FAQ

IdentityScribe syncs LDAP directories to PostgreSQL and exposes them via LDAP, REST, and GraphQL. Every change is recorded.

• LDAP bottlenecks — Offload read traffic from production LDAP servers
• Protocol mismatch — Access LDAP data via REST/GraphQL for modern apps
• Missing history — Track all changes for compliance and debugging
• Complex queries — Use SQL-backed filters instead of LDAP filter syntax

See Channels Overview for details.

IdentityScribe handles millions of entries efficiently. Performance depends on:

• PostgreSQL resources — CPU, memory, disk I/O
• Query complexity — Simple lookups are sub-millisecond; complex filters take longer
• Concurrency — Configure thread pools via concurrency setting

Typical deployments handle 10,000+ queries/second with proper tuning.

IdentityScribe uses up to 80% of available memory by default. For production:

• Minimum: 2GB RAM
• Recommended: 4-8GB RAM for 1M+ entries
• Heavy workloads: 16GB+ for high concurrency

1. Check pressure metrics: curl http://localhost:8080/observe/pressure
2. Review slow queries: Enable hints with monitoring.hints.enabled = true
3. Add indexes: Check /observe/hints for missing index suggestions
4. Increase pools: Adjust concurrency and database.*PoolSize settings

See Monitoring for detailed tuning guidance.

Yes. Standard LDAP tools work with IdentityScribe:

ldapsearch -H ldap://localhost:10389 -x -b "o=data" "(cn=John*)"

Yes. Configure TLS in the http.ssl section:

http.ssl {
  enabled = true
  cert = "/path/to/cert.pem"
  key = "/path/to/key.pem"
}

LDAP supports LDAPS (port 636) and STARTTLS. REST uses HTTPS.

• LDAP: Simple bind (username/password)
• REST: Bearer token authentication (roadmap)
• Service accounts: Configure in channels.*.auth

Yes. Use named sockets to separate public and internal traffic:

http {
  port = 8080
  sockets.internal { port = 9001, host = "localhost" }
}
monitoring.socket = "internal"

See HTTP Server for patterns.

• PostgreSQL: 17 or 18 (15/16 deprecated)
• Memory: 2GB minimum, 4-8GB recommended
• Disk: Depends on data volume (allow 2-3x source LDAP size)

Yes. See the Docker section in the Deployment Guide.

Yes. The monitoring bundle includes Helm charts:

helm install scribe-stack ./monitoring/helm/identity-scribe-stack

See the Kubernetes section in the Deployment Guide.

IdentityScribe uses HOCON configuration with environment variable overrides:

See Configuration Guide for the full reference.

# Print resolved config (passwords redacted)
./identity-scribe --printconfig

# Or at runtime
curl http://localhost:8080/observe/config

• Error Catalog — Complete list of stable error codes
• Failures — Error handling, retry semantics, support workflow

Set SCRIBE_LOG_LEVEL=debug or configure in your identity-scribe.conf:

SCRIBE_LOG_LEVEL=debug ./identity-scribe

For component-specific logging:

• SCRIBE_LOG_SUPERVISOR=debug — Startup/shutdown, orchestration
• SCRIBE_LOG_INGEST=debug — Transcription pipeline
• SCRIBE_LOG_MONITORING=debug — Wide-log output, channels

See Configuration Guide for the full list.

Include these in your support request:

1. Error-Id from the response header or body
2. Trace-Id if tracing is enabled
3. Output of curl http://localhost:8080/observe/doctor

IdentityScribe auto-detects color support:

Colors are automatically enabled in interactive terminals and CI systems like GitHub Actions, GitLab CI, CircleCI, and Travis.