Command Line Interface
ldap2pg tries to be friendly regarding configuration and consistent with psql, OpenLDAP utils and 12 factors apps. ldap2pg reads its configuration from several sources, in the following order, first prevail:
- command line arguments.
- environment variables.
- configuration file.
- ldaprc, ldap.conf, etc.
The --help
switch shows regular online documentation for CLI arguments. As of
version 5.7, this looks like:
$ ldap2pg --help
usage: ldap2pg [OPTIONS] [dbname]
--check Check mode: exits with 1 if Postgres instance is unsynchronized.
--color Force color output.
-c, --config string Path to YAML configuration file. Use - for stdin.
-?, --help Show this help message and exit. (default true)
-q, --quiet count Decrease log verbosity.
-R, --real Real mode. Apply changes to Postgres instance.
-P, --skip-privileges Turn off privilege synchronisation.
-v, --verbose count Increase log verbosity.
-V, --version Show version and exit. (default true)
Optional argument dbname is alternatively the database name or a conninfo string or an URI.
See man psql(1) for more information.
By default, ldap2pg runs in dry mode.
ldap2pg requires a configuration file to describe LDAP searches and mappings.
See https://ldap2pg.readthedocs.io/en/latest/ for further details.
Arguments can be defined multiple times. On conflict, the last argument is used.
Environment variables¶
ldap2pg has no CLI switch to configure Postgres connection.
However, ldap2pg supports libpq
PG* env vars.
See psql(1) for details on libpq env vars.
The same goes for LDAP, ldap2pg supports standard LDAP*
env vars and ldaprc
files.
See ldap.conf(5)
for further details on how to configure.
ldap2pg accepts one extra variable: LDAPPASSWORD
.
Tip
Test Postgres connexion using psql(1)
and LDAP using ldapwhoami(1)
,
ldap2pg will be okay
and it will be easier to debug the setup and the configuration later.
Logging setup¶
ldap2pg have several levels of logging:
ERROR
: error details. When this happend, ldap2pg will crash.WARNING
: ldap2pg warns about choices you should be aware of.CHANGE
: only changes applied to Postgres cluster. (aka Magnus Hagander level).INFO
(default): tells what ldap2pg is doing, especially before long task.DEBUG
: everything, including raw SQL queries and LDAP searches and introspection details.
The --quiet
and --verbose
switches respectively decrease and increase
verbosity.
You can select the highest level of verbosity with LDAP2PG_VERBOSITY
envvar. For example:
$ LDAP2PG_VERBOSITY=DEBUG ldap2pg
12:23:45 INFO Starting ldap2pg version=v6.0-alpha5 runtime=go1.21.0 commit=<none>
12:23:45 WARN Running a prerelease! Use at your own risks!
12:23:45 DEBUG Searching configuration file in standard locations.
12:23:45 DEBUG Found configuration file. path=./ldap2pg.yml
$
ldap2pg output varies whether it’s running with a TTY or not.
If standard error is a TTY, logging is colored and tweaked for human reading.
Otherwise, logging format is pure logfmt, for machine processing.
You can force human-readable output by using --color
CLI switch.