Versions Compared

Old Version 37

changes.mady.by.user Liz Nemsick

Saved on

compared with

New Version 38

changes.mady.by.user Liz Nemsick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Below is the proposed SIMP OID subtree showing the parent OIDs for attributes and class objects needed for the SIMP DIT.

...

LDAP Schema Elements

Custom Schema

Multiple plugin instances, possibly from different versions of the same module, can be instantiated at the same time in the puppetserver.

...

Plugin implementations must be thread safe.

...

Technologies for Plugin Implementation

Requirements

Plugins are written in Ruby and implement the simpkv plugin API. Pluginshave strict restrictions on their implementations in order to prevent cross-environment contamination, when different versions of the plugins are simultaneously loaded into the puppetserver during concurrent catalog compilations for nodes in different Puppet environments.

Options Considered

Option

PROs

CONs

Tools provided by openldap-utils RPM

  • Existing signed RPM

  • Package will already be installed on host operating as LDAP server

  • Supports ldapi interface, which is faster than ldap/ldaps while still being secure

  • Requires openldap-utils RPM to be installed on host executing Bolt compiles

  • Have to educate user on when ldapi can be configured OR create internal auto-ldapi-detection logic which is code complexity that implies testing complexity (not the KISS principle).

net-ldap Ruby gem

User can install gem without sysadmin support, when not on isolated network

  • Requires RPM packaging for use on isolated networks (e.g., simp-vendored-net-ldap….rpm)

  • Requires gem installation into the puppetserver

  • Does not support ldapi interface

Support both tools provided by openldap-utils and net-ldap Ruby gem, using whichever it discovers is available

Appears to work anywhere

  • Increased code complexity <--> increased testing complexity

  • Still has packaging issues on isolated systems

  • User still needs to know when ldapi can be used

Tools provided by openldap-utils RPM

Option 2

Option 3