2 files changed, 47 insertions, 1 deletions

diff --git a/environments/production/hiera.yaml b/environments/production/hiera.yaml
index 095a110..f5e5bc2 100644
--- a/environments/production/hiera.yaml
+++ b/environments/production/hiera.yaml
@@ -10,7 +10,7 @@ hierarchy:
     path: "nodes/%{facts.ec2_metadata.hostname}.yaml"
 
   - name: "Per-role data"
-    mapped_paths: [roles, role, "roles/%{role}.yaml"]
+    mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
 
   - name: "Per-type data"
     path: "types/%{facts.ec2_metadata.instance-type}.yaml"
diff --git a/modules/base_installation/lib/facter/ldapvar.rb b/modules/base_installation/lib/facter/ldapvar.rb
new file mode 100644
index 0000000..ff8e898
--- /dev/null
+++ b/modules/base_installation/lib/facter/ldapvar.rb
@@ -0,0 +1,46 @@
+require 'ldap'
+require 'puppet/util/ldap/connection'
+
+Facter.add("ldapvar") do
+  setcode do
+    if Puppet[:node_terminus].to_sym != :ldap
+      data = []
+    else
+      begin
+        conn = Puppet::Util::Ldap::Connection.instance
+        conn.start
+        connection = conn.connection
+      rescue ::LDAP::ResultError => e
+        raise Puppet::ParseError, ("ldapquery(): LDAP ResultError - #{e.message}")
+      end
+
+      host = Facter.value('ec2_metadata')["hostname"]
+      base = Puppet[:ldapbase]
+      scope  = ::LDAP::LDAP_SCOPE_SUBTREE
+      filter = "(objectclass=*)"
+
+      data = {
+        :self  => {},
+        :other => [],
+      }
+
+      connection.search(base, scope, filter) do |entry|
+        data_ = entry.to_hash
+        data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || [])
+          .map { |var| var.split("=", 2) }
+          .group_by { |(key, value)| key }
+          .map { |key, value| [key, value.map(&:last)] }
+          .to_h
+
+        data[:other] << data_
+
+        if data_["cn"].any? { |cn| cn == host }
+          data[:self] = data_
+        end
+      end
+
+      data
+    end
+  end
+end
+