This page has not been updated since migration to Keycloak: https://github.com/openmrs/openmrs-contrib-itsm-id
Introduction
The collective "OpenMRS ID" refers to this system of user management used by the OpenMRS community. An individual user in the system (a person with a username and password) is said to have a single "OpenMRS ID".
The ID subsystem is formed by:
OpenLDAP: the data storage for all OpenMRS ID data for verified users (after checking email).
Keycloak: Sign up and user manager. Works as SSO for Jira and Confluence cloud.
Postfix: redirects Jira and Confluence cloud emails
[Deprecated] ID Dashboard: web application that facilitates creation of new OpenMRS IDs, profile editing. Information is retrieved from cache in MongoDB, or loaded from OpenLDAP if not on cache.
Formage: admin screen in ID dashboard to modify users (change group membership for LDAP group). Expected to be replaced
[Deprecated] Crowd: Legacy system that used to provide user management for Jira and Confluence. It works as a bridge between LDAP and those applications.
Legacy diagram before keycloak and Postfix. Jira, Crowd and Wiki have a local/internal user to fix connections with Crowd/LDAP. They also an internal captcha to catch users with multiple failure attempts.
LDAP Objects
LDAP is a hierarchical data storage.
The top level node is 'dc=openmrs,dc=org'.
All users belong to 'ou=users,dc=openmrs,dc=org', what means that users is an Organization Unit (just a child node like any other) of node 'dc=openmrs,dc=org'.
A username 'jane_doe' is represented as "uid=jane_doe,ou=users,dc=openmrs,dc=org" , which is 'user ID jane_doe' child node of node 'ou=users' of node 'dc=openmrs,dc=org'.