OpenMRS ID - Architecture
Introduction
The collective "OpenMRS ID" refers to this system of user management used by the OpenMRS community. An individual user in the system (a person with a username and password) is said to have a single "OpenMRS ID".
The ID subsystem is formed by:
- OpenLDAP: the data storage for all OpenMRS ID data for verified users (after checking email).
- ID Dashboard: web application that facilitates creation of new OpenMRS IDs, profile editing. Information is retrieved from cache in MongoDB, or loaded from OpenLDAP if not on cache.
- Formage: admin screen in ID dashboard to modify users
- Crowd: Provides user management for Atlassian tools. It works as a bridge between LDAP and those applications.
Jira, Crowd and Wiki have a local/internal user to fix connections with Crowd/LDAP. They also an internal captcha to catch users with multiple failure attempts.
LDAP Objects
LDAP is a hierarchical data storage.
The top level node is 'dc=openmrs,dc=org'.
All users belong to 'ou=users,dc=openmrs,dc=org', what means that users is an Organization Unit (just a child node like any other) of node 'dc=openmrs,dc=org'.
A username 'jane_doe' is represented as "uid=jane_doe,ou=users,dc=openmrs,dc=org" , which is 'user ID jane_doe' child node of node 'ou=users' of node 'dc=openmrs,dc=org'.