ÿØÿà JFIF 

  
 
  ÿÛ „ 
 !.%+&8&+/1555$;@;4?.451
4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á
" 

ÿÄ   



           
 ÿÄ ? 
    
 !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ 
 

             
ÿÄ ! 
 
 
       
!1QAa‘2ÿÚ 
  ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô…
Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•
oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^   mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|
íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk
w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀ
Ê•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî
^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~•îëÔ©ª‹
{ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm
ºèËL9 ýè
Æð/¨’¥öo=nË.%Îì   ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È    ¦
øÄër¨q°ð
†nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y•ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@<u %Ü6ÓtIÌpÓr»söfeÁ0O…­´Kƒ&ñ™\©<+,~)‹
ºHÐ*×µ&†ž‘Æ÷ÚŸ
1ßjC5Oh´‡›

Ø×ë æâ“Þà

ÒT]§n{ºöB³ ¦ ̹Â8Êï¦MÉ<„¨s¹¶ì7Ì”æR$Ncà! /éþäRM÷Gƒ¿É$
¦oà>%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ  kÇR
]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ
{L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/
"uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ°.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ
Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû
|ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß
.W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø
Y­ˆÜŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„
·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ 
q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ  !±ù²Ápü²
ß6
0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾
ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„eS‡&õÏ
B!ŽhüÞ`yj}mªf×\¿
Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm°
c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼
ò|Sl”‹7 nPW

Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ß
ð
³ñ#Ï Ô$¶œ‰ÊE‹À;÷º
¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0
$íWV3Üì¬
—@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛæF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U
ÖéQå™—-r    wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’
;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô
J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´Ç•€’I0 É<mÆÈJoúáõóQâØòÙaÙt:  ·=|Ôaz]a1cÉŸ1
4˜à3΍}GFøí7/B«vεŕL=Ðr1ÕšnwH›óÞ¢ºö{)´4€æZç^ÿ yÑ:_([¿ipqQÊ^âÆe;»½“¦º|¢ÀTçèrú1”óTÃ’u¦CG¤ ¡
Š­7ë

·i“¿z»n
ö¼±ù^ö<‹çu7¸ÈlvZðÛAUXje•
dLÞH ÚosÇr`È™‡pÊeÇ4@x7´)ö†Ótœ~i‘Ï[x@äUÃæ­m·e´x
°t¸·²5'žªža   =ÖÌåzϘ'-´ˆpž3§ò‡k  Ý'‰ýÑï¦3ºdè“{eiÔõNkîšECEΠ¥ÃT9ãqÃâŸîɐ8z \?€    >JX` 
ñ¹õ%;µŸD‘«´€àwÒ™UûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞøƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC
p¢Ûúy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ
kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ
nFê{Ç€ü?º'ë
ø‹ì
Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ
¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC`  ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo
™`  
ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç—
‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò
}y-W}™üýVù—ú¢=Ù”c®‘< M ž
´Phr¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò
v  ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb)  kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE-j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–ø<K\%¦cÏÄ#N,Úú‘¤òÒÛõ ’¶§‰Ì
ú•dçb31Ð\7‡ëÚw82
‰KÝkÚñ'¢Ž…[&¼ÌAÔzHàP *اoßreÁY¥Ñ¾ãE|&QbKg]ã„þê*b;R³Öi‹  ±î$£ÈTm¶k÷ˆ
¦»Ù¹i¦¨6 h%Á'Ú
J   \F±â+‹b/Å9ñå5Àë­nˆRv«¯#„&î„$º’@:‘Ôrø+,àq‘秬*Úg´>µFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[
‡
uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù
--,ísòDØ€èk   ÞÀîÜò@â(  ËNˆë›4ô½•/¦o‡€Û7
ê•ÆêòðÜy
'Án½µ á˜ݦ  ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{
€\
ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ
û”
Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê†«À¼
¸e9­Æê_C]žƒ·ý·frÁN«,E=›Çq
-‰öŒ:aÏ¿±í&£Í:-}
84‘ÿ eƒQÑeëSsuiA
³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ]
F Ô—r.åä˜@ö¥ªZoÐýYL·¥S²G/‡ñ
<~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$  ‰"°   æµ8cXGjœˏ¡Aâý•ËÜ¢ûïe·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ>
S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º¢Æ'¥Ðx'e¬ç
]bÈÆV¢ó‹kýBO
ðÊâ$Ÿ!×T
3Mýמ
žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y;
M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg
î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO
EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@
&îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5;e­h<@
Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢|
óLšò¥Ä`
¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí
ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuYw³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À 
n
Ý
‡¼Ö8Fö   óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z    È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ<n^Àïe€Þgn¹”ÜiQê
9Ú±‡„è]ËA¿‚MJìiÓxŒn-ÄS6!ÓæÑû*jÎWøìšÇ뙦gj~+?\,Ö7ÁÕÊ”G™q6TF)óCç<ÓšÂUé†gW=àà“hóR³ÊQì<!÷ÇpR1¯u„De,è­vvâDß~žHå‰ú£Kìní¢ÐçÅÄÅ¥Ü÷
±ÃìÇžûƒz\þÞ¨-•‹
€

¸+¶n¿^
?†[ÖWóÒX¸,0Ø:l?‰Âý«ÿ ·Dc+fÔ[ƒ›ûªšx«kæž1KI…<#'nž¶\±íÎ8¤ìK@’@J¥v)º[Ž±Æå´¼
½Ý¡ç¯ÐO¥ø®è•Óȱ߿wša©“œt‡4îyªœ&+1ÏØ:‚æƒ=/ꎔ`hm
“=©‹]°g}ì€DgUƒ8¤qCˆãáÅ,‡Ô¬ñ10HÑDÂbáÂÿ Œ»v·:uòB6»áp‰>°<×EA!Å‚D™IúOÍ
¡>ôG}Â`ÍßkÜL™Ž  Þð™
{IøF²
¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€
77ˆÝ¼ÊëÜw   =cÕ
Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤
ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜
™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸
Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL
œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º
×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì 
ì&(ˆ¿­•ƒkï’:ðY¦W‘Å)“†‘˜³Åtcø˜ñTÂwÚÇ4
|üLÇªí–v-
qˆèU
qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž|ãw;ÀÁIJ»b`
{¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG   m¤
ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK`hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP
|PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @
G‰¬ s¸    ëÉücr ÞæѨÊ@>¤¢Ö±.Þ'¯°ÌME[YéïĵÂCå½
Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”
빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢
Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾
á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ]R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß
¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ 
àfPìð  .wFšir´þ’2_Y
*Æ€x\«
ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1    2Ž‰$€$I$#‰SÞ’H
ë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ(*
Module: Test_Nslcd
  Provides unit tests and examples for the <Nslcd> lens.
*)

module Test_nslcd =

let real_file = "# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# Specifies the number of threads to start that can handle requests and perform LDAP queries.
threads 5

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# This option controls the way logging is done.
log syslog info

# The location at which the LDAP server(s) should be reachable.
uri ldaps://XXX.XXX.XXX ldaps://YYY.YYY.YYY

# The search base that will be used for all queries.
base dc=XXX,dc=XXX

# The LDAP protocol version to use.
ldap_version 3

# The DN to bind with for normal lookups.
binddn cn=annonymous,dc=example,dc=net
bindpw secret


# The DN used for password modifications by root.
rootpwmoddn cn=admin,dc=example,dc=com

# The password used for password modifications by root.
rootpwmodpw XXXXXX


# SASL authentication options
sasl_mech OTP
sasl_realm realm
sasl_authcid authcid
sasl_authzid dn:cn=annonymous,dc=example,dc=net
sasl_secprops noanonymous,noplain,minssf=0,maxssf=2,maxbufsize=65535
sasl_canonicalize yes

# Kerberos authentication options
krb5_ccname ccname

# Search/mapping options

# Specifies the base distinguished name (DN) to use as search base.
base dc=people,dc=example,dc=com
base dc=morepeople,dc=example,dc=com
base alias dc=aliases,dc=example,dc=com
base alias dc=morealiases,dc=example,dc=com
base group dc=group,dc=example,dc=com
base group dc=moregroup,dc=example,dc=com
base passwd dc=users,dc=example,dc=com

# Specifies the search scope (subtree, onelevel, base or children).
scope sub
scope passwd sub
scope aliases sub

# Specifies the policy for dereferencing aliases.
deref never

# Specifies whether automatic referral chasing should be enabled.
referrals yes

# The FILTER is an LDAP search filter to use for a specific map.
filter group (objectClass=posixGroup)

# This option allows for custom attributes to be looked up instead of the default RFC 2307 attributes.
map passwd homeDirectory \"${homeDirectory:-/home/$uid}\"
map passwd loginShell \"${loginShell:-/bin/bash}\"
map shadow userPassword myPassword

# Timing/reconnect options

# Specifies the time limit (in seconds) to use when connecting to the directory server.
bind_timelimit 30

# Specifies the time limit (in seconds) to wait for a response from the LDAP server.
timelimit 5

# Specifies the period if inactivity (in seconds) after which the connection to the LDAP server will be closed.
idle_timelimit 10

# Specifies the number of seconds to sleep when connecting to all LDAP servers fails.
reconnect_sleeptime 10

# Specifies the time after which the LDAP server is considered to be permanently unavailable.
reconnect_retrytime 10

# SSL/TLS options

# Specifies whether to use SSL/TLS or not (the default is not to).
ssl start_tls
# Specifies what checks to perform on a server-supplied certificate.
tls_reqcert never
# Specifies the directory containing X.509 certificates for peer authentication.
tls_cacertdir /etc/ssl/ca
# Specifies the path to the X.509 certificate for peer authentication.
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# Specifies the path to an entropy source.
tls_randfile /dev/random
# Specifies the ciphers to use for TLS.
tls_ciphers TLSv1
# Specifies the path to the file containing the local certificate for client TLS authentication.
tls_cert /etc/ssl/certs/cert.pem
# Specifies the path to the file containing the private key for client TLS authentication.
tls_key /etc/ssl/private/cert.pem

# Other options
pagesize 100
nss_initgroups_ignoreusers user1,user2,user3
nss_min_uid 1000
nss_nested_groups yes
nss_getgrent_skipmembers yes
nss_disable_enumeration yes
validnames /^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i
ignorecase yes
pam_authc_ppolicy yes
pam_authz_search (&(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*))))
pam_password_prohibit_message \"MESSAGE LONG AND WITH SPACES\"
reconnect_invalidate nfsidmap,db2,db3
cache dn2uid 1s 2h

"

test Nslcd.lns get real_file =
 { "#comment" = "/etc/nslcd.conf" }
  { "#comment" = "nslcd configuration file. See nslcd.conf(5)" }
  { "#comment" = "for details." }
  {  }
  { "#comment" = "Specifies the number of threads to start that can handle requests and perform LDAP queries." }
  { "threads" = "5" }
  {  }
  { "#comment" = "The user and group nslcd should run as." }
  { "uid" = "nslcd" }
  { "gid" = "nslcd" }
  {  }
  { "#comment" = "This option controls the way logging is done." }
  { "log" = "syslog info" }
  {  }
  { "#comment" = "The location at which the LDAP server(s) should be reachable." }
  { "uri"
    { "1" = "ldaps://XXX.XXX.XXX" }
    { "2" = "ldaps://YYY.YYY.YYY" }
  }
  {  }
  { "#comment" = "The search base that will be used for all queries." }
  { "base" = "dc=XXX,dc=XXX" }
  {  }
  { "#comment" = "The LDAP protocol version to use." }
  { "ldap_version" = "3" }
  {  }
  { "#comment" = "The DN to bind with for normal lookups." }
  { "binddn" = "cn=annonymous,dc=example,dc=net" }
  { "bindpw" = "secret" }
  {  }
  {  }
  { "#comment" = "The DN used for password modifications by root." }
  { "rootpwmoddn" = "cn=admin,dc=example,dc=com" }
  {  }
  { "#comment" = "The password used for password modifications by root." }
  { "rootpwmodpw" = "XXXXXX" }
  {  }
  {  }
  { "#comment" = "SASL authentication options" }
  { "sasl_mech" = "OTP" }
  { "sasl_realm" = "realm" }
  { "sasl_authcid" = "authcid" }
  { "sasl_authzid" = "dn:cn=annonymous,dc=example,dc=net" }
  { "sasl_secprops" = "noanonymous,noplain,minssf=0,maxssf=2,maxbufsize=65535" }
  { "sasl_canonicalize" = "yes" }
  {  }
  { "#comment" = "Kerberos authentication options" }
  { "krb5_ccname" = "ccname" }
  {  }
  { "#comment" = "Search/mapping options" }
  {  }
  { "#comment" = "Specifies the base distinguished name (DN) to use as search base." }
  { "base" = "dc=people,dc=example,dc=com" }
  { "base" = "dc=morepeople,dc=example,dc=com" }
  { "base"
    { "alias" = "dc=aliases,dc=example,dc=com" }
  }
  { "base"
    { "alias" = "dc=morealiases,dc=example,dc=com" }
  }
  { "base"
    { "group" = "dc=group,dc=example,dc=com" }
  }
  { "base"
    { "group" = "dc=moregroup,dc=example,dc=com" }
  }
  { "base"
    { "passwd" = "dc=users,dc=example,dc=com" }
  }
  {  }
  { "#comment" = "Specifies the search scope (subtree, onelevel, base or children)." }
  { "scope" = "sub" }
  { "scope"
    { "passwd" = "sub" }
  }
  { "scope"
    { "aliases" = "sub" }
  }
  {  }
  { "#comment" = "Specifies the policy for dereferencing aliases." }
  { "deref" = "never" }
  {  }
  { "#comment" = "Specifies whether automatic referral chasing should be enabled." }
  { "referrals" = "yes" }
  {  }
  { "#comment" = "The FILTER is an LDAP search filter to use for a specific map." }
  { "filter"
    { "group" = "(objectClass=posixGroup)" }
  }
  {  }
  { "#comment" = "This option allows for custom attributes to be looked up instead of the default RFC 2307 attributes." }
  { "map"
    { "passwd"
      { "homeDirectory" = "\"${homeDirectory:-/home/$uid}\"" }
    }
  }
  { "map"
    { "passwd"
      { "loginShell" = "\"${loginShell:-/bin/bash}\"" }
    }
  }
  { "map"
    { "shadow"
      { "userPassword" = "myPassword" }
    }
  }
  {  }
  { "#comment" = "Timing/reconnect options" }
  {  }
  { "#comment" = "Specifies the time limit (in seconds) to use when connecting to the directory server." }
  { "bind_timelimit" = "30" }
  {  }
  { "#comment" = "Specifies the time limit (in seconds) to wait for a response from the LDAP server." }
  { "timelimit" = "5" }
  {  }
  { "#comment" = "Specifies the period if inactivity (in seconds) after which the connection to the LDAP server will be closed." }
  { "idle_timelimit" = "10" }
  {  }
  { "#comment" = "Specifies the number of seconds to sleep when connecting to all LDAP servers fails." }
  { "reconnect_sleeptime" = "10" }
  {  }
  { "#comment" = "Specifies the time after which the LDAP server is considered to be permanently unavailable." }
  { "reconnect_retrytime" = "10" }
  {  }
  { "#comment" = "SSL/TLS options" }
  {  }
  { "#comment" = "Specifies whether to use SSL/TLS or not (the default is not to)." }
  { "ssl" = "start_tls" }
  { "#comment" = "Specifies what checks to perform on a server-supplied certificate." }
  { "tls_reqcert" = "never" }
  { "#comment" = "Specifies the directory containing X.509 certificates for peer authentication." }
  { "tls_cacertdir" = "/etc/ssl/ca" }
  { "#comment" = "Specifies the path to the X.509 certificate for peer authentication." }
  { "tls_cacertfile" = "/etc/ssl/certs/ca-certificates.crt" }
  { "#comment" = "Specifies the path to an entropy source." }
  { "tls_randfile" = "/dev/random" }
  { "#comment" = "Specifies the ciphers to use for TLS." }
  { "tls_ciphers" = "TLSv1" }
  { "#comment" = "Specifies the path to the file containing the local certificate for client TLS authentication." }
  { "tls_cert" = "/etc/ssl/certs/cert.pem" }
  { "#comment" = "Specifies the path to the file containing the private key for client TLS authentication." }
  { "tls_key" = "/etc/ssl/private/cert.pem" }
  {  }
  { "#comment" = "Other options" }
  { "pagesize" = "100" }
  { "nss_initgroups_ignoreusers"
    { "1" =  "user1" }
    { "2" =  "user2" }
    { "3" =  "user3" }
  }
  { "nss_min_uid" = "1000" }
  { "nss_nested_groups" = "yes" }
  { "nss_getgrent_skipmembers" = "yes" }
  { "nss_disable_enumeration" = "yes" }
  { "validnames" = "/^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@$()~-])?$/i" }
  { "ignorecase" = "yes" }
  { "pam_authc_ppolicy" = "yes" }
  { "pam_authz_search" = "(&(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*))))" }
  { "pam_password_prohibit_message" = "MESSAGE LONG AND WITH SPACES" }
  { "reconnect_invalidate" = "nfsidmap,db2,db3" }
  { "cache" = "dn2uid 1s 2h" }
  {  }
(* Test writes *)

(* Test a simple parameter *)
test Nslcd.lns put "pagesize 9999\n" after
   set "/pagesize" "1000" =
   "pagesize 1000\n"

(* Test base parameter *)
test Nslcd.lns put "\n" after
   set "/base" "dc=example,dc=com" =
   "\nbase dc=example,dc=com\n"

test Nslcd.lns put "base dc=change,dc=me\n" after
   set "/base" "dc=example,dc=com" =
   "base dc=example,dc=com\n"

test Nslcd.lns put "\n" after
   set "/base/passwd" "dc=example,dc=com" =
   "\nbase passwd dc=example,dc=com\n"

test Nslcd.lns put "base passwd dc=change,dc=me\n" after
   set "/base[passwd]/passwd" "dc=example,dc=com";
   set "/base[shadow]/shadow" "dc=example,dc=com" =
   "base passwd dc=example,dc=com\nbase shadow dc=example,dc=com\n"

(* Test scope entry *)
test Nslcd.lns put "\n" after
   set "/scope" "sub" =
   "\nscope sub\n"

test Nslcd.lns put "scope one\n" after
   set "/scope" "subtree" =
   "scope subtree\n"

test Nslcd.lns put "\n" after
   set "/scope/passwd" "base" =
   "\nscope passwd base\n"

test Nslcd.lns put "scope shadow onelevel\n" after
   set "/scope[passwd]/passwd" "subtree";
   set "/scope[shadow]/shadow" "base" =
   "scope shadow base\nscope passwd subtree\n"

(* Test filter entry *)
test Nslcd.lns put "\n" after
   set "/filter/passwd" "(objectClass=posixAccount)" =
   "\nfilter passwd (objectClass=posixAccount)\n"

test Nslcd.lns put "filter shadow (objectClass=posixAccount)\n" after
   set "/filter[passwd]/passwd" "(objectClass=Account)";
   set "/filter[shadow]/shadow" "(objectClass=Account)" =
   "filter shadow (objectClass=Account)\nfilter passwd (objectClass=Account)\n"

(* Test map entry *)
test Nslcd.lns put "map passwd loginShell ab\n" after
   set "/map/passwd/loginShell" "bc" =
   "map passwd loginShell bc\n"

test Nslcd.lns put "map passwd loginShell ab\n" after
   set "/map[2]/passwd/homeDirectory" "bc" =
   "map passwd loginShell ab\nmap passwd homeDirectory bc\n"

test Nslcd.lns put "map passwd loginShell ab\n" after
   set "/map[passwd/homeDirectory]/passwd/homeDirectory" "bc" =
   "map passwd loginShell ab\nmap passwd homeDirectory bc\n"

test Nslcd.lns put "map passwd loginShell ab\nmap passwd homeDirectory ab\n" after
   set "/map[passwd/homeDirectory]/passwd/homeDirectory" "bc" =
   "map passwd loginShell ab\nmap passwd homeDirectory bc\n"


(* Test simple entries *)
let simple = "uid nslcd\n"

test Nslcd.lns get simple =
{ "uid" = "nslcd" }

(* Test simple entries with spaces at the end *)
let simple_spaces = "uid nslcd   \n"

test Nslcd.lns get simple_spaces =
{ "uid" = "nslcd" }

(* Test multi valued entries *)

let multi_valued = "cache 1 2    \n"

test Nslcd.lns get multi_valued =
{ "cache" = "1 2" }

let multi_valued_real = "map passwd homeDirectory ${homeDirectory:-/home/$uid}\n"

test Nslcd.lns get multi_valued_real =
{ "map"
  { "passwd"
    { "homeDirectory" = "${homeDirectory:-/home/$uid}" }
  }
}

(* Test multiline *)

let simple_multiline = "uid nslcd\ngid nslcd\n"

test Nslcd.lns get simple_multiline =
{"uid" = "nslcd"}
{"gid" = "nslcd"}


let multiline_separators  = "\n\n  \nuid nslcd    \ngid nslcd          \n"

test Nslcd.lns get multiline_separators =
{}
{}
{}
{"uid" = "nslcd"}
{"gid" = "nslcd"}