As you are aware, I’ve been working a lot on the OpenMRS ID subsystem this year, as it was incredibly unstable. It was jeopardizing both our issue tracker and wiki availability and usability, and more. So let me update you on what I’m doing.
First, check our updated OpenMRS ID - Architecture docs. I think it’s now in a state anyone can understand it.
I recently deleted around 80 thousand users that were created more than a year ago and never logged in to talk, jira or wiki. I believe a couple more can be deleted, and will soon be working on it. That allowed me to enable Crowd cache and incremental sync, which means that:
a) Login doesn’t randomly stop working every 30 minutes to Jira and Confluence. We are now on the ‘supported’ realm for number of users.
b) We don’t have those weird ‘inactive’ users (for users that didn’t login recently)
c) We can tag anyone again in Wiki!
I’m still working with Atlassian support to get rid of the ‘ghost’ of those users, as I believe that’s the reason why Wiki requires a) so much memory to run and b) takes 5-6 hours on every upgrade. I do hope to fix those problems soon.
I had to create our LDAP database from scratch, as the data wasn’t clean and the application was refusing to start with the data we were giving it. Which mean we have now an ldap in docker that has the full hierarchy as production.
I also fixed a problem in dashboard that was deleting all users that haven’t logged in 2 days, which seemed to cause users to ‘disappear’.
- Kill the ‘ghost’ users in Confluence. Hopefully next confluence upgrades will be faster
- Delete even more users that are not being used
- Delete old LDAP groups
- Find out how to maintain the number of users to a reasonable number
- Fix the ldap to get the new certificate when the old one is expiring (I’ve been maintaining it manually so far)
- Change ID Dashboard so they don’t think that login via email is possible.