From yzaslavs at redhat.com Mon Mar 18 04:09:35 2013 Content-Type: multipart/mixed; boundary="===============2678596451605628234==" MIME-Version: 1.0 From: Yair Zaslavsky To: users at ovirt.org Subject: Re: [Users] ldap simple Date: Mon, 18 Mar 2013 04:09:31 -0400 Message-ID: <357546066.8850428.1363594171898.JavaMail.root@redhat.com> In-Reply-To: 5146BD1A.9050806@arnes.si --===============2678596451605628234== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable ------=3D_Part_8850427_1953928570.1363594171897 Content-Type: text/plain; charset=3Dutf-8 Content-Transfer-Encoding: 7bit Hi, = We're issuing a RootDSE query (once per LDAP domain configured). = We try to obtain from it the "defaultNamingContext" attribute. = If does not exist - we try to obtain ""NamingContexts" = We store the result at a "domainDn" (we have a data structure which maps do= mains to information objects, one of the fields at the information object i= s the DN of the domain) field, and we use it to compose the full ldap URL w= e send the queries to. = ----- Original Message ----- > From: "Andrej Bagon" > To: "Itamar Heim" > Cc: users(a)ovirt.org, "Yair Zaslavsky" , "Oved > Ourfalli" > Sent: Monday, March 18, 2013 9:07:06 AM > Subject: Re: [Users] ldap simple > Hi, > the system is trying to bind to ldap as: > bind request: uid=3Dcn=3Dovirt,cn=3DUsers,cn=3DAccounts,dc=3Dourdomain,dc= =3Dsi > I dont know how it knows dc=3Dourdomain,dc=3Dsi > It should be > bind request: cn=3Dovirt,ou=3Dsystem,dc=3Dourdomain,dc=3Dsi" -b > "dc=3Darnes,dc=3Dsi > The same with the search: we have users in form as: > edupersonprincipalname=3Dusername(a)users.ourdomain.si > ,dc=3Dusers,dc=3Dourdomain,dc=3Dsi > values in database: > select * from vdc_options where option_name in > ('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderTyp= es','AdUserName','AdUserPassword') > order by option_id; > option_id | option_name | option_value | version > -----------+----------------------------+--------------------------------= +--------- > 10 | AdUserName | users.ourdomain.si:ovirt | general > 11 | AdUserPassword |users.ourdomain.si:adminpassword | general > 69 | DomainName | users.ourdomain.si | general > 130 | LDAPSecurityAuthentication| users.ourdomain.si:SIMPLE | general > 132 | LdapServers | users.ourdomain.si:server.ourdomain.si | general > 133 | LDAPProviderTypes | users.ourdomain.si:rhds | general > (6 rows) > Best Regards, > Andrej Bagon > On 03/15/2013 12:09 PM, Itamar Heim wrote: > > On 03/14/2013 01:58 PM, Andrej Bagon wrote: > = > > > Hi, > > = > = > > > is it possible to change the bind request that is sent to the > > > ldap > > = > = > > > server? The default > > > uid=3Duser,cn=3DUsers,cn=3DAccounts,cn=3Dour,cn=3Ddomain > > > is > > = > = > > > not suitable. > > = > = > > can you please explain why / what you would like to change it to? > = > > (not sure possible now, but there is work to make it more > > configurable/pluggable) > = ------=3D_Part_8850427_1953928570.1363594171897 Content-Type: text/html; charset=3Dutf-8 Content-Transfer-Encoding: quoted-printable <=3D div style=3D3D'font-family: times new roman,new york,times,serif; font-size= : =3D 12pt; color: #000000'>Hi,
We're issuing a RootDSE query (once per LDAP = =3D domain configured).
We try to obtain from it the "defaultNamingCo= =3D ntext" attribute.
If does not exist - we try to obtain ""NamingCo= =3D ntexts"
We store the result at a "domainDn" (we have a data struc= =3D ture which maps domains to information objects, one of the fields at the in= =3D formation object is the DN of the domain)  field, and we use it to com= =3D pose the full ldap URL we send the queries to.


= =3D From: "Andrej Bagon" <andrej.bagon(a)arnes.si>
To: "= It=3D amar Heim" <iheim(a)redhat.com>
Cc: users(a)ovirt.org, "Yai= r Za=3D slavsky" <yzaslavs(a)redhat.com>, "Oved Ourfalli" <oourfali(a)redh= at.c=3D om>
Sent: Monday, March 18, 2013 9:07:06 AM
Subject: Re: [Users] ldap simple

=3D20 =3D20 =3D20 =3D20 Hi,

the system is trying to bind to ldap as:
bind request: uid=3D3Dcn=3D3Dovirt,cn=3D3DUsers,cn=3D3DAccounts,dc=3D3D= ourdomain,=3D dc=3D3Dsi

I dont know how it knows dc=3D3Dourdomain,dc=3D3Dsi
It should be
bind request: cn=3D3Dovirt,ou=3D3Dsystem,dc=3D3Dourdomain,dc=3D3Dsi" -b "dc=3D3Darnes,dc=3D3Dsi

The same with the search: we have users in form as:
edupersonprincipalname=3D3Dusername(a)users.ourdomain.si= ,dc=3D3D=3D users,dc=3D3Dourdomain,dc=3D3Dsi

values in database:
select * from vdc_options where option_name in ('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderT= =3D ypes','AdUserName','AdUserPassword') order by option_id;
 option_id |        option_name= =3D          |    &= =3D nbsp;     option_value          | ve= =3D rsion
-----------+----------------------------+--------------------------------+-= =3D --------
        10 | AdUserName  &= =3D nbsp;           &nbs= =3D p;  | users.ourdomain.si:ovirt        = =3D ;   | general
        11 | AdUserPassword &nb= =3D sp;           |users.ourdomain.si:adminpassword       | gene= =3D ral
        69 | DomainName  &= =3D nbsp;           &nbs= =3D p;  | users.ourdomain.si             = =3D ;    | general
       130 | LDAPSecurityAuthentication| users.ourdomain.si:SIMPLE       &nbs= =3D p;  | general
       132 | LdapServers   = =3D ;             | users.ourdomain.si:server.ourdomain.si | general
       133 | LDAPProviderTypes  = =3D ;        | users.ourdomain.si:rhds        = =3D     | general
(6 rows)

Best Regards,
Andrej Bagon


On 03/15/2013 12:09 PM, Itamar Heim wrote:
On 03/14/2013 01:58 PM, Andrej Bagon wrote:
Hi,

is it possible to change the bind request that is sent to the ldap
server? The default uid=3D3Duser,cn=3D3DUsers,cn=3D3DAccounts,cn=3D3Dour,cn=3D3Ddomain = is
not suitable.

can you please explain why / what you would like to change it to?
(not sure possible now, but there is work to make it more configurable/pluggable)


=3D20

------=3D_Part_8850427_1953928570.1363594171897-- --===============2678596451605628234== Content-Type: multipart/alternative MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.bin" LS0tLS0tPV9QYXJ0Xzg4NTA0MjdfMTk1MzkyODU3MC4xMzYzNTk0MTcxODk3CkNvbnRlbnQtVHlw ZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3 Yml0CgpIaSwgCldlJ3JlIGlzc3VpbmcgYSBSb290RFNFIHF1ZXJ5IChvbmNlIHBlciBMREFQIGRv bWFpbiBjb25maWd1cmVkKS4gCldlIHRyeSB0byBvYnRhaW4gZnJvbSBpdCB0aGUgImRlZmF1bHRO YW1pbmdDb250ZXh0IiBhdHRyaWJ1dGUuIApJZiBkb2VzIG5vdCBleGlzdCAtIHdlIHRyeSB0byBv YnRhaW4gIiJOYW1pbmdDb250ZXh0cyIgCldlIHN0b3JlIHRoZSByZXN1bHQgYXQgYSAiZG9tYWlu RG4iICh3ZSBoYXZlIGEgZGF0YSBzdHJ1Y3R1cmUgd2hpY2ggbWFwcyBkb21haW5zIHRvIGluZm9y bWF0aW9uIG9iamVjdHMsIG9uZSBvZiB0aGUgZmllbGRzIGF0IHRoZSBpbmZvcm1hdGlvbiBvYmpl Y3QgaXMgdGhlIEROIG9mIHRoZSBkb21haW4pIGZpZWxkLCBhbmQgd2UgdXNlIGl0IHRvIGNvbXBv c2UgdGhlIGZ1bGwgbGRhcCBVUkwgd2Ugc2VuZCB0aGUgcXVlcmllcyB0by4gCgotLS0tLSBPcmln aW5hbCBNZXNzYWdlIC0tLS0tCgo+IEZyb206ICJBbmRyZWogQmFnb24iIDxhbmRyZWouYmFnb25A YXJuZXMuc2k+Cj4gVG86ICJJdGFtYXIgSGVpbSIgPGloZWltQHJlZGhhdC5jb20+Cj4gQ2M6IHVz ZXJzQG92aXJ0Lm9yZywgIllhaXIgWmFzbGF2c2t5IiA8eXphc2xhdnNAcmVkaGF0LmNvbT4sICJP dmVkCj4gT3VyZmFsbGkiIDxvb3VyZmFsaUByZWRoYXQuY29tPgo+IFNlbnQ6IE1vbmRheSwgTWFy Y2ggMTgsIDIwMTMgOTowNzowNiBBTQo+IFN1YmplY3Q6IFJlOiBbVXNlcnNdIGxkYXAgc2ltcGxl Cgo+IEhpLAoKPiB0aGUgc3lzdGVtIGlzIHRyeWluZyB0byBiaW5kIHRvIGxkYXAgYXM6Cj4gYmlu ZCByZXF1ZXN0OiB1aWQ9Y249b3ZpcnQsY249VXNlcnMsY249QWNjb3VudHMsZGM9b3VyZG9tYWlu LGRjPXNpCgo+IEkgZG9udCBrbm93IGhvdyBpdCBrbm93cyBkYz1vdXJkb21haW4sZGM9c2kKPiBJ dCBzaG91bGQgYmUKPiBiaW5kIHJlcXVlc3Q6IGNuPW92aXJ0LG91PXN5c3RlbSxkYz1vdXJkb21h aW4sZGM9c2kiIC1iCj4gImRjPWFybmVzLGRjPXNpCgo+IFRoZSBzYW1lIHdpdGggdGhlIHNlYXJj aDogd2UgaGF2ZSB1c2VycyBpbiBmb3JtIGFzOgo+IGVkdXBlcnNvbnByaW5jaXBhbG5hbWU9dXNl cm5hbWVAdXNlcnMub3VyZG9tYWluLnNpCj4gLGRjPXVzZXJzLGRjPW91cmRvbWFpbixkYz1zaQoK PiB2YWx1ZXMgaW4gZGF0YWJhc2U6Cj4gc2VsZWN0ICogZnJvbSB2ZGNfb3B0aW9ucyB3aGVyZSBv cHRpb25fbmFtZSBpbgo+ICgnRG9tYWluTmFtZScsJ0xkYXBTZXJ2ZXJzJywnTERBUFNlY3VyaXR5 QXV0aGVudGljYXRpb24nLCdMREFQUHJvdmlkZXJUeXBlcycsJ0FkVXNlck5hbWUnLCdBZFVzZXJQ YXNzd29yZCcpCj4gb3JkZXIgYnkgb3B0aW9uX2lkOwo+IG9wdGlvbl9pZCB8IG9wdGlvbl9uYW1l IHwgb3B0aW9uX3ZhbHVlIHwgdmVyc2lvbgo+IC0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tCj4g MTAgfCBBZFVzZXJOYW1lIHwgdXNlcnMub3VyZG9tYWluLnNpOm92aXJ0IHwgZ2VuZXJhbAo+IDEx IHwgQWRVc2VyUGFzc3dvcmQgfHVzZXJzLm91cmRvbWFpbi5zaTphZG1pbnBhc3N3b3JkIHwgZ2Vu ZXJhbAo+IDY5IHwgRG9tYWluTmFtZSB8IHVzZXJzLm91cmRvbWFpbi5zaSB8IGdlbmVyYWwKPiAx MzAgfCBMREFQU2VjdXJpdHlBdXRoZW50aWNhdGlvbnwgdXNlcnMub3VyZG9tYWluLnNpOlNJTVBM RSB8IGdlbmVyYWwKPiAxMzIgfCBMZGFwU2VydmVycyB8IHVzZXJzLm91cmRvbWFpbi5zaTpzZXJ2 ZXIub3VyZG9tYWluLnNpIHwgZ2VuZXJhbAo+IDEzMyB8IExEQVBQcm92aWRlclR5cGVzIHwgdXNl cnMub3VyZG9tYWluLnNpOnJoZHMgfCBnZW5lcmFsCj4gKDYgcm93cykKCj4gQmVzdCBSZWdhcmRz LAo+IEFuZHJlaiBCYWdvbgoKPiBPbiAwMy8xNS8yMDEzIDEyOjA5IFBNLCBJdGFtYXIgSGVpbSB3 cm90ZToKPiA+IE9uIDAzLzE0LzIwMTMgMDE6NTggUE0sIEFuZHJlaiBCYWdvbiB3cm90ZToKPiAK Cj4gPiA+IEhpLAo+ID4gCj4gCgo+ID4gPiBpcyBpdCBwb3NzaWJsZSB0byBjaGFuZ2UgdGhlIGJp bmQgcmVxdWVzdCB0aGF0IGlzIHNlbnQgdG8gdGhlCj4gPiA+IGxkYXAKPiA+IAo+IAo+ID4gPiBz ZXJ2ZXI/IFRoZSBkZWZhdWx0Cj4gPiA+IHVpZD11c2VyLGNuPVVzZXJzLGNuPUFjY291bnRzLGNu PW91cixjbj1kb21haW4KPiA+ID4gaXMKPiA+IAo+IAo+ID4gPiBub3Qgc3VpdGFibGUuCj4gPiAK PiAKCj4gPiBjYW4geW91IHBsZWFzZSBleHBsYWluIHdoeSAvIHdoYXQgeW91IHdvdWxkIGxpa2Ug dG8gY2hhbmdlIGl0IHRvPwo+IAo+ID4gKG5vdCBzdXJlIHBvc3NpYmxlIG5vdywgYnV0IHRoZXJl IGlzIHdvcmsgdG8gbWFrZSBpdCBtb3JlCj4gPiBjb25maWd1cmFibGUvcGx1Z2dhYmxlKQo+IAoK LS0tLS0tPV9QYXJ0Xzg4NTA0MjdfMTk1MzkyODU3MC4xMzYzNTk0MTcxODk3CkNvbnRlbnQtVHlw ZTogdGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1 b3RlZC1wcmludGFibGUKCjxodG1sPjxoZWFkPjxzdHlsZSB0eXBlPTNEJ3RleHQvY3NzJz5wIHsg bWFyZ2luOiAwOyB9PC9zdHlsZT48L2hlYWQ+PGJvZHk+PD0KZGl2IHN0eWxlPTNEJ2ZvbnQtZmFt aWx5OiB0aW1lcyBuZXcgcm9tYW4sbmV3IHlvcmssdGltZXMsc2VyaWY7IGZvbnQtc2l6ZTogPQox MnB0OyBjb2xvcjogIzAwMDAwMCc+SGksPGRpdj5XZSdyZSBpc3N1aW5nIGEgUm9vdERTRSBxdWVy eSAob25jZSBwZXIgTERBUCA9CmRvbWFpbiBjb25maWd1cmVkKS48L2Rpdj48ZGl2PldlIHRyeSB0 byBvYnRhaW4gZnJvbSBpdCB0aGUgImRlZmF1bHROYW1pbmdDbz0KbnRleHQiIGF0dHJpYnV0ZS48 L2Rpdj48ZGl2PklmIGRvZXMgbm90IGV4aXN0IC0gd2UgdHJ5IHRvIG9idGFpbiAiIk5hbWluZ0Nv PQpudGV4dHMiPC9kaXY+PGRpdj5XZSBzdG9yZSB0aGUgcmVzdWx0IGF0IGEgImRvbWFpbkRuIiAo d2UgaGF2ZSBhIGRhdGEgc3RydWM9CnR1cmUgd2hpY2ggbWFwcyBkb21haW5zIHRvIGluZm9ybWF0 aW9uIG9iamVjdHMsIG9uZSBvZiB0aGUgZmllbGRzIGF0IHRoZSBpbj0KZm9ybWF0aW9uIG9iamVj dCBpcyB0aGUgRE4gb2YgdGhlIGRvbWFpbikgJm5ic3A7ZmllbGQsIGFuZCB3ZSB1c2UgaXQgdG8g Y29tPQpwb3NlIHRoZSBmdWxsIGxkYXAgVVJMIHdlIHNlbmQgdGhlIHF1ZXJpZXMgdG8uPC9kaXY+ PGRpdj48YnI+PGJyPjxociBpZD0zRCI9Cnp3Y2hyIj48YmxvY2txdW90ZSBzdHlsZT0zRCJib3Jk ZXItbGVmdDoycHggc29saWQgcmdiKDE2LCAxNiwgMjU1KTttYXJnaW4tbD0KZWZ0OjVweDtwYWRk aW5nLWxlZnQ6NXB4O2NvbG9yOiMwMDA7Zm9udC13ZWlnaHQ6bm9ybWFsO2ZvbnQtc3R5bGU6bm9y bWFsO3RlPQp4dC1kZWNvcmF0aW9uOm5vbmU7Zm9udC1mYW1pbHk6SGVsdmV0aWNhLEFyaWFsLHNh bnMtc2VyaWY7Zm9udC1zaXplOjEycHQ7Ij49CjxiPkZyb206IDwvYj4iQW5kcmVqIEJhZ29uIiAm bHQ7YW5kcmVqLmJhZ29uQGFybmVzLnNpJmd0Ozxicj48Yj5UbzogPC9iPiJJdD0KYW1hciBIZWlt IiAmbHQ7aWhlaW1AcmVkaGF0LmNvbSZndDs8YnI+PGI+Q2M6IDwvYj51c2Vyc0BvdmlydC5vcmcs ICJZYWlyIFphPQpzbGF2c2t5IiAmbHQ7eXphc2xhdnNAcmVkaGF0LmNvbSZndDssICJPdmVkIE91 cmZhbGxpIiAmbHQ7b291cmZhbGlAcmVkaGF0LmM9Cm9tJmd0Ozxicj48Yj5TZW50OiA8L2I+TW9u ZGF5LCBNYXJjaCAxOCwgMjAxMyA5OjA3OjA2IEFNPGJyPjxiPlN1YmplY3Q6IDwvYj0KPlJlOiBb VXNlcnNdIGxkYXAgc2ltcGxlPGJyPjxicj4KID0yMAogICA9MjAKID0yMAogPTIwCiAgICBIaSw8 YnI+CiAgICA8YnI+CiAgICB0aGUgc3lzdGVtIGlzIHRyeWluZyB0byBiaW5kIHRvIGxkYXAgYXM6 PGJyPgogICAgYmluZCByZXF1ZXN0OiB1aWQ9M0Rjbj0zRG92aXJ0LGNuPTNEVXNlcnMsY249M0RB Y2NvdW50cyxkYz0zRG91cmRvbWFpbiw9CmRjPTNEc2k8YnI+CiAgICA8YnI+CiAgICBJIGRvbnQg a25vdyBob3cgaXQga25vd3MgZGM9M0RvdXJkb21haW4sZGM9M0RzaTxicj4KICAgIEl0IHNob3Vs ZCBiZTxicj4KICAgIGJpbmQgcmVxdWVzdDogY249M0RvdmlydCxvdT0zRHN5c3RlbSxkYz0zRG91 cmRvbWFpbixkYz0zRHNpIiAtYgogICAgImRjPTNEYXJuZXMsZGM9M0RzaTxicj4KICAgIDxicj4K ICAgIFRoZSBzYW1lIHdpdGggdGhlIHNlYXJjaDogd2UgaGF2ZSB1c2VycyBpbiBmb3JtIGFzOjxi cj4KICAgIDxhIGhyZWY9M0QibWFpbHRvOmVkdXBlcnNvbnByaW5jaXBhbG5hbWU9M0RhYmFnb25A Z3Vlc3QuYXJuZXMuc2kiIHRhcmdlPQp0PTNEIl9ibGFuayI+ZWR1cGVyc29ucHJpbmNpcGFsbmFt ZT0zRHVzZXJuYW1lQHVzZXJzLm91cmRvbWFpbi5zaTwvYT4sZGM9M0Q9CnVzZXJzLGRjPTNEb3Vy ZG9tYWluLGRjPTNEc2k8YnI+CiAgICA8YnI+CiAgICB2YWx1ZXMgaW4gZGF0YWJhc2U6PGJyPgog ICAgc2VsZWN0ICogZnJvbSB2ZGNfb3B0aW9ucyB3aGVyZSBvcHRpb25fbmFtZSBpbgogICAgKCdE b21haW5OYW1lJywnTGRhcFNlcnZlcnMnLCdMREFQU2VjdXJpdHlBdXRoZW50aWNhdGlvbicsJ0xE QVBQcm92aWRlclQ9CnlwZXMnLCdBZFVzZXJOYW1lJywnQWRVc2VyUGFzc3dvcmQnKQogICAgb3Jk ZXIgYnkgb3B0aW9uX2lkOzxicj4KICAgICZuYnNwO29wdGlvbl9pZCB8Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IG9wdGlvbl9uYW1lPQombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyY9Cm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7CiAgICBvcHRpb25fdmFsdWUmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCB2ZT0KcnNp b24gPGJyPgotLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy09Ci0tLS0tLS0tPGJyPgogICAgJm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IDEwIHwgQWRVc2VyTmFtZSZuYnNwOyZuYnNw OyY9Cm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5icz0KcDsmbmJzcDsgfAogICAgdXNlcnMub3VyZG9tYWluLnNp Om92aXJ0Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A9Cjsm bmJzcDsmbmJzcDsgfCBnZW5lcmFsPGJyPgogICAgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IDExIHwgQWRVc2VyUGFzc3dvcmQmbmJzcDsmbmI9CnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOwogICAg fHVzZXJzLm91cmRvbWFpbi5zaTphZG1pbnBhc3N3b3JkICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyB8IGdlbmU9CnJhbDxicj4KICAgICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyA2OSB8IERvbWFpbk5hbWUmbmJzcDsmbmJzcDsmPQpuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnM9CnA7Jm5ic3A7IHwgdXNlcnMub3VyZG9tYWluLnNpCiAgICAmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcD0K OyZuYnNwOyZuYnNwOyZuYnNwOyB8IGdlbmVyYWw8YnI+CiAgICAmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgMTMwIHwgTERBUFNlY3VyaXR5QXV0aGVudGljYXRpb258CiAgICB1 c2Vycy5vdXJkb21haW4uc2k6U0lNUExFJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5icz0KcDsmbmJzcDsgfCBnZW5lcmFsPGJyPgogICAgJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IDEzMiB8IExkYXBTZXJ2ZXJzJm5ic3A7Jm5ic3A7Jm5ic3A9 CjsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgfAogICAgdXNlcnMub3VyZG9tYWluLnNpOnNlcnZlci5vdXJkb21h aW4uc2kgfCBnZW5lcmFsPGJyPgogICAgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IDEzMyB8IExEQVBQcm92aWRlclR5cGVzJm5ic3A7Jm5ic3A9CjsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfAogICAgdXNlcnMub3VyZG9tYWluLnNpOnJoZHMm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs9CiZuYnNwOyZu YnNwOyZuYnNwOyB8IGdlbmVyYWw8YnI+CiAgICAoNiByb3dzKTxicj4KICAgIDxicj4KICAgIEJl c3QgUmVnYXJkcyw8YnI+CiAgICBBbmRyZWogQmFnb248YnI+CiAgICA8YnI+CiAgICA8YnI+CiAg ICBPbiAwMy8xNS8yMDEzIDEyOjA5IFBNLCBJdGFtYXIgSGVpbSB3cm90ZToKICAgIDxibG9ja3F1 b3RlIGNpdGU9M0QibWlkOjUxNDMwMTcxLjIwMTA5MDRAcmVkaGF0LmNvbSI+T24KICAgICAgMDMv MTQvMjAxMyAwMTo1OCBQTSwgQW5kcmVqIEJhZ29uIHdyb3RlOgogICAgICA8YnI+CiAgICAgIDxi bG9ja3F1b3RlPkhpLAogICAgICAgIDxicj4KICAgICAgICA8YnI+CiAgICAgICAgaXMgaXQgcG9z c2libGUgdG8gY2hhbmdlIHRoZSBiaW5kIHJlcXVlc3QgdGhhdCBpcyBzZW50IHRvIHRoZQogICAg ICAgIGxkYXAKICAgICAgICA8YnI+CiAgICAgICAgc2VydmVyPyBUaGUgZGVmYXVsdAogICAgICAg IHVpZD0zRHVzZXIsY249M0RVc2Vycyxjbj0zREFjY291bnRzLGNuPTNEb3VyLGNuPTNEZG9tYWlu IGlzCiAgICAgICAgPGJyPgogICAgICAgIG5vdCBzdWl0YWJsZS4KICAgICAgICA8YnI+CiAgICAg IDwvYmxvY2txdW90ZT4KICAgICAgPGJyPgogICAgICBjYW4geW91IHBsZWFzZSBleHBsYWluIHdo eSAvIHdoYXQgeW91IHdvdWxkIGxpa2UgdG8gY2hhbmdlIGl0IHRvPwogICAgICA8YnI+CiAgICAg IChub3Qgc3VyZSBwb3NzaWJsZSBub3csIGJ1dCB0aGVyZSBpcyB3b3JrIHRvIG1ha2UgaXQgbW9y ZQogICAgICBjb25maWd1cmFibGUvcGx1Z2dhYmxlKQogICAgICA8YnI+CiAgICAgIDxicj4KICAg IDwvYmxvY2txdW90ZT4KICAgIDxicj4KID0yMAoKPC9ibG9ja3F1b3RlPjxicj48L2Rpdj48L2Rp dj48L2JvZHk+PC9odG1sPgotLS0tLS09X1BhcnRfODg1MDQyN18xOTUzOTI4NTcwLjEzNjM1OTQx NzE4OTctLQo= --===============2678596451605628234==--