Architecture

IdentityScribe bridges LDAP directories with modern APIs. It synchronizes data from LDAP sources into PostgreSQL, then serves queries through multiple protocol channels.

flowchart LR
    subgraph sources[LDAP Sources]
        AD[Active Directory]
        OpenLDAP[OpenLDAP]
        Other[Other LDAP]
    end
    
    subgraph scribe[IdentityScribe]
        Ingest[Ingest]
        PG[(PostgreSQL)]
        Query[Query]
    end
    
    subgraph channels[Channels]
        LDAP[LDAP v3]
        REST[REST API]
        GQL[GraphQL]
    end
    
    sources --> Ingest
    Ingest --> PG
    PG --> Query
    Query --> channels

1. Detect - Listen for changes via persistent search, changelog, or polling (per-LDAP best method)
2. Transform - Apply attribute mappings and virtual attributes
3. Store - Write change events to PostgreSQL
4. Index - Update search indexes

1. Parse - Convert client query (LDAP filter, REST params) to SQL
2. Execute - Run optimized SQL against PostgreSQL
3. Map - Transform results to channel format (LDAP entries, JSON, GraphQL)

All channels share the same query engine, ensuring consistent behavior:

Channel	Protocol	Use case
LDAP	LDAP v3	Legacy apps, LDAP tools
REST	HTTP/JSON	Modern apps, automation
GraphQL	HTTP/GraphQL	Flexible queries, frontend-driven data fetching

A transcribe defines what to sync from an LDAP source:

• base - LDAP subtree to sync (e.g., ou=users,dc=example,dc=com)
• filter - Which entries to include (e.g., (objectClass=person))
• attributes - Attribute mappings and transformations

All changes are stored as immutable events:

• Full history - Every change to every entry is recorded
• Point-in-time queries - Query data as it existed at any moment
• Efficient sync - Incremental updates from source LDAP

• Quickstart - Get running in 5 minutes
• Configuration - Configure transcribes and channels
• Channels Overview - Deep dive on protocol channels