diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index 3c21bf5..5e50240 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -19,6 +19,11 @@ class ldap::auth inherits ldap::client {
     tag("bootstrap")
 
     $ldap_uri = inline_template('<%= @ldap_server.join(" ") -%>')
+    if regsubst($ldap_uri, "^(ldaps)://.*", "\1") == "ldaps"{
+        $ssl = "on"
+    } else {
+        $ssl = "no"
+    }
 
     if $::kernel == "Linux" {
         include nscd
@@ -41,7 +46,7 @@ class ldap::auth inherits ldap::client {
                     }
                     augeas { "nslcd-conf":
                         changes => [ "set pagesize 500",
-                                     "set ssl on",
+                                     "set ssl ${ssl}",
                                      "set tls_reqcert never",
                                      "rm tls_cacertdir", ],
                         incl    => "/etc/nslcd.conf",
@@ -58,7 +63,7 @@ class ldap::auth inherits ldap::client {
                         }
                     }
                     augeas { "pam-ldap-conf":
-                        changes => [ "set ssl on",
+                        changes => [ "set ssl ${ssl}",
                                      "set pam_password exop",
                                      "rm tls_cacertdir", ],
                         incl    => "/etc/pam_ldap.conf",
@@ -85,16 +90,13 @@ class ldap::auth inherits ldap::client {
                         context  => "/files/etc/ldap.conf",
                         changes  => [ "set nss_paged_results yes",
                                       "set pam_password exop",
-                                      "set ssl on", ],
-                        onlyif   => [ "get nss_paged_results != yes",
-                                      "get pam_password != exop",
-                                      "get ssl != on", ],
+                                      "set ssl ${ssl}", ],
                         notify   => Service["nscd"],
                     }
                 }
             }
         }
-        Ubuntu: {
+        "Ubuntu": {
             package { "ldap-auth-client":
                 ensure => installed,
             }
@@ -111,21 +113,17 @@ class ldap::auth inherits ldap::client {
             }
             augeas { "pam-ldap-conf":
                 context => "/files/etc/ldap.conf",
-                changes => [ "set uri '${ldap_uri}'",
-                             "set base ${ldap_basedn}",
-                             "set nss_paged_results yes",
-                             "set pam_password exop",
-                             "rm rootbinddn",
-                             "set ssl on", ],
-                onlyif  => [ "get uri != '${ldap_uri}'",
-                             "get base != ${ldap_basedn}",
-                             "get nss_paged_results != yes",
-                             "get pam_password != exop",
-                             "get rootbinddn == 'cn=manager,dc=example,dc=net'",
-                             "get ssl != on", ],
+                changes => [
+                  "set uri '${ldap_uri}'",
+                  "set base ${ldap_basedn}",
+                  "set nss_paged_results yes",
+                  "set pam_password exop",
+                  "rm rootbinddn",
+                  "set ssl ${ssl}",
+                ],
             }
         }
-        OpenBSD: {
+        "OpenBSD": {
             if ! $ldap_login_umask {
                 $ldap_login_umask = "077"
             }