- add config files from IPA so that we can test using entries that

  conform to its schema

6 files changed, 542 insertions, 0 deletions

diff --git a/tests/config/schema/50ns-mail.ldif b/tests/config/schema/50ns-mail.ldif
new file mode 100644
index 0000000..8d06119
--- /dev/null
+++ b/tests/config/schema/50ns-mail.ldif
@@ -0,0 +1,80 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2005 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+#
+# Schema for Netscape Messaging Server  4.x.  Some attributes are also
+# used by NMS 5.x
+#
+dn: cn=schema
+attributeTypes: ( 2.16.840.1.113730.3.1.16 NAME ( 'mailDeliveryOption' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.707 NAME ( 'vacationstartdate' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.18 NAME ( 'mailHost' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.33 NAME ( 'mgrpModerator' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.25 NAME ( 'mgrpDeliverTo' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( mgrpApprovePassword-oid NAME ( 'mgrpApprovePassword' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.31 NAME ( 'mailEnhancedUniqueMember' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.781 NAME ( 'mgrpAddHeader' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME ( 'mgrpAllowedBroadcaster' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.30 NAME ( 'mgrpRFC822MailMember' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( nsmsgNumMsgQuota-oid NAME ( 'nsmsgNumMsgQuota' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME ( 'mailAlternateAddress' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.708 NAME ( 'vacationenddate' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.20 NAME ( 'mailProgramDeliveryInfo' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.801 NAME ( 'mgrpRemoveHeader' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.12 NAME ( 'mailAccessDomain' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.14 NAME ( 'mailAutoReplyMode' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.15 NAME ( 'mailAutoReplyText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.21 NAME ( 'mailQuota' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME ( 'mgrpBroadcasterPolicy' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.24 NAME ( 'mailRoutingAddress' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.19 NAME ( 'mailMessageStore' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.520 NAME ( 'nswmExtendedUserPrefs' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.26 NAME ( 'mgrpErrorsTo' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.23 NAME ( 'mgrpAllowedDomain' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.28 NAME ( 'mgrpMsgRejectAction' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( nsmsgDisallowAccess-oid NAME ( 'nsmsgDisallowAccess' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.17 NAME ( 'mailForwardingAddress' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME ( 'mgrpMsgMaxSize' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME ( 'mgrpMsgRejectText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
+attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME ( 'mgrpNoDuplicateChecks' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC '' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )
+objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC '' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
diff --git a/tests/config/schema/60basev2.ldif b/tests/config/schema/60basev2.ldif
new file mode 120000
index 0000000..81c7ed0
--- /dev/null
+++ b/tests/config/schema/60basev2.ldif
@@ -0,0 +1 @@
+/home/nalin/projects/freeipa/install/share/60basev2.ldif
\ No newline at end of file
diff --git a/tests/config/schema/60ipaconfig.ldif b/tests/config/schema/60ipaconfig.ldif
new file mode 120000
index 0000000..bc62544
--- /dev/null
+++ b/tests/config/schema/60ipaconfig.ldif
@@ -0,0 +1 @@
+/home/nalin/projects/freeipa/install/share/60ipaconfig.ldif
\ No newline at end of file
diff --git a/tests/config/schema/60kerberos.ldif b/tests/config/schema/60kerberos.ldif
new file mode 100644
index 0000000..7172351
--- /dev/null
+++ b/tests/config/schema/60kerberos.ldif
@@ -0,0 +1,458 @@
+# This is a variation on kerberos.ldif which Fedora Directory Server will like.
+dn: cn=schema
+# Novell Kerberos Schema Definitions
+# Novell Inc.
+# 1800 South Novell Place
+# Provo, UT 84606
+#
+# VeRsIoN=1.0
+# CoPyRiGhT=(c) Copyright 2006, Novell, Inc.  All rights reserved
+#
+# OIDs:
+#    joint-iso-ccitt(2)
+#      country(16)
+#        us(840)
+#          organization(1)
+#            Novell(113719)
+#              applications(1)
+#                kerberos(301)
+#                 Kerberos Attribute Type(4) attr# version#
+#                    specific attribute definitions
+#                 Kerberos Attribute Syntax(5)
+#                    specific syntax definitions
+#                 Kerberos Object Class(6) class# version#
+#                    specific class definitions
+########################################################################
+########################################################################
+# 		      Attribute Type Definitions                       #
+########################################################################
+##### This is the principal name in the RFC 1964 specified format
+attributetypes: ( 2.16.840.1.113719.1.301.4.1.1
+                NAME 'krbPrincipalName'
+                EQUALITY caseExactIA5Match
+		SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+##### This specifies the type of the principal, the types could be any of
+##### the types mentioned in section 6.2 of RFC 4120
+attributetypes: ( 2.16.840.1.113719.1.301.4.3.1
+                NAME 'krbPrincipalType'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+##### This flag is used to find whether directory User Password has to be used
+##### as kerberos password.
+##### TRUE, if User Password is to be used as the kerberos password.
+##### FALSE, if User Password and the kerberos password are different.
+attributetypes: ( 2.16.840.1.113719.1.301.4.5.1
+                NAME 'krbUPEnabled'
+                DESC 'Boolean'
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+                SINGLE-VALUE)
+##### The time at which the principal expires
+attributetypes: ( 2.16.840.1.113719.1.301.4.6.1
+                NAME 'krbPrincipalExpiration'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+##### The krbTicketFlags attribute holds information about the kerberos flags for a principal
+##### The values (0x00000001 - 0x00800000) are reserved for standards and 
+##### values (0x01000000 - 0x80000000) can be used for proprietary extensions.
+##### The flags and values as per RFC 4120 and MIT implementation are,
+##### DISALLOW_POSTDATED	0x00000001
+##### DISALLOW_FORWARDABLE	0x00000002
+##### DISALLOW_TGT_BASED        0x00000004
+##### DISALLOW_RENEWABLE        0x00000008
+##### DISALLOW_PROXIABLE        0x00000010
+##### DISALLOW_DUP_SKEY         0x00000020
+##### DISALLOW_ALL_TIX          0x00000040
+##### REQUIRES_PRE_AUTH         0x00000080
+##### REQUIRES_HW_AUTH          0x00000100
+##### REQUIRES_PWCHANGE         0x00000200
+##### DISALLOW_SVR              0x00001000
+##### PWCHANGE_SERVICE          0x00002000
+attributetypes: ( 2.16.840.1.113719.1.301.4.8.1
+                NAME 'krbTicketFlags'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+##### The maximum ticket lifetime for a principal in seconds
+attributetypes: ( 2.16.840.1.113719.1.301.4.9.1
+                NAME 'krbMaxTicketLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+##### Maximum renewable lifetime for a principal's ticket in seconds
+attributetypes: ( 2.16.840.1.113719.1.301.4.10.1
+                NAME 'krbMaxRenewableAge'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+##### Forward reference to the Realm object.
+##### (FDN of the krbRealmContainer object).
+##### Example:   cn=ACME.COM, cn=Kerberos, cn=Security
+attributetypes: ( 2.16.840.1.113719.1.301.4.14.1
+                NAME 'krbRealmReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### List of LDAP servers that kerberos servers can contact.
+##### The attribute holds data in the ldap uri format,
+##### Example: ldaps://acme.com:636
+#####
+##### The values of this attribute need to be updated, when
+##### the LDAP servers listed here are renamed, moved or deleted.
+attributetypes: ( 2.16.840.1.113719.1.301.4.15.1
+                NAME 'krbLdapServers'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+##### A set of forward references to the KDC Service objects.
+##### (FDNs of the krbKdcService objects).
+##### Example:   cn=kdc - server 1, ou=uvw, o=xyz
+attributetypes: ( 2.16.840.1.113719.1.301.4.17.1
+                NAME 'krbKdcServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### A set of forward references to the Password Service objects.
+##### (FDNs of the krbPwdService objects).
+##### Example:   cn=kpasswdd - server 1, ou=uvw, o=xyz
+attributetypes: ( 2.16.840.1.113719.1.301.4.18.1
+                NAME 'krbPwdServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### This attribute holds the Host Name or the ip address, 
+##### transport protocol and ports of the kerberos service host
+##### The format is host_name-or-ip_address#protocol#port
+##### Protocol can be 0 or 1. 0 is for UDP. 1 is for TCP.
+attributetypes: ( 2.16.840.1.113719.1.301.4.24.1
+                NAME 'krbHostServer'
+                EQUALITY caseExactIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+##### This attribute holds the scope for searching the principals
+##### under krbSubTree attribute of krbRealmContainer
+##### The value can either be 1 (ONE) or 2 (SUB_TREE).
+attributetypes: ( 2.16.840.1.113719.1.301.4.25.1
+                NAME 'krbSearchScope'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+##### FDNs pointing to Kerberos principals
+attributetypes: ( 2.16.840.1.113719.1.301.4.26.1
+                NAME 'krbPrincipalReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### This attribute specifies which attribute of the user objects  
+##### be used as the principal name component for Kerberos.
+##### The allowed values are cn, sn, uid, givenname, fullname.
+attributetypes: ( 2.16.840.1.113719.1.301.4.28.1
+                NAME 'krbPrincNamingAttr'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+                SINGLE-VALUE)
+##### A set of forward references to the Administration Service objects.
+##### (FDNs of the krbAdmService objects).
+##### Example:   cn=kadmindd - server 1, ou=uvw, o=xyz
+attributetypes: ( 2.16.840.1.113719.1.301.4.29.1
+                NAME 'krbAdmServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### Maximum lifetime of a principal's password
+attributetypes: ( 2.16.840.1.113719.1.301.4.30.1
+                NAME 'krbMaxPwdLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+##### Minimum lifetime of a principal's password
+attributetypes: ( 2.16.840.1.113719.1.301.4.31.1
+                NAME 'krbMinPwdLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+##### Minimum number of character clases allowed in a password
+attributetypes: ( 2.16.840.1.113719.1.301.4.32.1
+                NAME 'krbPwdMinDiffChars' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+##### Minimum length of the password
+attributetypes: ( 2.16.840.1.113719.1.301.4.33.1
+                NAME 'krbPwdMinLength' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+##### Number of previous versions of passwords that are stored
+attributetypes: ( 2.16.840.1.113719.1.301.4.34.1
+                NAME 'krbPwdHistoryLength' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+##### FDN pointing to a Kerberos Password Policy object
+attributetypes: ( 2.16.840.1.113719.1.301.4.36.1
+                NAME 'krbPwdPolicyReference'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+                SINGLE-VALUE)
+##### The time at which the principal's password expires
+attributetypes: ( 2.16.840.1.113719.1.301.4.37.1
+                NAME 'krbPasswordExpiration'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+##### This attribute holds the principal's key (krbPrincipalKey) that is encrypted with
+##### the master key (krbMKey). 
+##### The attribute is ASN.1 encoded.
+#####
+##### The format of the value for this attribute is explained below,
+##### KrbKeySet ::= SEQUENCE {
+##### attribute-major-vno       [0] UInt16,
+##### attribute-minor-vno       [1] UInt16,
+##### kvno                      [2] UInt32,
+##### mkvno                     [3] UInt32 OPTIONAL,
+##### keys                      [4] SEQUENCE OF KrbKey,
+##### ...
+##### }
+#####
+##### KrbKey ::= SEQUENCE {
+##### salt      [0] KrbSalt OPTIONAL,
+##### key       [1] EncryptionKey,
+##### s2kparams [2] OCTET STRING OPTIONAL,
+##### ...
+##### }
+#####
+##### KrbSalt ::= SEQUENCE {
+##### type      [0] Int32,
+##### salt      [1] OCTET STRING OPTIONAL
+##### }
+#####
+##### EncryptionKey ::= SEQUENCE {
+##### keytype   [0] Int32,
+##### keyvalue  [1] OCTET STRING
+##### }
+attributetypes: ( 2.16.840.1.113719.1.301.4.39.1
+                NAME 'krbPrincipalKey'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+##### FDN pointing to a Kerberos Ticket Policy object.
+attributetypes: ( 2.16.840.1.113719.1.301.4.40.1
+                NAME 'krbTicketPolicyReference'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+                SINGLE-VALUE)
+##### Forward reference to an entry that starts sub-trees
+##### where principals and other kerberos objects in the realm are configured.
+##### Example:   ou=acme, ou=pq, o=xyz
+attributetypes: ( 2.16.840.1.113719.1.301.4.41.1
+                NAME 'krbSubTrees'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### Holds the default encryption/salt type combinations of principals for
+##### the Realm. Stores in the form of key:salt strings.
+##### Example: des-cbc-crc:normal
+attributetypes: ( 2.16.840.1.113719.1.301.4.42.1
+                NAME 'krbDefaultEncSaltTypes'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+##### Holds the Supported encryption/salt type combinations of principals for
+##### the Realm. Stores in the form of key:salt strings.
+##### The supported encryption types are mentioned in RFC 3961
+##### The supported salt types are,
+##### NORMAL          
+##### V4              
+##### NOREALM         
+##### ONLYREALM       
+##### SPECIAL         
+##### AFS3            
+##### Example: des-cbc-crc:normal
+#####
+##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
+##### attributes.
+attributetypes: ( 2.16.840.1.113719.1.301.4.43.1
+                NAME 'krbSupportedEncSaltTypes'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+##### This attribute holds the principal's old keys (krbPwdHistory) that is encrypted with
+##### the kadmin/history key.
+##### The attribute is ASN.1 encoded.
+#####
+##### The format of the value for this attribute is explained below,
+##### KrbKeySet ::= SEQUENCE {
+##### attribute-major-vno       [0] UInt16,
+##### attribute-minor-vno       [1] UInt16,
+##### kvno                      [2] UInt32,
+##### mkvno                     [3] UInt32 OPTIONAL -- actually kadmin/history key,
+##### keys                      [4] SEQUENCE OF KrbKey,
+##### ...
+##### }
+#####
+##### KrbKey ::= SEQUENCE {
+##### salt      [0] KrbSalt OPTIONAL,
+##### key       [1] EncryptionKey,
+##### s2kparams [2] OCTET STRING OPTIONAL,
+##### ...
+##### }
+#####
+##### KrbSalt ::= SEQUENCE {
+##### type      [0] Int32,
+##### salt      [1] OCTET STRING OPTIONAL
+##### }
+#####
+##### EncryptionKey ::= SEQUENCE {
+##### keytype   [0] Int32,
+##### keyvalue  [1] OCTET STRING
+##### }
+attributetypes: ( 2.16.840.1.113719.1.301.4.44.1
+                NAME 'krbPwdHistory'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+##### The time at which the principal's password last password change happened.
+attributetypes: ( 2.16.840.1.113719.1.301.4.45.1
+                NAME 'krbLastPwdChange'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+##### This attribute holds the kerberos master key.
+##### This can be used to encrypt principal keys. 
+##### This attribute has to be secured in directory.
+#####
+##### This attribute is ASN.1 encoded.
+##### The format of the value for this attribute is explained below,
+##### KrbMKey ::= SEQUENCE {
+##### kvno    [0] UInt32,
+##### key     [1] MasterKey
+##### }
+#####
+##### MasterKey ::= SEQUENCE {
+##### keytype         [0] Int32,
+##### keyvalue        [1] OCTET STRING
+##### }
+attributetypes: ( 2.16.840.1.113719.1.301.4.46.1
+                NAME 'krbMKey'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+##### This stores the alternate principal names for the principal in the RFC 1961 specified format
+attributetypes: ( 2.16.840.1.113719.1.301.4.47.1
+                NAME 'krbPrincipalAliases'
+                EQUALITY caseExactIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+##### The time at which the principal's last successful authentication happened.
+attributetypes: ( 2.16.840.1.113719.1.301.4.48.1
+                NAME 'krbLastSuccessfulAuth'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+##### The time at which the principal's last failed authentication happened.
+attributetypes: ( 2.16.840.1.113719.1.301.4.49.1
+                NAME 'krbLastFailedAuth'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+##### This attribute stores the number of failed authentication attempts
+##### happened for the principal since the last successful authentication.
+attributetypes: ( 2.16.840.1.113719.1.301.4.50.1
+                NAME 'krbLoginFailedCount' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+##### This attribute holds the application specific data.
+attributetypes: ( 2.16.840.1.113719.1.301.4.51.1
+                NAME 'krbExtraData'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+##### This attributes holds references to the set of directory objects.
+##### This stores the DNs of the directory objects to which the 
+##### principal object belongs to.
+attributetypes: ( 2.16.840.1.113719.1.301.4.52.1
+                NAME 'krbObjectReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+##### This attribute holds references to a Container object where 
+##### the additional principal objects and stand alone principal 
+##### objects (krbPrincipal) can be created.
+attributetypes: ( 2.16.840.1.113719.1.301.4.53.1
+                NAME 'krbPrincContainerRef'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+########################################################################
+########################################################################
+# 		        Object Class Definitions                       #
+########################################################################
+#### This is a kerberos container for all the realms in a tree.
+objectClasses: ( 2.16.840.1.113719.1.301.6.1.1
+                NAME 'krbContainer'
+                SUP top
+                MUST ( cn ) )
+##### The krbRealmContainer is created per realm and holds realm specific data.
+objectClasses: ( 2.16.840.1.113719.1.301.6.2.1
+                NAME 'krbRealmContainer'
+                SUP top
+                MUST ( cn )
+                MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $krbPwdPolicyReference $ krbPrincContainerRef ) )
+##### An instance of a class derived from krbService is created per
+##### kerberos authentication or administration server in an realm and holds
+##### references to the realm objects. These references is used to further read
+##### realm specific data to service AS/TGS requests. Additionally this object
+##### contains some server specific data like pathnames and ports that the
+##### server uses. This is the identity the kerberos server logs in with. A key
+##### pair for the same is created and the kerberos server logs in with the same.
+#####
+##### krbKdcService, krbAdmService and krbPwdService derive from this class.
+objectClasses: ( 2.16.840.1.113719.1.301.6.3.1
+                NAME 'krbService'
+                ABSTRACT
+                SUP ( top )
+                MUST ( cn )
+                MAY ( krbHostServer $ krbRealmReferences ) )
+##### Representative object for the KDC server to bind into a LDAP directory
+##### and have a connection to access Kerberos data with the required 
+##### access rights.
+objectClasses: ( 2.16.840.1.113719.1.301.6.4.1
+                NAME 'krbKdcService'
+                SUP ( krbService ) )
+##### Representative object for the Kerberos Password server to bind into a LDAP directory
+##### and have a connection to access Kerberos data with the required
+##### access rights.
+objectClasses: ( 2.16.840.1.113719.1.301.6.5.1
+                NAME 'krbPwdService'
+                SUP ( krbService ) )
+###### The principal data auxiliary class. Holds principal information
+###### and is used to store principal information for Person, Service objects.
+objectClasses: ( 2.16.840.1.113719.1.301.6.8.1
+                NAME 'krbPrincipalAux'
+                AUXILIARY
+                MAY ( krbPrincipalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) )
+###### This class is used to create additional principals and stand alone principals.
+objectClasses: ( 2.16.840.1.113719.1.301.6.9.1
+                NAME 'krbPrincipal'
+                SUP ( top )
+                MUST ( krbPrincipalName )
+		MAY ( krbObjectReferences ) )
+###### The principal references auxiliary class. Holds all principals referred
+###### from a service
+objectClasses: ( 2.16.840.1.113719.1.301.6.11.1
+                NAME 'krbPrincRefAux'
+                SUP top
+                AUXILIARY
+                MAY krbPrincipalReferences )
+##### Representative object for the Kerberos Administration server to bind into a LDAP directory
+##### and have a connection Id to access Kerberos data with the required access rights.
+objectClasses: ( 2.16.840.1.113719.1.301.6.13.1
+                NAME 'krbAdmService'
+                SUP ( krbService ) )
+##### The krbPwdPolicy object is a template password policy that 
+##### can be applied to principals when they are created. 
+##### These policy attributes will be in effect, when the Kerberos
+##### passwords are different from users' passwords (UP).
+objectClasses: ( 2.16.840.1.113719.1.301.6.14.1
+                NAME 'krbPwdPolicy' 
+                SUP top
+                MUST ( cn )
+                MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength ) )
+##### The krbTicketPolicyAux holds Kerberos ticket policy attributes.
+##### This class can be attached to a principal object or realm object.
+objectClasses: ( 2.16.840.1.113719.1.301.6.16.1
+                NAME 'krbTicketPolicyAux'
+                AUXILIARY
+                MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) )
+##### The krbTicketPolicy object is an effective ticket policy that is associated with a realm or a principal
+objectClasses: ( 2.16.840.1.113719.1.301.6.17.1
+                NAME 'krbTicketPolicy'
+                SUP top
+                MUST ( cn ) )
diff --git a/tests/config/schema/60policyv2.ldif b/tests/config/schema/60policyv2.ldif
new file mode 120000
index 0000000..e2c9ac3
--- /dev/null
+++ b/tests/config/schema/60policyv2.ldif
@@ -0,0 +1 @@
+/home/nalin/projects/freeipa/install/share/60policyv2.ldif
\ No newline at end of file
diff --git a/tests/config/schema/60radius.ldif b/tests/config/schema/60radius.ldif
new file mode 120000
index 0000000..4483909
--- /dev/null
+++ b/tests/config/schema/60radius.ldif
@@ -0,0 +1 @@
+/home/nalin/projects/freeipa/install/share/60radius.ldif
\ No newline at end of file