WSO2IS - Disable Embedded LDAP - deployment.toml

Question

How can I disable Embedded Ldap on Identity Server 5.10.0 version? I'm checking conf/identity/embedded-ldap.xml and enable property is true.

  <EmbeddedLDAP>
    <Property name="enable">true</Property>
    <Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
    <Property name="instanceId">default</Property>
     .....

I couldn't find how I can disable. If I overwrite this file when docker starts it came back to true.

Are you using a docker image downloaded from https://hub.docker.com/r/wso2/wso2is/tags?page=1&ordering=last_updated? can you see a file named `embedded-ldap.xml.j2` at `/repository/resources/conf/templates/repository/conf/identity` location ? — Anuradha Karunarathna, Mar 03 '21 at 14:34
I'm creating my own docker image using wso2is-5.10.0.zip downloaded from wso2 website. I have this identity.xml.j2 file in my conf directory that I use in docker-compose @Anuradha Karunarathna. — Aldo Inácio da Silva, Mar 03 '21 at 16:32
Do you have `/repository/resources/conf/templates/repository/conf/identity/embedded-ldap.xml.j2` file? — Anuradha Karunarathna, Mar 03 '21 at 17:37
If it contains `{{embedded_ldap.enable}}` under `` you would be able to change that property via deployment.toml by using the `[embedded_ldap] enable = false` config — Anuradha Karunarathna, Mar 04 '21 at 06:02
It not contains . Could you tell me where I put? @AnuradhaKarunarathna — Aldo Inácio da Silva, Mar 04 '21 at 12:31
I don't have this file embedded-ldap.xml.j2 @AnuradhaKarunarathna. In this folder `wso2is-5.10.0/repository/resources/conf/templates/repository/conf/identity` only contains application-authentication.xml.j2, captcha-config.properties.j2, captcha-config.properties.j2, entitlement.properties.j2, identity-event.properties.j2 and identity.xml.j2 file. — Aldo Inácio da Silva, Mar 04 '21 at 18:01

score 1 · Answer 1 · answered Mar 04 '21 at 17:21

If you have <wso2is-5.10.0-home>/repository/resources/conf/templates/repository/conf/identity/embedded-ldap.xml.j2 file and it's enable property value under <EmbeddedLDAP> is templated as {{embedded_ldap.enable}} (shown below),

<EmbeddedLDAP>
    <Property name="enable">{{embedded_ldap.enable}}</Property>
    <Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
    <Property name="instanceId">default</Property>
.....
</EmbeddedLDAP>

you can use the following deployment.toml config

[embedded_ldap]
enable = false

If the <wso2is-5.10.0-home>/repository/resources/conf/templates/repository/conf/identity/embedded-ldap.xml.j2 file contains the EmbeddedLDAP config's enable property value as hardcoded to "true", you can change it to false and restat the server to change the config in embedded-ldap.xml.

<EmbeddedLDAP>
    <Property name="enable">true</Property>
    <Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
    <Property name="instanceId">default</Property>
.....
</EmbeddedLDAP>

If you don't have <wso2is-5.10.0-home>/repository/resources/conf/templates/repository/conf/identity/embedded-ldap.xml.j2 file, the property value changes in embedded-ldap.xml won't be replaced once the server is restarted.

I don't have this file embedded-ldap.xml.j2. I was looking on identity.xml.j2 :(. Where can I find to put in my project? — Aldo Inácio da Silva, Mar 04 '21 at 17:57
That particular file can be found here.https://github.com/wso2-extensions/identity-userstore-ldap/blob/master/features/org.wso2.carbon.ldap.server.server.feature/resources/conf/embedded-ldap.xml.j2 It is not available in the 5.10 GA pack. It has been shipped in the product with 5.11. I'm not sure whether adding this file will work for you. The mentioned 3rd option should work. If you don't have that j2 file, changes done in repository/conf/identity/embedded-ldap.xml shouldn't be overwritten when the server starts up — Anuradha Karunarathna, Mar 04 '21 at 18:38

score 0 · Answer 2 · answered Mar 03 '21 at 07:34

0

In WSO2 Identity Server 5.10.0 the configurations are managed by a centralized toml file which is called as deployment.toml. We can add the following configuration to the deployment.toml file which is located in <IS_HOME>/repository/conf directory.

[embedded_ldap]
enable = false

answered Mar 03 '21 at 07:34

Shan Chathusanda Jayathilaka

416
3
13

It doesn't work, it keeps the property enable to true. Where did you find this property on wso2 documentation? Because I couldn't find in any place. – Aldo Inácio da Silva Mar 03 '21 at 13:21

Aldo Inácio da Silva · Accepted Answer · 2021-03-04T21:09:12.957

In WSO2 Identity Server 5.10.0 version the file embedded-ldap.xml.j2 doesn't come inside
wso2is-5.10.0/repository/resources/conf/templates/repository/conf/identity so I needed to copy the file from this link: embedded-ldap.xml.j2 and put inside my configuration for docker container conf/is-as-km/repository/resources/conf/templates/repository/conf/identity

docker-compose.yml

...
volumes:
 - ./conf/is-as-km:/home/wso2carbon/wso2-config-volume
 ports:
  - "9444:9443"
...

After that I put the property in deployment.toml:

[embedded_ldap]
enable = false

And everything worked as shown in docker log:

cup-is-as-km ... NFO {org.wso2.carbon.identity.oauth.uma...} - UMA Grant component activated successfully.
cup-is-as-km ... INFO {org.wso2.carbon.ldap.server.DirectoryActivator} - Embedded LDAP is disabled.
cup-is-as-km ... INFO {org.wso2.carbon.mex.internal.Of...} - Office365Support MexServiceComponent bundle activated successfully..

Based on the last answers and comments I reached the solution ;).

WSO2IS - Disable Embedded LDAP - deployment.toml

3 Answers3