puppet/ssh/templates/ssh_known_hosts.erb

<%

require 'ldap'
require 'uri'

basedn = ''
conn = ''

f = File.new('/etc/openldap/ldap.conf', 'r')
f.readlines.each do |line|
    line = line.strip
    next if line =~ /^#/
    next if line == ''
    line = line.split
    if line[0] == 'BASE'
        basedn = line[1]
    elsif line[0] == 'URI'
        line.shift
        line.each do |uri|
            uri = URI.parse(uri)
            begin
                if uri.scheme == 'ldaps'
                    if ! uri.port
                        uri.port = 636
                    end
                    conn = LDAP::SSLConn.new(uri.host, uri.port)
                else
                    if ! uri.port
                        uri.port = 389
                    end
                    conn = LDAP::Conn.new(uri.host, uri.port)
                end
                conn.bind
                break
            rescue LDAP::ResultError
                next
            end
        end
    end
end
f.close

filter = '(&(objectClass=ipHost)(sshPublicKey=*))'
attrs = ['cn', 'sshPublicKey', 'ipHostNumber']

data = []
conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) { |entry|
    names = []
    entry.vals('cn').each do |v|
        names.push(v)
        names.push(v.split('.')[0])
    end
    names.push(entry.vals('ipHostNumber')[0])
    names = names.uniq.sort
    data.push(names.join(',') + ' ' + entry.vals('sshPublicKey')[0])
}
data.sort

data.each do |line|

%><%= line %>
<%

end

%>