Page Comparison

Tools provided by openldap-utils RPM

• Existing, signed, vendor RPM.

• Package will already be installed on host operating as the simpkv LDAP server.

• Supports ldapi interface, which is faster than ldap/ldaps, while still being secure.

• Requires openldap-utils RPM to be installed on host executing Bolt compiles.

• To take advantage of ldapi either have to educate user on when ldapi should be configured OR create internal auto-ldapi-detection logic to use the ldapi interface when it is available <--> complexity.

net-ldap Ruby gem

• User can install gem without sysadmin support, when not on isolated network.

• Requires gem RPM packaging for use on isolated networks (e.g., simp-vendored-net-ldap RPM)

• Requires gem installation into the puppetserver

• Does not support ldapi .

Support both tools provided by openldap-utils and net-ldap Ruby gem, using whichever it discovers is available

More installation flexibility when not on isolated networks.

• Increased code+test complexity.

• Still has gem packaging issues on isolated systems for Bolt users.

• User still needs to know when ldapi can be used, unless auto-discovery mechanism is built.