Skip to main content
Loom LDAP Browser accepts command-line arguments to override configuration, connect directly to servers, and manage the encrypted vault.

Synopsis

loom-ldapbrowser [OPTIONS]

Options

-c, --config
string
Path to configuration file.Default: ~/.config/loom-ldapbrowser/config.tomlExample:
loom-ldapbrowser --config /etc/loom/custom-config.toml
-H, --host
string
LDAP server hostname or IP address.When specified, loom creates a temporary connection profile and connects immediately. This overrides the first profile in the config file.Example:
loom-ldapbrowser -H ldap.example.com
-p, --port
integer
LDAP server port.Default: 389Only used when --host is specified.Example:
loom-ldapbrowser -H ldap.example.com -p 636
-D, --bind-dn
string
Bind distinguished name (DN).The DN to authenticate as when connecting. Only used when --host is specified.Example:
loom-ldapbrowser -H ldap.example.com -D "cn=admin,dc=example,dc=com"
-b, --base-dn
string
Base DN for browsing and searching.The root of the directory tree displayed in the browser. Only used when --host is specified.Example:
loom-ldapbrowser -H ldap.example.com -b "dc=example,dc=com"
--vault-password
string
Vault master password.Provides the vault master password via command-line argument, avoiding the interactive prompt. Only used when vault_enabled = true in the config.Example:
loom-ldapbrowser --vault-password "masterpassword"
The password will be visible in shell history and process listings. Use LOOM_VAULT_PASSWORD environment variable instead for better security.
--vault
string
Path to vault file.Default: ~/.config/loom-ldapbrowser/vault.datExample:
loom-ldapbrowser --vault /secure/location/vault.dat
-h, --help
boolean
Print help information and exit.Example:
loom-ldapbrowser --help
-V, --version
boolean
Print version information and exit.Example:
loom-ldapbrowser --version

Connection Override Behavior

When you specify --host (with optional -p, -D, -b), loom:
  1. Creates a temporary connection profile with these parameters
  2. Sets tls_mode = "auto" (tries LDAPS, StartTLS, then plaintext)
  3. Sets credential_method = "prompt" (prompts for password)
  4. Inserts this profile as the first connection in the config
  5. Automatically connects on startup

Example: Quick Ad-Hoc Connection

loom-ldapbrowser \
  -H ldap.example.com \
  -D "cn=admin,dc=example,dc=com" \
  -b "dc=example,dc=com"
This is equivalent to creating a profile: 
[[connections]]
name = "ldap.example.com"
host = "ldap.example.com"
port = 389
tls_mode = "auto"
bind_dn = "cn=admin,dc=example,dc=com"
base_dn = "dc=example,dc=com"
credential_method = "prompt"

Environment Variables

These environment variables work alongside command-line options:
LOOM_PASSWORD
string
Bind password for credential_method = "prompt".When set, loom uses this password instead of prompting interactively.Example:
export LOOM_PASSWORD="secretpassword"
loom-ldapbrowser -H ldap.example.com -D "cn=admin,dc=example,dc=com"
LOOM_VAULT_PASSWORD
string
Vault master password.When set, loom uses this password to unlock the vault instead of prompting.Example:
export LOOM_VAULT_PASSWORD="masterpassword"
loom-ldapbrowser
Prefer LOOM_VAULT_PASSWORD over --vault-password flag. Environment variables don’t appear in shell history or process listings as easily.

Usage Examples

Connect to a Server with CLI Arguments

loom-ldapbrowser -H ldap.example.com -D "cn=admin,dc=example,dc=com" -b "dc=example,dc=com"
Loom prompts for the bind password and connects.

Connect to LDAPS Port

loom-ldapbrowser -H ldaps.example.com -p 636
Connects to port 636 (LDAPS) with auto TLS mode.

Connect with Password from Environment

export LOOM_PASSWORD="secretpassword"
loom-ldapbrowser -H ldap.example.com -D "cn=admin,dc=example,dc=com" -b "dc=example,dc=com"
No interactive password prompt.

Use Custom Config File

loom-ldapbrowser --config ~/my-ldap-config.toml
Loads profiles and settings from a non-default location.

Launch with Saved Profiles

loom-ldapbrowser
Loom reads ~/.config/loom-ldapbrowser/config.toml and:
  • Connects to the first profile automatically (if configured)
  • Shows the profiles layout if no profiles exist
  • Prompts for vault password if vault_enabled = true

Open Vault with Command-Line Password

loom-ldapbrowser --vault-password "masterpassword"
Unlocks vault without interactive prompt.

Use Alternate Vault File

loom-ldapbrowser --vault /mnt/secure/my-vault.dat --vault-password "masterpassword"
Uses a vault file from a different location (e.g., encrypted filesystem, network mount).

Check Version

loom-ldapbrowser --version
Outputs: 
loom-ldapbrowser 0.1.0

Show Help

loom-ldapbrowser --help
Displays usage information and all available options.

Combining with Saved Profiles

Command-line arguments override the first connection profile in config.toml. Other profiles remain available in the profiles layout (F1).

Example

Config file: 
[[connections]]
name = "Production"
host = "ldap-prod.example.com"

[[connections]]
name = "Staging"
host = "ldap-staging.example.com"
Command: 
loom-ldapbrowser -H ldap-dev.example.com
Result:
  • Loom connects to ldap-dev.example.com (from CLI)
  • “Production” and “Staging” profiles are available in F1 profiles layout
  • CLI connection appears as first tab

Exit Codes

CodeMeaning
0Success (normal exit)
1General error (connection failed, config invalid, etc.)
130Interrupted by Ctrl+C

Shell Integration

Bash Alias

# ~/.bashrc
alias ldap='loom-ldapbrowser -H ldap.example.com -D "cn=admin,dc=example,dc=com" -b "dc=example,dc=com"'
Now ldap launches loom with your common connection parameters.

ZSH Completion

Loom uses clap for argument parsing. Generate shell completions: 
# Generate completions (requires building from source with completion feature)
loom-ldapbrowser --generate-completions zsh > ~/.zsh/completions/_loom-ldapbrowser
Shell completion generation is a planned feature. Currently not available in release builds.

Systemd Service

You can run loom as a background service for monitoring or automation (non-interactive mode is planned). 
# /etc/systemd/system/loom-ldap-monitor.service
[Unit]
Description=Loom LDAP Browser Monitor
After=network.target

[Service]
Type=simple
User=ldapuser
Environment="LOOM_PASSWORD=secretpassword"
ExecStart=/usr/local/bin/loom-ldapbrowser --config /etc/loom/monitor.toml
Restart=on-failure

[Install]
WantedBy=multi-user.target
Loom is a TUI application requiring a terminal. Headless/daemon mode is not currently supported.

Debugging

Verbose Logging

Loom logs to ./logs/loom-ldapbrowser.log by default. Set the log level in config: 
[general]
log_level = "debug"
Or via environment variable: 
RUST_LOG=debug loom-ldapbrowser

Trace LDAP Operations

RUST_LOG=loom_core=trace loom-ldapbrowser
This logs all LDAP protocol operations (search, bind, modify, etc.).

Security Considerations

  • Command-line arguments are visible in process listings (ps aux)
  • Avoid passing passwords via --vault-password; use environment variables or interactive prompts
  • Shell history may record commands with passwords; use HISTCONTROL=ignorespace and prefix commands with a space
  • Use config files for production deployments instead of CLI arguments

Build docs developers (and LLMs) love

Get started for freeTalk to us