This Patch adds an example LDB module "univention_machine_secret" to the source package ldb.

Below you find an example script that can be used to register the module with /var/tmp/secrets.ldb.

------------------------------------------------------------
#!/bin/sh

LDB_FILE='/var/tmp/secrets.ldb'
ADDITIONAL_MODULE='univention_machine_secret'

# Order matters: the samba_secrets module must come last
current_modules=$(ldbsearch -H "$LDB_FILE" -b '@MODULES' -s base @LIST | sed -n 's/@LIST: \(.*\)/\1/p')

ldif() {
	echo "dn: @MODULES"
	echo "changetype: modify"
	echo "replace: @LIST"
	echo "@LIST: $ADDITIONAL_MODULE"
	for module in $current_modules; do
		echo "@LIST: $module"
	done
}

ldif | ldbmodify -H "$LDB_FILE"
------------------------------------------------------------


diff -Nuar ldb-1.1.2.orig/modules/univention_machine_secret.c ldb-1.1.2/modules/univention_machine_secret.c
--- ldb-1.1.2.orig/modules/univention_machine_secret.c	1970-01-01 01:00:00.000000000 +0100
+++ ldb-1.1.2/modules/univention_machine_secret.c	2011-10-20 23:51:04.000000000 +0200
@@ -0,0 +1,151 @@
+/* 
+ * Samba LDB module univention_machine_secret
+ *	sample LDB Module for storing /tmp/machine.secret
+ *
+ * Copyright 2011-2012 Univention GmbH
+ *
+ * http://www.univention.de/
+ *
+ * All rights reserved.
+ *
+ * The source code of this program is made available
+ * under the terms of the GNU Affero General Public License version 3
+ * (GNU AGPL V3) as published by the Free Software Foundation.
+ *
+ * Binary versions of this program provided by Univention to you as
+ * well as other copyrighted, protected or trademarked materials like
+ * Logos, graphics, fonts, specific documentations and configurations,
+ * cryptographic keys etc. are subject to a license agreement between
+ * you and Univention and not subject to the GNU AGPL V3.
+ *
+ * In the case you use this program under the terms of the GNU AGPL V3,
+ * the program is provided in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License with the Debian GNU/Linux or Univention distribution in file
+ * /usr/share/common-licenses/AGPL-3; if not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+/* univention_machine_secret was derived from the tests/sample_module
+
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+
+     ** NOTE! The following LGPL license applies to the ldb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "ldb_module.h"
+#include <unistd.h>
+#include <fcntl.h>
+
+static int univention_machine_secret_add(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_message_element *attribute;
+	struct ldb_context *ldb;
+	TALLOC_CTX *tmp_ctx;
+	char hostname[256];
+	struct ldb_result *res = NULL;
+	int fd;
+	int ret;
+	ldb = ldb_module_get_ctx(module);
+	ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_add\n"));
+
+	ret = ldb_next_request(module, req);
+
+	if ( ret == LDB_SUCCESS ) {
+		attribute = ldb_msg_find_element(req->op.add.message, "secret");
+		if (attribute) {
+			ldb = ldb_module_get_ctx(module);
+			tmp_ctx = talloc_new(module);
+			hostname[255] = '\0';
+			gethostname(hostname, 255);
+			static const char * const attrs[] = { "dn", NULL };
+			ret = ldb_search(ldb, tmp_ctx, &res, req->op.mod.message->dn, LDB_SCOPE_BASE, attrs, "samAccountName=%s$", hostname);
+			if ( ret == LDB_SUCCESS && attribute->num_values == 1 ) {
+				ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_add: secret modified: %s\n", (const char *)attribute->values[0].data));
+				fd = open("/tmp/machine.secret", O_WRONLY |O_CREAT |O_TRUNC);
+				if (fd != -1) {
+					write(fd, (const char *)attribute->values[0].data, attribute->values[0].length);
+					close(fd);
+				} else {
+					ldb_debug(ldb, LDB_DEBUG_ERROR, ("LDB_univention_machine_secret: error opening file /tmp/machine.secret\n"));
+				}
+			}
+			talloc_free(tmp_ctx);
+		}
+	}
+
+	return ret;
+}
+
+static int univention_machine_secret_modify(struct ldb_module *module, struct ldb_request *req)
+{
+	struct ldb_message_element *attribute;
+	struct ldb_context *ldb;
+	TALLOC_CTX *tmp_ctx;
+	char hostname[256];
+	struct ldb_result *res = NULL;
+	int fd;
+	int ret;
+	ldb = ldb_module_get_ctx(module);
+	ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_modify\n"));
+
+	ret = ldb_next_request(module, req);
+
+	if ( ret == LDB_SUCCESS ) {
+		attribute = ldb_msg_find_element(req->op.mod.message, "secret");
+		if (attribute) {
+			ldb = ldb_module_get_ctx(module);
+			tmp_ctx = talloc_new(module);
+			hostname[255] = '\0';
+			gethostname(hostname, 255);
+			static const char * const attrs[] = { "dn", NULL };
+			ret = ldb_search(ldb, tmp_ctx, &res, req->op.mod.message->dn, LDB_SCOPE_BASE, attrs, "samAccountName=%s$", hostname);
+			if ( ret == LDB_SUCCESS && attribute->num_values == 1 ) {
+				ldb_debug(ldb, LDB_DEBUG_TRACE, ("LDB_univention_machine_secret: ldb_modify: secret modified: %s\n", (const char *)attribute->values[0].data));
+				fd = open("/tmp/machine.secret", O_WRONLY |O_CREAT |O_TRUNC);
+				if (fd != -1) {
+					write(fd, (const char *)attribute->values[0].data, attribute->values[0].length);
+					close(fd);
+				} else {
+					ldb_debug(ldb, LDB_DEBUG_ERROR, ("LDB_univention_machine_secret: error opening file /tmp/machine.secret\n"));
+				}
+			}
+			talloc_free(tmp_ctx);
+		}
+	}
+
+	return ret;
+}
+
+static struct ldb_module_ops ldb_univention_machine_secret_module_ops = {
+	.name              = "univention_machine_secret",
+	.add		   = univention_machine_secret_add,
+	.modify		   = univention_machine_secret_modify,
+};
+
+int ldb_univention_machine_secret_init(const char *version)
+{
+	LDB_MODULE_CHECK_VERSION(version);
+	return ldb_register_module(&ldb_univention_machine_secret_module_ops);
+}
diff -Nuar ldb-1.1.2.orig/wscript ldb-1.1.2/wscript
--- ldb-1.1.2.orig/wscript	2011-10-20 23:43:33.000000000 +0200
+++ ldb-1.1.2/wscript	2011-10-20 23:40:39.000000000 +0200
@@ -204,6 +204,14 @@
                          deps='ldb',
                          subsystem='ldb')
 
+        bld.SAMBA_MODULE('ldb_univention_machine_secret',
+                         'modules/univention_machine_secret.c',
+                         init_function='ldb_univention_machine_secret_init',
+                         internal_module=False,
+                         module_init_name='ldb_init_module',
+                         deps='ldb',
+                         subsystem='ldb')
+
         bld.SAMBA_MODULE('ldb_sample',
                          'tests/sample_module.c',
                          init_function='ldb_sample_init',