First lets try to install OpenDJ server and configure it.
1. Download and Extract OpenDJ.zip file in to your file system.
2. Go to root directory and run "setup" script for configure the OpenDJ server.
3. Configure OpenDJ according your configuration.
Following are my sample configurations that i did
4. After configurations, you can manage the server using control panel. For that run "control-panel" script which can be found at bin directory
5. Add some users in to your domain. In my sample, for asela.com domain.
Now let see how we can connect to the OpenDJ user store using WSO2 Identity Server.
6. Download WSO2 Identity Server distribution from here and Extract it in to your file system. Let call root directory as IS_HOME
7. Open user-mgt.xml file which can be found at <IS_HOME>
8. Comment the default user store manager configuration
</UserStoreManager-->
9. Uncomment LDAPUserStoreManager configuration and change it according to your OpenDJ configurations. Following is the sample configuration that is relevanted to my OpenDJ that i used above.
<!-- If product is using an external LDAP as the user store in read only mode, use following user manager -->
<UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager">
<Property name="ReadOnly">true</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://localhost:1389</Property>
<Property name="ConnectionName">cn=TestServer</Property>
<Property name="ConnectionPassword">test123</Property>
<Property name="UserSearchBase">dc=asela,dc=com</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="GroupSearchBase">ou=system</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
</UserStoreManager>
10. Configure admin user name. Then admin user of the WSO2 Identity Server must be a user in that OpenDJ search base. According to the my sample, i have configured the admin user as a user in "dc=asela,dc=com" UserSearchBase.
<UserName>bob</UserName>
<Password></Password>
</AdminUser>
If you are hoping to read groups from the OpenDJ, Please configure it in the LDAPUserStoreManager configurations and also configure one group as an admin role of the WSO2 Identity Server.
Please note that user who is configured as admin must be in the admin role.
11.Start Identity Server by running " wso2server" script which can be found at
