would encounter a situation where you cannot restart or access the file system of the server to see wire logs. In that case you can enable wirelogs from the WSO2 ESB’s admin console UI. Wirelogs can be accessed from the admin console UI by following the steps given below.

1. Log into the admin console of the ESB.

2. Navigate to configuration tab and click on the logs icon as shown below.

3. Find “org.apache.axis2.transport” and change the log level to “Debug” as shown below.

You have now enabled wirelogs on the ESB instance.


WSO2 Deployment synchronization on Windows environment

Deployment synchronization (dep-sync) is a feature that is shipped with most of the WSO2 products. This blog looks at how deployment synchronization can be achieved on carbon instances running on windows environment.

  1. Deployment synchronization requires SVNKit implementation from This library has to be downloaded separately since it is not shipped with the WSO2 distribution.
  2. Once this SVN kit is downloaded copy the svnClientBundle-1.0.0.jar to {carbon_home}\repository\components\dropins folder on all the instances that artifacts need to be synchronized.
  3. In the Manager node open the {carbon_home}\repository\conf\carbon.xml and enable the dep-sync configuration as given below

  1. In the worker nodes use the following configuration to enable dep-sync in the {carbon_home}\repository\conf\carbon.xml file.

  1. Enable clustering in all instances by setting the clustering value as true in the {carbon_home}\repository\conf\axis2\axis2.xml.
<clustering class="org.apache.axis2.clustering.tribes.TribesClusteringAgent" enable="true">

Once the clustering is enabled, set a domain name so that all instances in the cluster will have the same domain name. Domain can be set as shown below.

 <parameter name="domain">wso2.carbon.domain</parameter>

Mounting WSO2 instances on a MS SQL Database which is secured via Windows authentication

A multi instance deployment of WSO2 products would require the registry (config and governance) space to be mounted on an external database.  WSO2 Products can be mounted on many types of databases. Below instructions explain how WSO2 products can be mounted on a MS SQL database that is secured via Windows Authentication.

  1. download jTDS from the following link

  1. Extract the folder and copy the jtds-1.2.2.Jarfile to the {WSO2 Product}/components/lib folder
  1. The extracted folder also includes ntlmauth.dllfile in the \x64\SSOfolder copy the dll file to java bin folder(C:\Program Files\Java\jre7\bin)
  1. download and install the jdbc driver for mssql from the following location

  1. Once this is installed set the class path to the following location {JDBC driver Installation Path}\sqljdbc_4.0\enu\auth\x86
  1. Make sure that the IP and the port is enabled at the MSSQL side, this can be verified through telnet.
  1. Change the datasources.xml to the following configuration (Please change the DB name and the hostname accordingly)

  1. Start the ESB.