Hi!=0A= =0A= Thank you for the information, for some reason the administrator user can= not be resolved to userPrincipalName during login, is it specific for Admin= istrator or any user?=0A= =0A= Thanks for getting back to me Alon.=0A= =0A= =0A= Can you please attach the extension configuration for both authn/authz as= well?=0A= =0A= here you go, but I did northing apart form changing the profile naming. =0A= Please note I performed anonymization and replaced my domain with 'corp' = =0A= (as you might have guessed). If this had any side effects I can mail you = =0A=

ovirt.engine.extension.name =3D corp-authn=0A= ovirt.engine.extension.bindings.method =3D jbossmodule=0A= ovirt.engine.extension.binding.jbossmodule.module =3D org.ovirt.engine-ex= tensions.aaa.ldap=0A= ovirt.engine.extension.binding.jbossmodule.class =3D org.ovirt.engineexte= nsions.aaa.ldap.AuthnExtension=0A= ovirt.engine.extension.provides =3D org.ovirt.engine.api.extensions.aaa.A= uthn=0A= ovirt.engine.aaa.authn.profile.name =3D corp=0A= ovirt.engine.aaa.authn.authz.plugin =3D corp-authz=0A= config.profile.file.1 =3D ../aaa/corp.properties=0A= =0A= # cat /etc/ovirt-engine/extensions.d/corp-authz.properties=0A= ovirt.engine.extension.name =3D corp-authz=0A= ovirt.engine.extension.bindings.method =3D jbossmodule=0A= ovirt.engine.extension.binding.jbossmodule.module =3D org.ovirt.engine-ex= tensions.aaa.ldap=0A= ovirt.engine.extension.binding.jbossmodule.class =3D org.ovirt.engineexte= nsions.aaa.ldap.AuthzExtension=0A= ovirt.engine.extension.provides =3D org.ovirt.engine.api.extensions.aaa.A= uthz=0A= config.profile.file.1 =3D ../aaa/corp.properties=0A= =0A= =0A= I will also need debug log with ALL level, see [1] for instructions.=0A=

--_002_76674a27861d4685a9637d0151ecebd0EXCHANGEmboxloc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =0A= =0A= On 11.09.2015 12:48, Alon Bar-Lev wrote:=0A= the original logs as well.=0A= =0A= # cat /etc/ovirt-engine/extensions.d/corp-authn.properties=0A= please find engine log with debugging on attached. I did a number of =0A= logins in the logged timeframe as well as engine restarts; and hope it =0A= is sufficient.=0A= =0A= Thanks!=0A= =0A=

=0A= Thanks!=0A= Alon=0A= =0A= [1] https://gerrit.ovirt.org/gitweb?p=3Dovirt-engine-extension-aaa-ldap.g= it;a=3Dblob;f=3DREADME;hb=3Dovirt-engine-extension-aaa-ldap-1.0#l377=0A= =0A= ----- Original Message -----=0A=

...

From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de>=0A= To: Users@ovirt.org=0A= Sent: Friday, September 11, 2015 1:28:10 PM=0A= Subject: [ovirt-users] Extension aaa: No search for principal=0A= =0A= Hello,=0A= =0A= I am stuck in configuring ovirt-engine-extension-aaa-ldap with AD for=0A= ovirt 3.5.4. I am following the [readme.md] and so far it was quite=0A= strait forward:=0A=

...

include =3D <ad.properties>=0A= =0A= #=0A= # Active directory domain name.=0A= #=0A= vars.domain =3D int.corp.de=0A= =0A= #=0A= # Search user and its password.=0A= #=0A= vars.user =3D bind@${global:vars.domain}=0A= vars.password =3D [redacted]=0A= =0A= #=0A= # Optional DNS servers, if enterprise=0A= # DNS server cannot resolve the domain srvrecord.=0A= #=0A= #vars.dns =3D dns://dc1.${global:vars.domain} dns://dc2.${global:vars.d= omain}=0A= =0A= pool.default.serverset.type =3D srvrecord=0A= pool.default.serverset.srvrecord.domain =3D ${global:vars.domain}=0A= pool.default.auth.simple.bindDN =3D ${global:vars.user}=0A= pool.default.auth.simple.password =3D ${global:vars.password}=0A= =0A= # Uncomment if using custom DNS=0A= #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.= url=0A= =3D ${global:vars.dns}=0A= #pool.default.socketfactory.resolver.uRL =3D ${global:vars.dns}=0A= =0A= # Create keystore, import certificate chain and uncomment=0A= # if using ssl/tls.=0A= #pool.default.ssl.startTLS =3D true=0A= #pool.default.ssl.truststore.file =3D=0A= ${local:_basedir}/${global:vars.domain}.jks=0A= #pool.default.ssl.truststore.password =3D changeit=0A= =0A= =0A= =0A= The config seems to work; at least the domain and binddn part. I can=0A= browse and add users to ovirt as suggested in step (3). All quotes are= =0A= from engine.log:=0A= =0A= 2015-09-11 11:54:50,261 INFO=0A= [org.ovirt.engine.core.bll.AddSystemPermissionCommand]=0A= (org.ovirt.thread.pool-8-thread-24) [73bff0e9] Running command:=0A= AddSystemPermissionCommand internal: false. Entities affected : ID:=0A= aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group=0A= MANIPULATE_PERMISSIONS with role type USER, ID:=0A= aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group=0A= ADD_USERS_AND_GROUPS_FROM_DIRECTORY with role type USER=0A= 2015-09-11 11:54:50,268 INFO=0A= [org.ovirt.engine.core.bll.aaa.AddUserCommand]=0A= (org.ovirt.thread.pool-8-thread-24) [21867e72] Running command:=0A= AddUserCommand internal: true. Entities affected : ID:=0A= aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group=0A= MANIPULATE_USERS with role type ADMIN=0A= 2015-09-11 11:54:50,301 INFO=0A= [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]= =0A= (org.ovirt.thread.pool-8-thread-24) [21867e72] Correlation ID: 21867e72= ,=0A= Call Stack: null, Custom Event ID: -1, Message: User 'Administrator' wa= s=0A= added successfully to the system.=0A= 2015-09-11 11:54:50,379 INFO=0A= [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]= =0A= (org.ovirt.thread.pool-8-thread-24) [21867e72] Correlation ID: 73bff0e9= ,=0A= Call Stack: null, Custom Event ID: -1, Message: User/Group Administrato= r=0A= was granted permission for Role SuperUser on System by admin@internal.= =0A= =0A= Yet, when loging in as a user administrator I get:=0A= =0A= {Extkey[name=3DEXTENSION_INVOKE_RESULT;type=3Dclass=0A= java.lang.Integer;uuid=3DEXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c= 0-099c772ddd4e];]=3D2,=0A= Extkey[name=3DEXTENSION_INVOKE_MESSAGE;type=3Dclass=0A= java.lang.String;uuid=3DEXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d2= 6-b8bdb72f5893];]=3DNo=0A= search for principal 'administrator@int.corp.com'}=0A= =0A= Followed by a java stack trace.=0A= I did not find any configurable search path.=0A= =0A= The config seems to load:=0A= 2015-09-11 12:01:34,897 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Loading extension 'builtin-authn-internal'=0A= 2015-09-11 12:01:34,903 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'builtin-authn-internal' loaded=0A= 2015-09-11 12:01:34,905 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Loading extension 'internal'=0A= 2015-09-11 12:01:34,907 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'internal' loaded=0A= 2015-09-11 12:01:34,919 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Loading extension 'corp-authn'=0A= 2015-09-11 12:01:34,967 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'corp-authn' loaded=0A= 2015-09-11 12:01:34,971 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Loading extension 'corp-authz'=0A= 2015-09-11 12:01:34,981 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'corp-authz' loaded=0A= 2015-09-11 12:01:34,982 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Initializing extension 'corp-authn'=0A= 2015-09-11 12:01:34,983 INFO=0A= [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-2= )=0A= [ovirt-engine-extension-aaa-ldap.authn::corp-authn] Creating LDAP pool= =0A= 'authz'=0A= 2015-09-11 12:01:35,120 INFO=0A= [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-2= )=0A= [ovirt-engine-extension-aaa-ldap.authn::corp-authn] Creating LDAP pool= =0A= 'authn'=0A= 2015-09-11 12:01:35,159 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'corp-authn' initialized=0A= 2015-09-11 12:01:35,160 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Initializing extension 'builtin-authn-internal'=0A= 2015-09-11 12:01:35,161 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'builtin-authn-internal' initialized=0A= 2015-09-11 12:01:35,162 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Initializing extension 'corp-authz'=0A= 2015-09-11 12:01:35,162 INFO=0A= [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-2= )=0A= [ovirt-engine-extension-aaa-ldap.authz::corp-authz] Creating LDAP pool= =0A= 'authz'=0A= 2015-09-11 12:01:35,185 INFO=0A= [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-2= )=0A= [ovirt-engine-extension-aaa-ldap.authz::corp-authz] Creating LDAP pool= =0A= 'gc'=0A= 2015-09-11 12:01:35,222 INFO=0A= [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service threa= d=0A= 1-2) [ovirt-engine-extension-aaa-ldap.authz::corp-authz] Available=0A= Namespaces: [DC=3Dint,DC=3Dcorp,DC=3Dde]=0A= 2015-09-11 12:01:35,223 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'corp-authz' initialized=0A= 2015-09-11 12:01:35,224 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Initializing extension 'internal'=0A= 2015-09-11 12:01:35,224 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Extension 'internal' initialized=0A= 2015-09-11 12:01:35,225 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Start of enabled extensions list=0A= 2015-09-11 12:01:35,225 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Instance name: 'corp-authn', Extension name:=0A= 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.2', Notes: 'Disp= lay=0A= name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0',= =0A= Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interfa= ce=0A= Version: '0', File:=0A= '/etc/ovirt-engine/extensions.d/corp-authn.properties', Initialized:=0A= 'true'=0A= 2015-09-11 12:01:35,227 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Instance name: 'builtin-authn-internal', Extension name:=0A= 'Internal Authn (Built-in)', Version: 'N/A', Notes: '', License: 'ASL= =0A= 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build= =0A= interface Version: '0', File: 'N/A', Initialized: 'true'=0A= 2015-09-11 12:01:35,228 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Instance name: 'corp-authz', Extension name:=0A= 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.2', Notes: 'Disp= lay=0A= name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0',= =0A= Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interfa= ce=0A= Version: '0', File:=0A= '/etc/ovirt-engine/extensions.d/corp-authz.properties', Initialized:=0A= 'true'=0A= 2015-09-11 12:01:35,230 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) Instance name: 'internal', Extension name: 'Internal Authz= =0A= (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home:=0A= 'http://www.ovirt.org', Author 'The oVirt Project', Build interface=0A= Version: '0', File: 'N/A', Initialized: 'true'=0A= 2015-09-11 12:01:35,231 INFO=0A= [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service= =0A= thread 1-2) End of enabled extensions list=0A= =0A= Versions:=0A= ovirt engine 3.5.4=0A= AD: Windows Server 2012r2=0A= =0A= Please let me know if you need further logs.=0A= =0A= Thanks,=0A= =0A= [readme.md]=0A= https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/REA= DME=0A= --=0A= =0A= Daniel Helgenberger=0A= m box bewegtbild GmbH=0A= =0A= P: +49/30/2408781-22=0A= F: +49/30/2408781-10=0A= =0A= ACKERSTR. 19=0A= D-10115 BERLIN=0A= =0A= =0A= www.m-box.de www.monkeymen.tv=0A= =0A= Gesch=E4ftsf=FChrer: Martin Retschitzegger / Michaela G=F6llner=0A= Handeslregister: Amtsgericht Charlottenburg / HRB 112767=0A= _______________________________________________=0A= Users mailing list=0A= Users@ovirt.org=0A= http://lists.ovirt.org/mailman/listinfo/users=0A= =0A= =0A= =0A= -- =0A= Daniel Helgenberger=0A= m box bewegtbild GmbH=0A= =0A= P: +49/30/2408781-22=0A= F: +49/30/2408781-10=0A= =0A= ACKERSTR. 19=0A= D-10115 BERLIN=0A= =0A= =0A= www.m-box.de www.monkeymen.tv=0A= =0A= Gesch=E4ftsf=FChrer: Martin Retschitzegger / Michaela G=F6llner=0A= Handeslregister: Amtsgericht Charlottenburg / HRB 112767=0A=

--_002_76674a27861d4685a9637d0151ecebd0EXCHANGEmboxloc_ Content-Type: application/x-xz; name="aaa-ldap-egnine.log.xz" Content-Description: aaa-ldap-egnine.log.xz Content-Disposition: attachment; filename="aaa-ldap-egnine.log.xz"; size=29048; creation-date="Fri, 11 Sep 2015 12:45:54 GMT"; modification-date="Fri, 11 Sep 2015 12:45:54 GMT" Content-Transfer-Encoding: base64 /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj6t87cTddABkMAmxKeqKZoB2vMUGx6VBL020Mye7zSsl9 OYD4y8f/ujrITRzLCVq8pY5QIABbSsFv21AuB3srFnDm0v6HX4JQEkm7Y10h9HNYpsoCYI8R2Ui8 tR7SZ9VKx8eKnNKCX6eUGvpbyGQTkTAnQIFhjfhH+1UtmNpIa+r0vRktHyO3sRpeqYf5AF5sjwyE szPgn3P+aaWSpkEVrlswlMOiaFj6CTasw+WDkCBfKZ2rzwHoWDMc5JE5gJv2rgSVuhxNM5Qdv0Wl FywfD25PwECJ7AEPRYdvb1npn/SHyL0r0+2EaqgHzNuKWhmHCYbvFPOtoCcE8/CM+fiJ80Kteb4z lbBv2D5+qzg8LKaFzka87AHIB1g6pUnUOh19/jb9/BKtcbkk0gDjepTceS6+lb/ctKR7kTkyuXZ0 dLrSxmA7dgyetOafpgOeTEIeQW0XfiS7GCij7Mb9q53ywdQfobBSNzqaP9Oq/Wsz9YtOeO8ktb+X ILdFcXomJJ60tbSL3noirwgSWSAGu9ZsYC7Xf8H1kty4vZOjP0i20c3kQiphm8oLq6DY525fbPXv fgLyE0gTyfwAlY/QlQxuaU+c7edwmI5muV3j6mkVh6CsJ4WWvW5oYr+aH0bovPw6flTC7P1iCoMg reWZ5nDGLbtAS16I9iKsHFreuxZVpyBLyOeiSTkE5tPwk8PhV6lDgZSpCv1J3POeXFmQDZXOQEf1 ApxvAUnSPvsc01+Ypzik+buQObPKB+p2p9U0UN+GYrJmz8pre7qG0QKBe9n3Hl0YWrfEuRZRBEPP KFsloOpLePiFUaHm95d0lwketjFYLMorK8VXqXOQJNsrZKwhuLzh5Eu3f6xTJOPOWdeX0eMSOhhd 1VCvV3BPljuDE8p1yeTLSyWtaN1uWFXDxCqNIAMS1cE4QMjAh4uRp5/dh07dm6V9FGeo5l+0431Y D0OXGQnY4/786C/SuiI/5iYShNr68v16H0jQo3HPnnRCR57tCvJzebhEQVUmntr+pvM+uDjnWd50 jmMzomy7Q5CZdmtaNyN0ByjfQKHA5iXWe8PZbcylVkApK8dgSyRIlqcD7r+EI11urSB2DjD47zsC RolA1IPztcvPGHGEPLNlXTPY9nIt7DbfQ8e8wyXFG+d6HhHX7huUeesAk5VuIQsCaoGSUvFWbP2l RzAWz1eIkEI2bYEDdfW64eyyq2gZaIhg4k/yk4EfPnU1VksncCgS5DuozjQ5YdLCtGrWq/nFX10M mBc4kKMwGas4F8ZqDDtaYIuSfubIoT+C3Vku1NgJre8B/LLs6trDYITcDnEvRruRqHZST06CC3L/ yQP5qIHhln2e811I1KJc7AQU1draoXoHqyLm8adMN3mIlJXlJFJp3ZPivkiL5ABtzE67BEPcCygA Fvx3cJSJWddZGkqOgSaers0TXEJvO3MM/WAnJsqfxEuS0CG+sOz5M852V2HnpO80j8awlg3vKRmG PtNUlo/jpHsDSP7118Isrr++2SsbIWh4MnD7PvroEWBxvEiLeh85qhmP/9j7kJbyctj/UHNhKqe6 A+KRp+ub2SxTrOH1xx7ushCTIVUECzmCfD21AjUn5R2nLuTaJa4/mITQN8U1qNm5bY/UqyPiZxi0 vrFnj2Uw8eJWRaLArJDTtejY0zCB50IYMQZUpgNWKmcZw+a75QubarRDboxUtCTRaSShxtxetYYB tm+MwS24Km2AVcTT/6vFFmBBZCADIes5V4HjTrA9dSpAIASQ1Ry0wA2ZeqyXe0V6KSxQZ5wIa3Ze Z5N2ML0udJ06WMb2pgYd/oz0lxqoU2awio/sifUu1Iy8Fqo9NsXHpE3GCtCCJKFW3dsM+dhUWMQn Ubdn32btPrDrKWLPeASdfeAUMDT5+KBQ05VGBjchmvV0pXDik7O8dw6dcovdCAVt3wEY1N2GEmGO qAyfcnQTEc3cPvC4OAEwyTvt++WKF1npejz+pxaJrMUkxmvyFDY7AZ5DAYu8Rctd49QGug4nRHbG sfYhsPP28V3yjkbQILLIiIOqF6lsEpr49qujnTu6J3dxtICxqQ+4zwmBfzeKVfRbBiXqcyAQPDk4 C5IkWIQbJiUHCuh3rSTnUW/ivoypmEbzz4uYPEtEqkUqnwF4iHpqqWKiLQtqtVeLYwXltd3t5Mwv L1GTPlqVlnoQokcquTG5x+D3yESGRrvWPqovQBe6LG1sWdCf5m30E9T3O4dDdyyI0T1Wy6KpuHzw wg7P2S+a2Y1pPpLGKnU1HEcYTMPLXmiAjzgQC1BApJ82m3wTAqEuMapIiBdGM2Y39CtYrVt13rNn HI7w6Uo9pu5jjRW/XxAtRMScrrJgPUeaBx1/Un6BNiFhq619yva7lLAaIQ5+2pRJvH4odWPDvpDD vWegffOym7uJsmEVTQ4kBH1kE6AutL4H7gCfM7UOhgBDSNqlkDM5JHy1kZhl7/Wua2iI1h5aPO5s ayz828WccjYmHhNFLppV5JhFeFfcAsdahZt/XWHRSCoZk2WkVHPYs5x3VgXpFn37kIbtNRwhAmwk KpuMqHfdZfBzwJg9TDPxQmy8QIwBmL2YOxcb9YLuw+ndP7z9pB4082Q+RRnQiaCk+m/hc83pOWDS 9lFADDDttQbdMvIFUMGY0q4Aw9NfDh5aTlAv5ohBEOZ8/EGEAJJpCNWMO0hOK3IwBvCX97vHotqG VIgp7edyyW7tCFDIi5BhCH6XEeCqBsGSciNjoaKEGazv9OhSHB3WjU/ugMD98sM4HSiQf4inAD9F m44s9k9vomVhZIImroB3hc0cNhURjcHgA6xLlYcxNujjoIUbEE+FMEtib9fkV4gXrRrSRakyaMuY gNAP1JayQvPrH02Rp+xqOd3t7Y0bBBsc85KIdlFhjUzvsVCrrgh2w200zTyBuXTvnQbQ/eha2QsQ kbqGFn1H5D52C/0W+0c56vdAEnpMQa5NAZsGSojanDbMxg49D3njsCVu8kWz9+UwByH0dUJ0eQt3 YxZqjZJ7fWOXjjeQO83I2cwIZBIwyaXcZdJgM+xAS4NXjvhDYCm5ui+ZNyP1Dg5XDGV/4c3Jj6Q6 9ftpyiEr3SqtDGUUZTd6HcJWN8QMo/LTpakx/23Trik4ktpYhDMATYKRX+z8PLJStQeuFtQBs9sw 5L0BHRtSR37VSGLFXmm/Vth4NugIfOMCjnHokI7q2mhofkuzgbEyPGkixNFEzjBujz+pPnyL70bX u63cFBjT8LGeSkcjShSXfGGf3JWEEJk4OkU67V+GUXD3C/3IfP9yZQt6MKyuaJcgRMQi9W5kBbbt f/60vwlqM7BDi9xfpky/kyw/nPqeaAtu6JR7+6fikAn6m+kthqgwgWuU02LWv30RyZH61JrNLwqz LcVQ8cYP9TNhEkAWXhAhIMmPyaeXUo2tV0JR1cgAcpe97NsLlAa92oKceTzsWARrIynPUd8qqG9e tWjdYNBmZWOToLBoMZtDN93Jy8LfMJckcog0McUgU8cnwe1EgHlrpGQQNMUIY5QifhK6r8kxSo/H A87IgHBT4vizHqAq1lV/TCFYAjrDq1XIox9CuoaRG5dPjtKcM+N1cbUgJXSYcv/AQHoE+UkVwqvM 04mVvTuuouQWRKzO4CWGOaVFum/FxKXlAFd9IQ9WABnlwKrpUIAV4UM2JA5siAJd1xOXGXBqEpUB 46EZm9fqToKe+lRHYGIAoDc/gAA6pO1lDZL52tL1uVnZKk2PSnXo3pmm9ZUGO46F3aqOwh9ZctTj DNy9p6hXuLAu9fMySxcKN4FrMi3ufA3VdVr2brkt2eE6cMk7dhxgSPxJ8USAZE4Ke/DzEKQXEM8J TnfIoYXykAzFrn4ymAeFdoWLWkwzb3J0NOAefjyXypN8/qfILX7ljifUQwKh6DC7irApQFOef5gW joSyycvfnI4jmj/3ICtCGa06EG73QSKUsxxg/sKMDwv7hy0F82H6nHWt6JHzzXKykHYeZxUFqpxe zNsIDHFqNK0hNmrYHLrR3ZqvY/Iue+S9zvVNsk0y7wSztzEFuhS/Coc/tjRUhmhqzNJdeBDBuB+B jkkCVoOdpE04xoa655dceUzjDyp2jsvSqIbXniiDc2q2GiMbYk7RxHbFXmxajawhWWUqdMf2OJW1 hAS8faDxAuadEAcfFlNsxxV/0NZbDVPaD4t9cVDgslfAhA0PxMYmYCb4qm5mMOrCsicrkK8kFOMv l2BQ+AoFCbS7L+t6BRtTYYgCB0fBuWykOBfWbo6sPoa/ym52DLeCVlzlE/YgOsbwy/5DAMwqUN6M Jb4NmMIZiWBgxZYPzW/r3ElimR2IzKwnlQaG+/uNLsg2TYhX8kGF2WuTNbJlQ47S5Qv71e3FIPHr 4fuz72WX4o0xegT1M50ukw9XSc7nZ8j2NwN5tZN2ixx5/lEsxqfxDA0oWGkzXfEYC23Lv2sKvQhx owPGlHUI7YxizjibzShC6vy2bf2hgTkQJmGE7v1BqHUkUHVZp3rb7ge/bBx00uhaaIrmL2HQCCZG 1klBteo4PYD1rwpqtjsFMc38p/8hzRKp4z1gxXjSGj8Q/TWpNR9ONEf/snL4uXZu23DFBCmAnJwb QBPazIqlIViNjKv8tAXOEDLhTnFl17aSBY3xEt2pLunrxHcUt3QvohAHyyegxhhfMj84zJ/ZO335 pfHvyKzQGEAvY1R8i7j5G9BjYP7ZmR9QBIxEFRaPNRWkNWiBykLqlGZxeK3vMXb6jAQb7sPPWn/A Rtcrl3mnm5h2WxkeOkdm+47+5LoUOhGxdThIU4+I1IfNCst+vrYik8qODMd7EFiMdcjAPN7g6H/9 obeCjB1JyOGU9MCZKlXoJXPIy2AJ4sG0O4XbtCYQd/eOPV9WSJz7BsALvF9U2+PIbWl3b7lcc/tJ TFNCLL16ajb2nhwohoOIaeQbEyiEGkpCf0fMPWIxRCQdXwFn48/6uWBQWXkgveiYySuEWn6cdagq lo+TrGsmMiFfoKP7NdgA0Pm8yjFl3GaNBS6mPlw1ns0b44Ge4gjbErmEpuEm9vkecLpV1kwMZlDk I7CDbraRDUwULKGeFqTDIiG9wru/G7sJgvROvD9x6AXY30cy3ZjP76AmEcI8hVxhZMO4ZilUjPBU DfW5ioml1ehcYLYgFPvYeFu9R+O0iVm3uchXRqUE+2vNyrUNA1Ggh85QgXnP4FvUhKbemDrkLad4 0Cs+5gaISHp93v0osqkTTLLMgVWA/w3UHg10rx9E5cuMRdeAoUqkAIJkLvLF7fex32fsSH93VMq6 rsvmwwZ56Cz93hTj/57ku1TOme4qRArMx3xU4Zoh9tYluiOUYk+hHBLMtBbD/xbpurEpK+8WVRXw 4qKG+5A+ci1QbBTUlG7ol5ZeMUPZp6kp8lsBJ1aRZi0t8nSBP+Mj+3TDpF4nxxMT8XrZiGhm7ON3 VPggcpzlbfodHoygLVG1zGdd/A7JXg4vycpNpUVbbqI0zsPMZN1beWaVR7J4Q+bURNYVMCmUXlRq vJejCLOUoXdUOhjdNbKldj9r9jdXSkDAbsOhAFd59KLBf6fnRVJq81htkHKh5lWkUP30FBcI5TK7 VdYK2DJ+sE29ax6MbfzcOysLlMiO1ilcGCNjL9E9jKV76cFBI5STTwdKGmI4TsqOSacgorR6xD54 JVfmwsLj6Qr6WDYU6ytkQpYzNkSBNfYTCkUqkrRCActljeEGvWX2XBzSrO9IGOHsReYbENs7jsh4 o54w0Fd/1/aNVdhVih/EvP4fYKfqklZ8g6oB7uclHCr/g5NoW+sa/0Ie9z411M6lqkJwJ/wut4DA e6eQYohH3YlA3Mq2tugbROA0qqJAaM0Onz0NoS4vZ5LAPXKFSAqJtJfM3W+ymUuIbA7Khiq7NRsw mQ7vfFvz+4CKMb8su49Hv+RagLvL5uIBL5HTh84gq9/Nzw1+0FaewtVYkqYupu4hZTSzbTwlcog8 oCL912A0YMQWrXmzoONxhtxr7abNmuc+gNqP/TGEIS/iXNlU+WLdCMr2UHoj1t3itvXSfj/YGPpt XmKfWvO/6qJqr4brEGdezPHzRMaIRZgPRuopBavkfCbckv8m4H53TRvNUxWVclXLWbxCdc9hEkaU 9MCsCXQ1BAZi0e8UvrfHFLXpTmwrqiTdezWug9psLrKkQLK5/tw8ecc4yJS4oOpdRhMlaaRc7Z0f Qn7EII8ewB4OXUj9Xz3heP7mMXjoROEgVjH99lxswF8QPWSzc3eQ4/sasssNiT07VZ+U5Wzgxo3E 8dsjU9JVR8iTcFweKcxSPYQWBsHPi3cbGcg6ajcqYzye7VicAPLNKGzLmMuGsbyl3KKsNtargymm 0MjQkdGQxBR72Zxs85Ax22qNzylmUaeGiRVpPdRObgEaV+eNYfJHwNPVKGz67uCpXnTl86Xv7A1R dW9g/cWdAi0u9u9YdaPwC+9SoHF4BcoxjZ7bC01cFHFL9CrWa0Gbk2D1MheWyT8NYmR4x4VhBVMU DQcC0+4BWd+P8ebfRU2ifo8aTHAFDHKhB6Z4KpXT+cJY/IAs1am/uWv/bxxuRtJIh6orssALh2rY BAyRNia6UW5RRQH09kWYWcRdaP4pnrlvyb82qdOIyjWEpW5daOpX8L+sfXpqujfHIbDVWDtiah7M AH45pC6aWzE3/4EpR/AoYodIE2kObF3Zkl/zJp65VfHH5kr+SKZv0PI6IhQCz2122QjPci2SNu6I PMxwfiFwJNLk+NZLONXHMupZ6k48s1eaQyzghLfkUYIrXDOLsb98N5oDX/g8eA2OzEDhurBqlbGV NrS3bkVBiI/iTMK13yZEjAhXJc2cSoz2akJMUC3jx236ZGcq353wXCyaKYHPd5o6GUm/VDfL2w/S II8BXODlHW60rgdKcjsFzXLw7gkCm2XVcRdDe8lWAlkFjoH/mQm60Blb2rXZBOJrIikiuB0HwmEd g0cHCr76zuuEidvUngYUHz8euVRSBPCHdSFxFgfT0Lim3bFtIw8AjWXCaCzeIrAK04w3/InF/RAB SgFiTz7Ywujpgbmadbd74sQaH4sAZbuknrHEqSoU5AnjXnMEQdzpDYaZupTWP+o5SgP0vKEOwfwS BZ00OgW1LzWPEN5z6ANdkS0X6pIwcV9d6+uDiRXxw+7hteAaD+6KMobTHXBVWnzrf+kmlyUo2Jjg 7VtzyHTDee1xidUhjLsxu3XrQYeJya1Npip1Q1UZvyDbBot+XFdngUg57FRA5TxwRxRhXDq4kFER v/QzFMC3So7e8nTFFiawVtPfZrDSKPZPCMGylG7abV0uleqMKSqYJiAq/xGYa/pdTgXjlPA+8ISx 0ZY2OWal1TWL8UPpzTk2ZSoFKKZ+FUSIypsVqVZ0sK+FE7UxVSv1Ylejebo/xwZCX4I7u94yIoYs 7sYe9zWIkRWcjlYyn3Kl5xRDKSLo/khcwRuCbWC7H8SaOP7PoQ2vOVXfT0TyukDo7e0FMXFZqZi+ EWbSK6Qfc2PuR6YMyn6EaNQSoXjBsEUW40Jb8z9zEwO7/l+yPOP/6FZLIJlPoINi0I2kQ6Ey5qUw YBN4Gk6VYlcyPpcGRye+SlTtzs3Xz+4/R8lZ5506EUadMg65dOMCfm2ZUvSbtged/LtlLlI7QzP+ BVrqmpvbkIBr9jF42ECq7bBCr51KYIxSoOwZxfBfWugjfD/0pbcC+ejXl2omjmW2b5hXDklFUw4M BtUcqf2EpDDTrbPx/FxG+/MdE7ynkPLaDcxMvLwS9thQgRT/cY5kGjuc/wudGOCNAQxBr2vIgKny cya5ijcq7+pMMIDRgkv/IbsCgbO6+l4OSioLml7O3GWpy2Q349GSdiuW+2sYWnEjS6VB+fW9qOBs 8nePmSFL/DYRwmKB7KnO57dSaeW6AV1yFeyiwQJU577gY0V0V1JF6uh3VpSuVIPOPqCnxvj2Bdl3 mVKdOEN3zqUgCxUFiSmBElWzBlV0vCGQwsirElC0LYT80n9BllnIU8yicwr8nDYIUMJipHU2OEuV C230W75AEQuzoERlkyUhnmfVlrQ703UAlRzZuEYZ1nhCAciPYUtxOi+dsOim7kPBhzhvm8QDeT8p C8t0K3f4nzFzYvEdar8YDjxWLL0Nua+WXTZy91KadyNhVzHYAKFU2o3cOoAcwlcXbeo07aVjX20c B8TrSH0seZzGXaTUm3Kt5PtBd4P6aeoUxdoJ7oietX2cMeZGUKI1v7eKOclC34ggqkkfUPi5Zinr WDQai0V+sApLZaNP+cOXUezgltDhrABxK8tWWZeIacRjR0AJkh4qtSCa0HVfEwutX1vj8TfScDC9 K01G1AY0lVx/jVjgskLFtwARSI+iFQD1WSGi6sTVrXNqvSqUQesPAbFchVxhnLDk03ToNtR30c4N fOojEPnbIWMHLIZlTvLHBuV6WksfUZE6ju77drtNoK6Jb20IDm7H3rUXA+dTTGbmRW8D5yQFsQ5f 06IigeJKfwrDHJYIBp5cNGM9iBenZa2tDRDoX9z4rZ1P8DvvAtLcoenfxtd/KRCt9QjVJADIapxU CMgKKLONccbAfRPyCnu7jAXPdVKSEFZjYkx3vt5UZlxmS7kjmj+HCHKNZKK6Q5RqbzvZPe+CqndJ xQo1kmDxwxt66DxWqHV8m1WLtN2frrpXpn7ODA0+b+yPOaq0GHRVP8if1KhXRr6M/DAcrfulQ8NN CeeMG1BzX6XUZgwmANQFp4Rvp9b2ujkDsa1FCmo7oCPZ4lMS8MKQ6019uqMn8jBYrg5XzvJzxPrY 9DVTNgsG5bK1y6rbMVj8vMAw7OM8Mmn5Dlj7oIrYBFU2cdP13zt1o6capoMfdusW2LE7/unrg4SP DOxSeMguMENWDbW4qe31hqVpljU70oUx3ZNCdp7EHvSo84VAY2J0EWxN8pU2S1EqyNQau8faPdtf wb6po46LWPj3d7x0ZCrpVo3Pf4dtRQYShvqIha6WBSXEL0keuLj7fPJ9urXo2+vXjyNb5bwVVwVB lXsbqPdAAGjmiDHFrOPasXCdoqTuhTCXmYPL4OItIHGZoZop15bh1GNKxyYDvBDlYM6KcEy4yRrc P5YdgZx5OrMwBp+spyuIBOH2uGrtLtDyHlZISsJs1DPjLe6h42lhOZeRuUM9wGKIpfSqYZL+ig2C 5fJoXcIJGYS6ylEaRxPvrPxhWuksNKHu4ouKrw2kiLCiWI63bOCcxmm+LvtstjjXVnEWnyfRqlKa /iEK0isOhHSbV8LAt0siYh6AfY9GnjUspQWyyB1S6MWwHWbnGATdqYMkGjBcZEwP1aD/zhPOD2K9 tXC2Be3RLMZZgQJ7zHDtxLn9mNoADnQ6hAPr/0fmNK3rxSYMgS4iy7ap2xtDX04lA/0zVcz3PQuI DLtXWp5MUS+wlke8J1MAezUlJWQWTM+clGLZG0TzkhotdnEypaGd0xTdMTq9kBfRHjyQHrfoAN7F Zeu6OdL8cPnFx1d39ZWEmkEJrARtQ0xA76wiFtMWmfpavBxg0dcGUXZdNCLtmzK0Mao5OI7RmVRZ Rnz860iN/2ezJmq5H8YUfBZjvx8LTOMvD+9A0xh+PA03h9ZXsJQ34XVkLTQlE2w6bkM8R4/wdB3U EzTrZU7ew0zi/ntrUXUOT6OYyhYoWoIVwuOSrhqrh30ld2ud4Mkuzv1qWkYWFdPCWRVOfSGjSNBo aqQGqSTYA43a6P40T0qO8DoKW1un91/bH7IpCiAfwroWMEl2EL8we2TbuCnY3hTjACLr4uZvfFbF 4nK49yxIrou0JItNGNDDOom0r7khLJAjxWFGVu/WZVdXjkJmUMgF2M6pMVRV5uyyB2tuufukw3uW pmFGomdZjQJzb9nJa66moSc7Jmm0YjumyG7Lo+zckseSYlYZK35UkdLidfAuPrqmMb0SVHGADTWU mb7yIp3L0a/oXqPnoFecisHs/CzD6IRaGVGHi9eGBCN2IT9lOPBANstboLFPlZ+Mn84s6LgIJGtp hvxy8VH1znHMup9YueF8OtzlUmUgYVkkp/yBNFU7uMC0i1VqJ41d5qBJ85RoP/p+j5sE94ZPE43L zrTs3dRa9OxpZMocXL16zt6h1rxfArONdg6I0I7Fp5FHmewDY0nosr+kJh9XIWErJkeo5Lz056qx /qg2a6e63gAs4xeEZoOTgQZR3i8IY1D572ZmGpaVpGtJeGB3n+0V1rfKRec0S1rMoHr/HHeJwscl cZ6vyYbK5STfg7ADCAAMWyBQPIc2JD3fnSsdLeCUTe07B1LZy9QCogaOC/BGHq6wiDupxb68B8N7 ePPIFnBXvwduFKG71+cvUcbi+BYk+PdMiMsVk1FSjXPAPV6AmUU/0ODQrnw+A2rAzAX/lT/S/Arz 5FpCcCRySJCxp0za8CuhpxVRvZ6SBY17iFCncj+1GHICPe+71EhKE0/RVujN1ihwAYHSBfJ/iqbp +1NitXa+AMPzGBof7wJC+OF2Dgs9oTtmeIhafPfzmdLjksp//+dN+1F3D/3usxwx9Y0Vzhhe3kbv Js4dTfx61VTqBvXtP7iO3ETwbjjbQ6T2MhAfM4IPEShWhY7E57ovRfhi9Cj+z3pP/6qhYoaPVcXR KrHeGWNzN+U4fraO1m4qzxa3dQo/aK8Hf9n6F/vtVGQHrrSQ6QkIQJjGCEHuzKfZmgJd/ECVebWZ wVPEcZoSxKJ0ICYIMZSYInQjr2kuHzVK59nyFATSdlN84mrXYWCKDNtaM01C72tBQmNwx1k2N5/k 8DUdORpcSRGBHy1MG1R1uwrSwXMFEEjWdpBet2Nz+CzJddogyKYPm0rzHNs+cVTyfm1v19DLPTiS YKvxd6wbibVXi3HeKQ0bYtJypdDz/SMk/OX7kKmrAPfG4ba/BapJwFJm71rBAR8DVrvz8IHH1e6q J2Zc4nHJ5yslmSk8ayDCB6nBREZsbswZgHdgMnD9btMxwURn7ASVLLC5qCb3oohRUO4+lSuo323G FEL6YL7VZxMO1QxeWbrt1orzkLMI5qaXgVzfCKmWPwmZbGIIj6ndyCS6CUicafEcexwY5wy6vQEb I3v11Bw7q1DG0b7MZ/M5T9poZjLIQJaFjE8cHDpKrEsGxspnYPn7nsnUo3EBBBIKv/J6Yj+mU+Jn Fz4PBW6S5S3UjnJr98zTQI5ZXoRxLun47kKpt7p1rnlGITXRTZzPoHhPuokgWPLpPvMxl+WwZeVc FkhYFU+ex9vmOG22eD0UKNz/x8b0Dy1hH217wqv2DWk+4e1eBGaqhzs2HZfDFRPJyZktNP7nhQhd zBYQ+asyOIxx40Wug0LAIjwOAjWepajPzXtzLh6dG1S6omMw5lIhjheTLW+K0RmbpdA1UDSNVlhP mS+OlqOSgI/H8TlfH33v9R1MiWC1tbGszwb3vAUDJXoq9rTvz5bcXSO1+rhmXUuYyUTi3L2dXGw8 y5hL7IUZkINkbqFdlOkCfRsX0saArWVestG58+vmDO44kJPaSYsMYe5P8RigX11m/QzdSPCzwPF/ 7NX0hV2x8b1D49N6YN7SNxKFJQlV8egA3jL7g1H1ZbsN8Qpb7ZDiFuYYNkcP5KTQSzhFuNdqtI72 UOxg0A7RyC9YCinh50n9F2CiiCMr+zD6OmfEf9Xfat3QvGgQzTM7alCiEdg4hZkaPmJa8UUzNDRJ 68PkB17IhsMHyQ7tdkRaA1UbMhp/DES0IsDekbZKTU/sHGo1bO/mCmrU5IFV/UEEkyXcBvmlrrv1 V28Zmd0mhM7j7PS+oJ9X0+LEOodvL/vFZr0hbhVHAXAoOoSLXsRhyYFTjuQj8karaa94iD6vP0zK HuI61mRITjpmkiXB0C0+XBXyagJIIzVXSFso8Oiv7PgqDCVHVHy8tyP6A6o0d5DBQqQqJkptTb2Z Hwe5tfjWO7On8rYKJv6H4T8D6NHpJVxSc1P1PZe9k5MbaVDJmjJ+SRGdZ1Kp3FUFpnF93HZX6yzb RQSWfitTFoEn3zAaNsnpqjXJQNU8BcmIazWLjp4Dxad+kvh6Hgs1JfojdxVn1WZ3wqJHgvvugm8D 71dxboXEjmrbVEODTrkM3iO81g56FSal8sLsIMjh2cgh2/FRNGqguGDL97EqyWELVdqj75uehxs6 l5ZYcV2tHhuBVDl5vfAXM6bd1FVpti0V0HLI35hpf30MYYf/GTF5zAWibypWUGLGtbdg5tMUi7M5 NAG259MFg6QE4PeJbLiUrYh0qrzreg1K9JIAfSX6bpNCbeaswzOsGI/Lbk/cj30N8vqw2/2PmcBL VIN9IzAYdwQL5USvFuTp0J9sN/ertGOugC5UzOuL5wO83HfHhCPo4TUFekoMwNNSqXBK5TjlRLKS lKfCzvhT8Y445jpzTg7LkSVbLyEvK9XY8RddVhfzjir6K9Wg9du8RrLdb9W7TKxYU3BYCCQiKEpk yl1e9/NwG9U+bHpOhudDafHqLRsu8jON0TZOEjGccRFcJtux5jGO7d9o7GPfncpxO3+Gt7X5G1p/ qVL7DE0j3hXFu9NNa7OpURFAMxbS27vEAPGbjA9UCvvR2lRaHWNpmxQZn9tkNwl3K4P2EcEGAdDV BQt1lMeS+ni4p3UaUwZ6rBGJB+Sf7FTNMP+c13PZAYcStUvaVbbQ8oedAt5fr27hVeoYUyl/WIjq xxT9KKNwj5/eN/Rnq+hkVdZKKEFlhW1j38uJ/WkRr/SLF8U1H1+WFWUGPZsZJYa5gneZomnJmFCy 8UtKduYJRSWDw1pdkFxbgCZ1pfFmagI73KmhrTjAjAs1NJa4QBi5KyGx6/xWK9JNltyrtvi5k9Yj KBKkzrLb8FaXblWO9c9hPoPq2FovYYaJ79G38YYCgde1BpIMnS65Znh/rhke9v9fAxPblw8bY4rn 8YjAQBi5IGAFZNHGzEs75WsfTa910Ird83GXQYkG4Yxy8dfLFeWa/5R5lDNochABbTq7J2vu2Y6o z6vY7GaeaFDIukI+oQoVOhutzpHPPtYHaRuNJA7e109XVm6lAyxKU5vVLXOqZAXhdNSoiPWo+fMc kZKWRW9q7MdJff9rUf0ASKP9JJ4jM5xZV/vNVE3S+iELSkQnIZuCMWT5smfDnA3UwX1wQYxrNEFg R68zQD7zxZK3awrw1m5vuQJnOJcz6XUI1Wrx/Bagc0FCy1pjPNylOF2VltK75/2jg0Nh45cjjyuD rt6fjz/TRuwm5xfNFsU9POvKuaCp1Z+T6tk/IWSu4x9Nl4w49d0aOmXDD1g9EDH31bgI5EcNswml CJ7x0i9bkDl31m04AmSpa/j8SrFb6ytWnhCuEqjD8hO2lkipWcD43uRQvfHODTW1C+VfAMFiZ86G pDehkXzGW3oQD2dPWvju8fnv1E0OBIJIP6behVvYc22LevFZRMkUI4Gj0wiFpw93+MyxUQqeuRzT Fwf7fHGGbWcwzsGasyKPKANOgkY8Frj+ytG0vCGeKf09zRR914LENshYojO5Ov9fh/7DdYnZnxYm +TR6s5qp9RxJXtJwOS0+pZqocT6blDwe595KONq2PmownfNzXWnSNV6lmDXl9J8TdYanH0zdbvYh SiG0FzUBEjKBqdzp/KrrUfDXlZX7G+CoBayjiT/qKtjiK+PWzhDn23ZkD5B91s/nlk0E6PZ5uq2T LVzuYhowhuBJO4Vo1rexodqxoNhvneF/pTEs1bx2gHwkt0lefYfafT+FVIxNrMwdkLhiL6yZbR8G 1Aeyy/BfD9j8c6HCStTB7YukB6v+9LU/NygI9PIuFyXEjtVXoluolXWmg4mxpf7yWtfXKZwMSLyq opq4pKuGs2AqCI2gjYu760kpdBMvzjoDLqCEp3Jhm+7f1nPmRWNj+QeZE6Lli/BLP0TCUY0X5Wxo 0U8r9KHeXuf+Ayq013MaR0SVtYEVke6I7P65RKMcUdSxPz6Uij2mxhBLH49szHLfwTSC10FBxnxR 9cXI9huqFuakFtAnGril1MQ1N39fxRnd5pXwjxapaQ2RT+5hSHfg0bkzbwdBKYk/xvyeCoSIjPRD yN9UcrlNoUEtgYQn0PvOoZKbgkmDczD+kbpR+AjBWUf/+7hhlnmV0kohbMzuyMkzJNSrllqfG4fI B+EygzlZHfKmFtvAMvIu5yu6Zb2DRcWmfn6e1BbVBGr0xa9U9pUlyr+zktvRw0kkK4ituktfgPQO WOGkqqwDXm9bj20Eakxoi1FfwOOwjXYRGWodHWPWXj9PrA+RlBGWogBxZHrG5tobFbwsBACOURCo PDg+1vZHaZjM2optc7Cyhxktbq1SR1M7L86H8chqPQ1ImjfxELJLtWradenDQ8CN/GOb7GHXFka8 4H7UA2p/r6PEWF2j9WxltePGiAxZXOLQi74cb7yH1qxW+oAkNbf/bDVPSiXUpLWXgH8JXI5ZJWRo VIeZha659DF+aV4db3w2cHU7F7j2YmR5uMjFngpZMJxKztIe4TM5bja0kiMPhYTGlSsednmBF1J+ shUMEr9/MwWkw7D8mxRfsk3WbWfWJ1Qy4GPnZ3vp1whD/48vbwDIPGfvhQaQZkLq4hso8AHIj8lI TdlQgnvH0uerv0o84u4DMzmRcw5WeqOLakfPDaYX+eQ/xl8aX2wxPxm5pDE3nzUG6gF2uVnYbcIa Hcvnn3oEHua2qSgQ1qFU49qImxXTjNRKyje98cK8Tdp303vYJ4U/B1fm1o6minSG6WRDoa6pi75Y GWGBplcr56/4mTuVxjX23gS1zHsJTM5HeOO4T1EHuoolRv/nNQ/4aXOp5itl5io8+vhTXzafp4c1 NLMC6wPoVN/Sr/cSpwSfOlhHUBlAq4tXt/mPMHv2TYd6AcOKD/hr/xy3fahr02xfKtl0vatXT+2u Q9oYUBYFDVLBeKHa6otZdPLicgU0NmRaawpRw85MRdAzyyF1V9/IklsoaK6wMJ0zy6Azg0GS780G hjgcmUq7ZNp4FrS4LbABE4ZUiN8ajupSCrTZk4zP0VQv4RCnobPL0CUgINNr2sjwbdVIzDiBe+22 54K7u2YRDqF4Y9z8oJLMEYjfiIkQAAPGY6r6G6rdTLGSKd9sci+AVT/ju6b9+PNOOyX5prAWkCeC 38MO/Fuuax+SEFNfs6rH2b4y0xSZE0/AvKY85TG6WO52cHC+7V8ogrZ5e0IPrNkkEvJdD4OyqhGe ij3pZ0O+KgoIHwYbRWw8VR3eeXyVF3upE8rgN+4wPRz3yzF94uL+PoG17Sk8oPRDgt+Zk/5qiG8b A4j6/2/USeMFDakFrLJ8ygk6n+YMkcqN+c2xAlKiVk26skYJUh3jr7ohtVQLDx3kPlsU4J+uJrrg 0gZB7q7+6bCPV6TZpjkzOgnTQV1FqvcGovcsLCpmF45Qi9Ui8tgXBM3vPPY0phJn/k7yIGruWptw cBoi8PrugJ6kC5vSfyAbH50i+/gcJZX+zEA0QokRWOnDDN/rJj5+zJ7xv3vJecppxl5SrM5Ipe1x 2onQHg+3Pbw2dda0UK5ssPEPnOlvxkcKL+hWZu77ZmCPdyzGfLE28mdKWhSasPZ+r4/fQWtGcZLX izAjbrHYjR8cSUCHdreP1PevCq6509/1GKOudo1BOWtPS4sAoJpi2zxC4FVqROwf0jMmnpQckMg8 LhBnaFkyVm9yFg7ZWQ3WNnBrbOCutCR+c48NrCpDIttK/fA6918JuGd/edMPW7tKL3c+14UJU9Ch pL4cyVX9qCIO0vajzx5wB3r7ZBtoRPovLDc2b4Ar9/cZQkPU5TA0h2TFDLf5zo7X4EhD4pjkPw7h if67Ae9zY8S6/WokLMy3NENRHtk+IE9jaBe5qH1/Yx3p7aDsSjj0p+3UlkACnc8FIA+F8/VR85m7 uGxKHLHbz2jhNKZ6stpuvCckcGmwh0HI4JXLtfLI4tyf8+T+spIcHpkBz8ca9bc53pFXtYEP9uXo wxke4gsp4KOmHwrN4y4RCGYtPvHQN9ptzjmFU8r5xvIMXKG5lolyZe1VpQiIT7vmhOMC2PVvp8jn Z0uB9ZC1wqc57Zhth+QqydLZkuHgVFo04NduWop/0fVhYpIH86/sEeIhgR3SMDXEE5KVQU81fYqk 7HXsoUdT7zmSQK7C8s3UR4iYfi/PWt1x41qQrR+cZBNzsGMYfgSTq6Z2EhFyPGp7uXgmWgfxuyTg axKm2DTiC4L8e9qaKXQ4e7DA5EU+BDndna08s7DpU9D/PrU2C7wW3E4W3CyazH7BNUurMDMrwmZA SkUOOZkKC5tzpph4B+l7wVXrXllLUio7zbOqKJYrwKmhE3gPAsIWDXNq1x+sGrsmJr/M/d1zDxS9 iQu3lUU68FSOVW3bhXV6sEWZKc7lGeusQtpjtV3Npxp3rtGcxBN8qNESg9qjaNzTR6+i3U0VbtIK xQzPDxyn6l6K5MuWL3nDKTD7Df1FSaPN/ymqtJkokaTy0md++mofW9Fj0rIR9BMDo94xyZ+YnlxY P7xQ3KIIiAdm5J8kNqKSoYOOgw4tTZY2V45VAF/DZ+AQ0rfOENfM+jJadBFBCOVGdVNU3JwV7qI+ gQYC1mwbZz3ML7SWl1AlthVZisdQaxxQA+TOiVH4NMCjYVlPv4M/nwDqYzb24Eo4HTn2ebBIbD87 M5zBe/gaLUyZOcYKZGcfKUVu7c8mjg8TmXlGVF7WWlL/CW93PMadJAeBk519/zhaMFszBtxyo0CZ W8PWWf7XlmSiRYt6J3dmBTf/oMl51ER6d936YG3BzZAAbfqE441AkwtU2R1zt8Mc9nVpMb8c+For rdSJ5x/g0Q5939XkaXX8XqjNla8C02XFEvBw/yiXU/JUnQ2ZEivS5Hx/TgKt7QEHcUqXtIzmOaMO bvzJyS4Y4NHvuZWbPXP8uwpkBx1NEIZvatn3LJ0By9Y04E9ifbfJQm0cLfqvwwOG3CD5pepXBPM/ Q8ayWBlME8wIm5a3rVVg7sqLBkP9UUSN6Id2vwOPTZe/woKcQZCnTS8lp7nq+NB2B1ydNGGoKIIR SD9imtlIiyI2q5fBV2fcaUDSxc4OK/g7Mrb/crWgHnX9sEGDQtbc19SnwvDvcQcwcFmgT+oNlK8w 4lbL4Ogc3RhKeVhqEXxdjdYHnYWYqMKpKofSVWzd3GOE9x6JFLzEuoKOby60zvwwM8X/nJoaO0FT Wl+LCBE1LMX218SR2KH4YgWw6w2OuFtnCwUgaz1rB36SOj5P7fP0war3rMEbZuO5YTDFcT0JIAwT pwGwHfdoOmtTCCDja6UANca8qQ/qmeK1PorNLgiKdTGbAiuBgB7HdBtf5T/XamwllxRmPgMkTObp DttztpRxjgGcbOXVQokDRa26EezPJt9fGkj3uMjWdEfhuXgBBHaZaPti/cqiYP4Yg5O45fczsYIL iPJjn/QLTmi3QD5H66wBPUA5Xnymg0Jv/nGNgwumRdbRQ78xA/4vN0sqnd/OY50XADc3xt50pWpA ZFdTen1Cv94Y2hTchWH01cxBxzFvzyQj2dIsM6Y8L4jsx1fKZLnVi+y3PYzLJ9AYBAaL5zUb41N6 165oT68/4WDARC9Weu9SM8LIEQSAbVhK4J0ICa1JN+ehQAn7ygD1pYQWZ0Ja6GkLp6D2IGLEX60b NBWYIi3J67X9XJJQi1SAmp+A2oF8x9LrKG5q2cO2k5037gtpmRBcbykVfn1V4OgaXEFr+/2/k6KN sbbrDTn8o9XaH2pOD7JJDa7dmd5+NLdGKYLTXMmcqUdEKooV7QADlsNJWt6EgB2kTEc7CvNwP0zH gHpdk9kJyOLmb68miTZwwleFEunc5bTxY3m9WhmWFVcGX7MZQnz5+NaHdmEfiIG3vy4RVMnELbKA idhTLC2M3w87UJmnL1IxPgrB0TKsQNFT6xk3PyA1EccS1HdqPBf4ckzYe9GWpFnTHdRpId72dd7B AUHkvTIRtkRV7SIh3xskpEhxpxw1+3WmMOZb7qpOvi9AYACraUILvjN903xArT8MCGlZvIXfbvgj CXauuz09VLv4BpnKrLGXr/FnaaFv9vb0sIZIszOlgtSx/FNE0lODea/LQ7pPmpSL1bh2y8qLmm8j ai3/RzgwzFKepvdq26S62akAwbOvv3+v1sBsyG1l9vrqDh6VYvaLkW2B5z6cHwLPZYp7dKdK7NIE mKmYcqnIQ5r75UjGIn5x0booCXJAsC7Igu1YrTQGbOuVUqAPYOxi0lgjurwPPtlfh36Nw1wcx4ys ITTHqlaplx0C4l28M0ZRkaj4TtbfoKHuSM8y2GdjDuBQuQxYTmQ6zV4sZcb1F2vO9i4wqCXUIDy+ AhX/RQbnbPYRzJARltPIHpBQBYs2YtmDUzB70hblwlslT90svrHoPu+tforcz/p61a0GPQaJ66pH jGeMn7jX2dGfXSp3Puxc0FI2Isua0umX3pliA1cMBn2tCIzUaaIJrQKjz1OkEQwpfF2uzOpm7A7O pGroUUFj0LyP4czfBq1EKNG1UDoobOzZZKrEkWvdP5ykpLxmQaoN9CFYoqomFPXyhxg3eLHkFdjZ zrItiNm96SRDwU2mTI3yudqYR+DkVQBwuNWTulb/0Wt3/NxQyNmOvYZeAI9uFpNBS1kwcpUz9v97 fWoOPDfiaRn849SDvPxvclojJxMpA5oDqRDg4wVcG7R64W6kLAK3tWj4qX/cDcZsomNupl/TUimL Kg2J5010x5OsI4hruNywfD7emPWtpuouYLxziIPI6KLW65qFIAC+KwyAeGpmpzMSajYU/4e40eOV FXPFgt6eHvxnGhxvj3/Ql0hIrselvNgRA2IM8S8SADs4+BqQUon+ymdf4HqkLYIQFxVxap1fmaU9 dPq8P9Pkw8eOH/jwWUDDElWP4bzZGuRGVtsu0agNFKVVqpNv7lAvDln2nKXUbihkU4b+49N6fBpT cTNepQhaXzNED/LA9Nr9CfvhDdebU9nCj0qmuhYj7ybve+lA/AHs+6/FBfASAmwgqFk6U07wSSY9 vO8eKz2X3FeqzmmdQzK+PbleQO1Pt0riawEw7gi9yZDdjx8WM5L4Xfj2M90hR6YS4Nxq6h009H8+ j5pI45PP2hZUto8ix8CIMsoOW1njZpRTvPgtANfE3c/zOrh1ufNN32apt3/NqmAroSvWWJhkGnkI BNTPNaek80bTvuFXBcxykOHj6op1UUfaMk0wbH5OSrD4S159frXG/COdPZ+RNsoS2cwlWpv/3c/W JZepso6WEc0aTVmdvvyRVLfqkbGMYI1TW6RdpkYhlvfuhFRDMPBK1lsG/Rbv3Daz7bD+tB8NI1fI Dvl2If82MtqdQKc0WG/QNB/XoN0+I/WG8ZIbAcserI2pMlaoziML6H4hxRiDmnwBN40Ue7g14k1A FpzvpFrggJNvc4gRHeMYmky1jLKNkOEC6Hl6k4pMv8HGIiXxeYDqPnw82wOmlgvhMKAZvYM8AcHT GIquTix8YHsQwzTiWZrqlA4vIObz2G0QxitHCz/cKcfOa+lVmcHZIhQDSRhXpm9PFo5ir7GObjDg Eq4S8zhCe4NaqkoZ294BOB7HdSGk7wnE8uiHZp2qxE7NpeTa9/L803ERh0hBlT2r2tOX4WkP8pSL i5RCqNeard2hlhsaow2Hjj/XGgXj5n8Bd06kdxoafVIljKt6EynwCANU1WDbBUO6N7BhI7BB5oVu mHr5nuXjDH3OeV0cpu+gpNP1cA9LGrZ0u71RkQ4GSaYGS9Q4dDQ65M3hcrS+NcwJfYH+kEgJUmRB 058sRIhuJU/ZNSl3bDkxeGU0LI/wktSdZBN04104l1uTyqMMMLfDmZItSP0RUZRXsN6eH/s8PL4h fWPyORyk0EbPXZ5QiOeBzT6PVuusmyBk+Ejjrd4kzH1sra2G2KYvuwJzPKA9kjtR2NmEddzVeYPv 6ta3Qg2tgcsmrUk+qrDg8HlUAPiUxQuLJTIPeY8Pqrjv9RduOQBN81OnpD2q1YYrieeI+7t9Z6w7 M+l4Shx5UHp1cC6++EnTtnn9W2MYJg1fBZHTzF9/PoQLgQdW9OEtrdK0biKjItjA3khWqGbSdZ2U aUi7XEi8/mErED4o+A2BmcSO99s/neZpk9PnBs2mL3rmZkBI3pZ5Pz7LKuPA5CkcW2Eaxj7npr5l v6QmBNhJxYSxHzAp2WcOBQ2S1PgrllPLHTkQ64ES5NyfigCazqaWOFz0eJZxnKbSHP/31Ro89/8n ZVa2ndNkN3Q3zzNEJ6BXXl2UAIj4BipNFV7dI/7cDNQULcDP3Gto7s7rj4iGHiuXskpKhtExhNpz 1YmWDnAMAbKNEKHWdqvEBHCYKGtPghP+nd9q1bqugsrSJiipUK66NfPjfpaCAAvNljZc7uFxb05A EtspL7/TmBUQzHftfrY6v5clG9K5sYbU2TWDZiUwEsaRGmdr877Iuzty6RU26J6+QFfcBfMrqRy0 BqAmdeqQCRpszZN97qNA+CA9prBhljJtOByK8XE3BVE1fjIeThWxuk+Ut1vSUxFJiEmRZ1J4R6WV 5i3FOUQErpT1WiJ8TDk6S7hGGmKWWkEjSJfi5UzHNuk+TI2+TRs3m6ayjhZFsaelGuOjmA4BTC3H D7iX3Ki95820lXGNtelqovSGEocWe4Po5x8xxco8+eBSwntrnYfBA4HNkJrJDesVu5GXPkA1kLLc Tg1ETq9ehpFByZ5gmL3C9ELN5uBIjsEPBU+rS9I040iJ6EQZR0BgKmEGqP9aFQRNkfTOzdXJ6ryn wYVxRjS8BWon4jtgZ4TNcvjs3/KuHGe4VE40VBfkO3iI+pc1O76AMYPMXxgoK1lZEtgVGu3e/9Nw EY+i8yjIpwAWfPUNSkiN5obH9E7YVQ+dBHAMfsBn8RsryPFofu1iHIn6mzTSsnzKH//M/HCVI7AX HYFmZ7PwvynH0y9vJTbpuCtpRSdXryiweMN5SgfE4Y+N+WSV9hi67JT/HcaLpMTdfyVZt70aD6mk jJOb7XgMIVsw39sUI618PdZtnvclsEDxe6SMvF+5vw6K/PXSZH3/I2HinWy9rHLmsxQWorpthU5a tm2GdJiwFBlveJ7T8dq4U/AJgMDb4nNBItWkIPII/s+67DyT30Vu6RwWuM7f9Goa3MaXJBlkMplw WGSQyUvOdLuXjOMToBEWTScM2sG5Gx2a1vG1hny0gRUWFOkZegqaSHGNly7rPhgssC6AA9Bm6S+v vDGm9NxS+5Jq2ftaqFUnlZI3bf6/VMtP1gcj1QAprPncdm0UvHQ1fJryClfpYzuQ0Vba9AqOGi03 rLchPNK5+qw7YkFij1390ePhWocTX1WBx+hA+1pTRob8p0xARg6+jUE2yjqG2zzgE/OykoVC4PBZ lCngr8VDtrq+BPY+bvjisXZdT7BikZ/MH9lniXIPv7EZ2pDiOja7V3FM0wDqsfcBhjPRnk7anZaB yx3kuO2UjnXuLxNivyu0e1kzYSrU3Tm9GAesMSVg8rQWSgvSq+UbVMgXhHUKkClpOH6n0hNQbkLP gCfOBj/mmVPOXr9M/OSHoIcF1h4l5GKF5OPE/ZrB/x70Phk0qbV+3TbML4wlloUrBPLXghpaB6pG uuihTG3Ph1IwrQxOf9EmryvnjQGv7Af/Lg/Ai/DRcYP4WeWQhj8/28TkKW1Ov97gWwxKOR+q+/ja CiqAozBDlSGlukRN5frDY70jgqcB2KYFoid8n3tM2hM5FAUb34TIbCGjHJ4KYxKBlsAfbd/KvIPe cnV5V3fD5mcDjvVybmh8ZbiaZsZRwThC1qpFOMF1y2iNVJhhKauuMsb7tvslhPC65A6B99hR2/vl tU1STwsTmbwx7ptq1/ukiQ89LRyAXB5914WMM2eIFCFR59zIGqXyGLwIz8zXyD/WcGhAeHBG+W4v bDxj9gssq8dNsinR4aF9Wr4t9sfMcf2ul1JccUAOHT9AVr8NTe42knGfZV4Jn3F1Z4PC/WHZUmyC vRjaBe6P1KOFqN8hhx0Za43zbCit4cijupgppE2H3fQuVU6+rophkl+4LHAaD404y7sASYan6lzZ Ng0kWVjo0GQdRE8mNjuj5GiOAWKWq1qhvTpyUAV/U4+GQ9Te86w3Dzsk/vqs6L11rwYVLkqn0v7N XICMcgYppsaVuJ7aroFqLP71T538aHcLaJKNbhTDv0HJW3T8Lj2DlOzKRLP3ytLdqs8w+2ndxKy8 pz+h6yx51ryr//QYch/jJ2e8O9MJ5Nr1DmFMKICLY+s4S9n1aLTBV7S7T1Ot5tUBfWI3+9TRt/ZE D9tLWgL2Me2TRrpox+4ZNnGXzB3J7H58y/XbTqVhM2ymjAuQwQLHanRePvvIJbTmbj8lFLs26X3r urtJHwZnj02e95WSFdjyuinkFZegaZgZRwmPyOh+DO6Ql+e3OOT9N5TM1RJs/7nvPuKTbQbmAb0m A5m9kbgqB7nDQbuQNpz9pm4xNFVAt5yeo1+Jks0M83j2Oe+NFzeILIPC9Ho3VkqagGxRs1doWIjr LI+Slae+76KtDEqmGvekHoDp86ugvK9tqD2RqZoai+5mfuBt6W9Ss1vT4aa4y9iPmzkP64kg9azV Jtj27wpxV8uMpRceU7WMJPyVh1SWi0cjJCy9Rr3HWbcUFik3+4boopK+YbbGkBV8MJtRoQjQ87v2 GSbKeUkqG2CEnkFFMJofHKRe0bBt1DavQbfyuYhxjyldWHdMQar/aLN3Nk4ZAZaIU3uYSdU5mrA7 YhhUq/iNhJclCAOuei3ScU1iHXUrOp2UflG6W0ZJNOBL+PwYAK+pmsAIhDTkg/Q0BJaKr5CIgtT7 uKCjmFHJ5NowIvr2uxZKWF9xWN0e4YxGsGfjfxwnTKrILj7EXcGHQWLavLJC+6XtJpQZZHYO8dsr 2GgZ8xSRNDR8wFXfibDaR9zp8ceuU8zgws9KmJesJrVDsqsSrtkEvKEUoFoNPGKfi2/CeeORm8TR pRagahwzKLk38pX/xe4eXQq4Fw1/ZklQMuwNT9LNDvm/4VKHMHj7O3zanmdrqq+gHfo/sQQWTDyO vPQmcCVvtQYvuUqMlvHPingpAFKwBCuDAhkgZsIC1HKBJvIPE3l3hh4Tt4rxangGUBei5AQX8Hii 9FO5HhQYYMn0jKI7FUBeNufWavOVO0i/MXAn4mDAOnRjliddJzHlItrQBkriHiL174V2o4su8bQ4 77sEqx1Ov92ahH+r39YpthvvK3Ua8OTb4vm6CFJrqwyhFtPdYe5pz3QpHOszbExjAdR7X2kYxJr8 CHv57yMyEGSP0VynubJvx12x1bpJpVYX1W0JUuARvBOuCB01z8++hUfdacK9S4BJPQjRwX7BvyB3 0zExFw+QkurHVa8vGVL8sHlezTdCPmm0nxDmec+YsmGysoiHgmMySOJ6GNxrSA7eps71oVM7PgpL ujdNDQDzl5ptvV9WI6tu+vTteV1Ve/VHwOIuG9rfNIA6cCfymu1mejSQJ5z2QnbKlsDdiPz3W2j2 5FCl6UGtBv1vh6uDnydosmkHUkxX6BQKU5rDFL5P+ue4IQGY8ae9rDXqMroeuz02/D3W4NehFmW0 6mzMwQ0ESSg838+p5cqbnovFSxDI5OAeBcwxKsJmPl5WCprn6sOPhWFuU1XMLe+3lVlsy7mp5+Xr ml8SP445npyGS14yE/x4tPug+sIV3RUktIDpMvxpRNsh+0WOX/b2DLi2rzvTHZYCSCJyRzTzXWk4 27UF+ChgckY+YQKNFwkMF9WiQ26fCresOj4IWm74rNj/t8gHlYQ2HpZgnVnre/xuWgWDZS5wBspE k1jfPKf3wCeP7iiAG8IApTAI45e4cO1Zfg3QzdXBZAbIDhir8DIm725TO0jEDyBcivJDMhFGkJzQ 1FIJce2GVkHmYRB1vvSvnccBwb1/LBgo7z84O+Py3OBs6LWZ7e0PzFqqrDZll0TtsfXwLSfZV0Iq 8OhlQP8bqUNCzBs0awMjJcwsenj3AWn9f3JKa1Y+Wp/T2RdfOm9qdrxAouGkieJeEhQIapm7GkgI dgpheJCjB9uaOKT1BnlYs6/qYaumumt/4ys9CBaWjDHdnleTWCEHd8rGX0J7ybJym3FQitBGw4K/ Vh67mvq6Lumve+0oMktBJuimuIY0pBYBiB+SOUxJm607+KA8JgXhCZbDC2ajHUxAXZ3bC4s5sPcW 3hLBAUAS4+rEKjLPXeMWyH2xBVmXfiAcN77c34cWWP5/63kcXi909xAEBmKRaY+fFNL0IqCcoS1j Y0G/cWsQnV1coxR4OvsLb/SMCYbhy5oXHRk+IAEMYq9zA+Hnwv35vFyKtuYisMieXxXuDJ0Sc1Xf DEpG0BAJGNVvOOjIAuOW6JbYcMxwp9dyLTukcF+Wf3u87IwJ8GpUeQZxFVvzQauOMNbsLrYsFTUl iqWG07wUCNAoCQgkdWb78vLxNkDez4Vz79iWvb3tP7RtNNKWIxt3cMKxat29Gx0hc4txbcOFycbE 3iRvJUfTiHu+n1uLqVDUK3dDNb1Hph4xMewNVvE7OHu1Wa2U2mM6H0CXLyUuZ3za6XAMKp5PqFX9 NKBXwMBggrsmt9mCiuNKorhhkXmQNH74a60kEHYJm0AAF/+CBnm7CH06ipmStPKYpJqCKVMA3tUK rnWJk44avOMsi0NcgDpUPGo4TrJrn5UgLSrBApVnGEmWORjsWP63gjUd7KaZK+oad6c4bvoyzoVA YZUEwb+6KUoyZdJ5kpijribbeHurVGCy7glMYkqin4XgiWzR19PvUW+2tVd4YFrYoUEBATmvAntv Ikv8sC/teowFqvyIwKaObZg4dcZG3b3najkNTM493FiHqs3qEJLqkKUdGfccLTn3gZcjkuMEyRvK B476/QDBPpdDgoYTnqyM6Okfo3lYT/EbtlDJkH6KwVCp/3WRp5FxlSXYIOAylCl0nFHVsoQOR6tp +lKKYVyTfZP80DMsx7f7/lLO123ab2YwpngljwPglmarFgaYfeTnYvtbKd88zdIwbsqSlvEYXw69 y0/ncbC0UqAfsL4ayzVCk1t7KOKNyYvU/HMyLnLQp/WLcii3lnmzVb11UL4LuaaOEhD5aKbz4GBR OUab4FCfb9jdiymvqljVTyOfRREPK+TvgO3pu2QxmXar1qQhRRF3wa0IAaNPw7wejqXTgU9GzO2p yc+BWv7RfK2NIEI48/4M6k786kVMwYXQ2/R9mWg9K7BDfjAWMSLOFe/MFsKhNNwngR1jXSsmHrwm RDs+kP0ag0SOZ811FKnKgGexiQtG/LdS++2bEKV+UxyA0Khhy4vPUc7V/NRohEcxwRMITct/akPb kh8c5duB2s231jPOq7PjZTWmOd20Lx5MCu1tNpbCh258AxcLVnQKlPHEZKPGlDccWFR0aOAYOKWn 7H92tFLgvX2lpVTgV52T/9uTpPFvHXeNjFnf6hYMUR/0R+QxkJVXSXWdGJLQFG2vt5kdO8EEp7iG nsr4aAY6gxfpUX+7JT7YU8mH37Almh+J5nwhABfkopKkGbxeTs/jnjPNPAOSQkmlppmjbCUK5cnM vvCyvMCWP6Sg0I3blfvqb/Rj7ADjsj2ZwGAoXLRgmVMopdf1JeaUVYDME4OK44g8u36nYmULOIu6 MIxqYJyWKJX/PYUMZpTMy73CrmRLQIxlE4pLl0gAg741V9sCwbw3J0dphiPbs/lkWkCiD/O10ktL fs1GsA9NdGiaCsBUEPRdlmsi+V9aXkBWLhn7g+ER0p9lQWBl7W5vUV15XuWU4YHPkLaKyEXy7g9G iKGAC4+T27qtubP+ih7N2mFv5NU6Z8BtB9f/VcrJZOuTNTyOtH+dRP1GsdXnwGk9c5viLXDs0K9o xVgALDHdD7UmeOpLvPoFyfsMVjPtBjCd28HpTDWuBMCyb04Fa1riGBJ9NrrUAdVmnGECcCoj4Ob8 rJoQ6pM00MXmbrRZoQfbzIuu8DARlEM8h/aiiCPOxF9KXBYhSwn3J/DI6uHcX5XY1gVx8Tra7e1y h+zvOHqllmN0GsbvWQl3bu15ySNgn6V8L9nICWq4qFYcoEJxZWQMbEskowuVHs++UrDMNcI/UbaF 0gslzNgV3Jye3OhokgcsgBR3yEeb0CEeF3nQq1rQvGSsD/kI8QgLtyvaIIdywnzNbDneu/MhZI1F B3FM01URlqKOycce6XV4OTeuGXHbMhJrk4Zteopsi35yTHfDMyIkNGB6/+Fp+VjH/Gfx1OCo0gLU HKOOa0qGGrrkCVjjyQutKFD4UeFfUr8ZLNzRAV0vtgRA5F9iacUR8zdEA2AvrMLzfDZwvGOiALxu n9v9QPjVDYz+LmZ5HlvBjejvh9nAPzBnyZCm8iJVxzZNQqljy+2bLtF+G432XoOS550o8l2BMuB5 YGaSmxBJvx7/EPZ1XpYjkh+fm+grqNWDzAinzs0U7c1k+ytHhhoTyUUSYK4rksz/HR7485WY9mhd dxmat8LbFKJkutKlV6SIOaP7cCFoXd4sG4em9DUE4d0o0wctwVhSr3KdQlvl2YvETYCIkOUR4MJV QOP2xoxUYGVFNaNaYshmLDXTkZ3dWFF6JeHqDdSvRxqJvce39LPzC/XDgJG33TiuJTM6gB2AYQwn N/lZk9J9cN/ftRMQZQvyKaEuX27r262+CnGd1Q0h+sfB5NiO9BeF5EWdCEeii+aMdeTlrGNW2DOI XgXauSRo1ItdfGRaCGdQgC10orGdWimppOBxFmS4VF0ZSAHeYukc8CaUTZ5eZowBHCdc8tuPFyVP EhYPQphYThJtUxXTJdiZUMmcgB4MhyFLLa15AcxI8yIxpcJr0Xqartaxe225aYITATEpKir881ae NrSkOctvrZ9G4ZCoD6vJeGlnuOjMO2xiS98pgd8hIG9TpEEoU9XjQoD1enHna+YR6GT8zC8Hl5vd XvkY4aDrKbQgSPoAYAlTNJPkYN8R+cyui+07B2NhtAsL1SiK1Shs7oT3Cu11NOxtrlJM3KcKBtzh I2ybuJq5zQtaM/65jYokA0qIrxYkyMV4M3WtQAB37mLcBkzFhdkvPSAY/II/fskb1m70GVqk+ak4 dpEAYeq7EA0O3n/v7R44YYmi0XdVnsIJHB3Dyw78MR8KnpKAaUp4nAYgWezlfSD88mef6hy/M3mL IQUwpYuPV6QhPylj9cywQGBPgELaPQh90pEoPgsS8r56bSyHusQgwZyfKG1UFlTGlqNO6UGWdvn6 PAeE/eW7LVtpUfpkfj8Ac2SwaEKJXRkMA33dVbspVXjPYI8OR1j3R4yO++SEaLeZzJDDHjNorC9u AILgKfwPAysj8qInNFW7UruSixjFzQGAJhU9tIGfsVabCiOBtuOjsL7dq748ipjiKcLzekWK2yrN ATuRdFKekv3NVzZ5VDTGPH37XAT+zONRWnovDsIQ79gi1WSZpQdWnMw6rlg/lOZN4YrpxoLVdBjC fr93/QfEsith82nM8HtyCNyrwdtDV3IuHotHS96DvgaRr6eTfX+uSrzLnMhAHrYsKlu1PEvkqvJq nu7x8OXWv7TyKiLlSEzfKn0Isxmz0/3O9VgugeClCJEYuVBJImSPc7/n/jr8dpGwMhwKBWglRRyW A3EbaaKq0TMvDDrstXl3x9u6JonsokoGcJ2zdYB8QtJ2NP6wxsJmqVrp65yJ5rom0qXykPHr74sq EhpxI3qM6JdukJsmw3e7IubIJY6HHoysgXVEfStUgVyH89ztaC7JcpVMinu1njduzUjsi4AUJkVz XPJCCz0KBKhtugQ88RsUdhDgSUFfCwkpMDAK6lJVktuiQRtKsKRH77REagkFbIQfVXsmFdkzG/er h37QX82Z2zfJ8OQaomdeqrtPDle0WBrKwHix3qhK/pChGTvWpOY1gxfWAxvQf4OrchV4TceERLPC 2DOZhNiJSDk9tPUfdDbMxHWlnr/+omKlCM7HAYat8n19O7cRfQZ47v+pG3+T9kTx7bH6bHx1Rsre rvZA+w/6KJoOc+Gpx0ewaPlnPRnzlib0XoS7HxtSiiiKWWkvxaWhdPEk+CDoScs77lJ4HKFvfXhT 91y7mQFuUZ2h2d8jjpMYv2sZYFReZI3QMWTmOCmONhCABafm42l+cYRf70TvJpaHl4IviRGVlayD Kjr1MAQs34kWeHDwoB2Ag6EH+FBLn9NakpXvbICNcFyXkA0wPfkohtKEwHEjhKblt6fcVaRa3YKa PfsPze39TsCUnhEqCPsLa0tJc6kvT30wVxETt2+k4KpztLebKoDDrFOc9ck9AmdHKTHZUHJQTB1q kpTAdpCnU275P/Qo0gbz6kZ+a23vpMoA1kw+qiCZdhRxXHbcIEDBQLH5VfX2OCf+k/ZMr3Nn0R+Y GOViVrlxprpmxopsYkA5UfsLzsAsj3G6FCMSKltHiXfmsBzBNmb3E+IOCX90EQ8W68XNT9pPWzgh JusUXD+A0xVRXm52GEOtA3IT2o6c2FUTc+CYWcPFmHIXAN5f8PC4Enx9UTjx2mcr80nodxD3nuAX 8jo6v1N4l0dYEPkC6Pt5RnKrPz8ahA/3wAItQ14BF7qGztd3IGUAjPk0Cx2UiGQJhZWfiGgbMJR0 C34PKTVbjQ3nQQJmaWjhnNbK3khG1GWBSpSSKVAPccX3dZU3xo3xhHB570litV6zLMe7sCu5Dmtr LVDYW90C1KVuQStlV/n1vtb4+TlYl4Vuomj0Q/WnkMwsoOc9EPBlVSEkz4EJO3h8+pUXv7QP0tqV 4ZX3XDHNICaA+qEt7yI+PY3FGcCS2tiYuY5QXd5116JY3Tl/chUtDsILE08L5j3csnLcgCS6oL+f fhf7evgtx1xoSAyDlBxoOueT1lzG3NhLUL1GlRnYq1r/bOX+GM9VI3tzwHOkp7EV1FQSp0dw1ZKq QBYZjSS+lENnlYy5KOK5CghZkb4Yn9Rt5NCBiY7b5hifYen08nMDrVo/lt9wMWL16Ak0HmCbkMB/ J1NUBM89fp6GUHWEY63C0xFgl9ZeAvbytE3lwyvaKTx21ziRsEjPA1o8dMuLInPXe50womlnB9Td zaX7RVL/6xdjfITd1OUG4ASZ4kg0DthkjsvpTlghRIrMBE+tHa6D6Gmz6neRKM3/+4+oosU5CwnY LqQUl30Lc6PzhN0HxY5tB1OtI7pvzfVXV7qz/cPTmIjUpIdtHNKH1VVTXs+fb3g3Z0hkYBiY/dT0 EFZsCTlsPRYQlpM3IsfI7RR/qmGDDVrbGErURjBhvAd25oxcOWOEhpl+DHo5WZXRb/6N9eMaTi0M PhMqCWIimwcjF1xlh2WQ7/sko1bWlJalD58XaqN4DZuxqxLk7ELRhba6ievjOsI89516lgNvNu3Z mBuH7L0DWZv0QWE+5svGd0hojwTlAiSWSwHj2N8nB2FhYugSFHPvwXnk5sK+worVHDS+qSCyW1S3 A5EWLJy35hnzX8XNAPq0tGQLcUHZdEDOtVYAk9UIdiHNWVLs08RJf5tL9LozNVBRFMYVbsuVl7tV 3iRa9DcjuSFyvpuHyyVrEmY/asf9cxdhnKCMxg/bir+UU+hQAW+d6Jzlc3+7uiarR9dehAhk/LvO tzn4V/y6Vh1fnD2LQTHHKfryrbVc4ji2cytzI6rvJj1DKGj5Uz08eq3M/tC/w3Yhg++P7eJCjtic oMBU/BW/ZcDbNzFhcds5t06A6TdeqQZvHJkBF/CUuibQFgfcPsr7M2CC8MbDWI5JN48fZCBtrvu7 STtNkqrXVf6xbCIcjyvkEGX5EmE9AJ0C5R8XL0gvUe7qeEBESv1uuh6Sq25jxk7062OSlSxz2MmO WQFfgde75z6Bmkvzj8GxomV7iSdfx9XS0hekDm5+/kuWpFDbe4FmXsOgEMn0tzb4UdzeLqfLUBFd wzDGqjf1MnIfzkSuJgc2tszXFLR3oJBiBg3/AkOui3bsAGYsoE7lFWa+ljNgjJx88IgyDTYGrEJf 0nzXKrd+SOhXM5KdIPQ7CuyYk0rWwrqhHc73xm0HfIsRJfFDRRjVPNQQvZtXyJQWMqA37e3Cnk/s HyJ8N/B02x5+peDWzRT9cb/dSxDlXnUHz9X5dRBeFvC8DHU8KfuWwKyc4+KDnm2L6ox1A6RlyGli o9gK9AZ+DnBFh1o9O6tIA7RCETOK3OeIikGrz3F31KKdofeEt1dnYXxZLUEQGo0ogUsyPTo0TOUs LAad533e8W9LzbKL/LMctKhX13UCKF3jc7scwMI3DtBw/8tjd+/aMrnQtyEjbYyIQZgG8DyNX6B6 s1dEpQ0IccIFzHDyT8e3g+tzm00lOPxl5Y/WiJnlAqsLlYCvi1EbMbsPRLd8PCg4EOjqH2iwNyOY U+oNJ5lQG1R4Ol9eGY0A85pEgH8AExey1CaipDO1DMt2Hwin+OcwDUlDAzNpAo+4lfKjSwWWI/Oy 2aSHlqYjxEAlAmFBCg3Nn4eExpSqD7jOScpwAWa/pIRUHps4o0Ynh9fQw4zT5Tcb5xG/dxGo/SjF lYldGZ757WAP5E1n8L8eY/Pz0Sc+wkF59c6s/EYdq/TVD86KBkRDn74/oWUfP/tYIyT969Xp1FQQ hSLT3yc13NEhE5MT/OKz1X4l6MJfwHvXn+Qk8/IzDx1bTXvZQoww9F2aY+mDcEIP5WsAJgRlwD+x WeifW/4h1bdA/UueFuNf5gya13TRMvKfBXLjSWk/C440M5n02wgysy9ayvwApaJqVjLZxBesdbEi 2DNVSeisC0YYKMHrsumqf1VWgmU2NTE9RTvgKcIUiQDkZKtCJiJOEnH7AF8vIqSRQysRfDjWNmTL f9JX4DzUNg2HxZxcBRbPwjZ9968nxY5ruydAcYpe7RSrmWvbrfjDU4+g2J7Kp0j3HWnsOqPwKlR0 OIoX4N4LGkE9PGYaiHfeu8byAEvNZXgTvHUwbW2fX7jtrgXMRVIV6L0HJliopR1vRfFDogSICGWT xlWZ4AFJCBjqeM5YpbPaJe4zH4c7TBc6BThNxDe/a2uzQtLxWhSnp8acP//y1Jf9fl58PvaXcrBn 0ilWpXTOb8FeCG97iJEGVLKVyqRDeOl9uyD0hijI1cEJKW+NSTW1QQXgizCHj3HTFOLrqtqUlWYu At6LdrDbK1fUGhiuDXlnyNUJuDOEmk3N8962k9i9ovN5MwuoT1g9ajSnm90FlxhFV6Tf+KQ2niln NPkebVP7YsmKDIdV2r1vOkrd281cMYCu142hvMcAu6J6zQHYdmqt372Q8frGad7BqZlN9orfmqSh ErVJSW8aOrT+eHsn0pI7yCal201fq0as1hFYKSxmfBHHRnE4li4G2invXtFw074V937Ge0AR0+91 8i0j5bHNDlhvpurqYUcDnX45xY/Zy19CwBAwE/fFHYSca5ByREuGDY75cm1vBYaDqzbdS05bbA8E /lzH4J0ZQnTw4a7fM0yLlbPK/3fAmQgbBOZJuovYS6XawccXaCmFTG24nLriDOCXQeKgcQsfqq4D h0XCVnSvNNoLngYmFXrqS1cs0Q3aVBx1+CUkzf6enoPPE/kKsqUcwnQ+uwFPknCcvYu7bmalCArT IZcKKAqu4EriSlZg2OQrayvG6mK4+wVBzTHyrvgbof94llDw72q59+7VC1UFhR1vILWf/cdaZAg5 kY9ytenNbhJ3mskMDmjZwLEt9P8S/iprAPoSG3uA87n2XLRKcDamJwKv2e7Os+FXju4VvC0eWRpt 0FRO0kH0yDQcZT6iygkvn4II7AhorDNhvEgNAXBgj1/ncuqqkZ6qFaOnzpTQ84jJCHP7IeYWX6hZ bjBSRQGgL1ktNBTD+HiRIVB+O1nAFWUQJ5dbqMNVIL8J6VaYSrNJNxsEGaLCZF/o9aaw4x6KqPu6 N5Nmtk3kNcLcCTSGc2Xg+myrEchX7uhbWlrgXPxas53CVAWbp1llcfoDzOsGR3462kCqkQMGnwxN nWbhfIgKW2it0PNQR8m/6Pgll2X2VbEqGwLY4KiSY5Dtlqo/iuXQDIhXdpmDE48Sj8AbsJO+culB aVwxWFx9qm6dyS3/wJ5af6Tuj3FkAeRa4ApNpNK+BELUzIjWlAupwxM/gFLChAn/qconF52I8i+L gVhcA0PPB4DN4fxgWXrb/dRR8P2YVRstIgQicNglEIalMCgy6zbpq8Ra0nViHwZ673RmP3aJruRp 7upIk9IcC0YRbEfyE/sOoxg/+r7KoHyKS3elI/xCvWzyNOU5emapYvrehrgrXBTviBFySRTSaHn6 D5Yv7qokaQJRzvi0B2o1hynAXaFjVD2ke7UpCrQ7dkIAQZMPEYTbkPjIHY+adKY5J9V/XA8CC9SG cdnwi7RzDgDWYJOi6bNpfLn6uxGTfU5tmujMM/j9rDLNh3Q8lTHrJ2NeJpqNXb3GKivNSLIUelUS 4UJM5nC2zekp8B010MIaUZ4NtCq6U/ON0sOx9B/5jeyzW5FjwfbTEiLBTMahCwSZSXW+C6uvogR7 4tVd7ALdkrO1IwG+ZczJMbU6qiAAY9W+UKlGEJMdS1UI8+XcKFo97oftTfRUl2nMYB679KqKZQGY QYXDze+HomFasv76Gco7R6CQVGVglBT93F/VuaZAJvYpL+bJxgl1Rttpyt06q4AezQKTundB5Bh7 tI954U2AUhLWKcsvME2jBdawfLlXgHp7meHCM6ahjCZkTPeom5lIKDXK0tx48WbPiOihzSokuz4q XDI4FIuAjxx4MSJ3IPI9HYYd8WxokpN/mVapM7lVBgYgdxqkQIgaPbZSzbA+LMsHRV/ySqjA6oGe kIsqhoWA37HRNmXP5QhtWSLIafYQlGGMlYvLZqhIsQirFMM5+Guphg/E2L3f7lzMpTFAizAFoMmq ven/Ilmje2IomSPHymWhYxXTK4haM1MaMEZQ4TriCA62WDOFuwjLcA/ofO/j2N99rTHAtELmrIKJ BJVse5H2JaVWb6eur/rZSMf+pXF7okx9sZ7/5ifJmIXJDZcai5g/nGGSFt6KkmTJzOGJpMcKPdsI 3D/BakdOXnpD8w7braOiPSYUCsn6Z2cX3/QP05RcJnhU1MqD90ANFXsU9hs7jinKSyK0POmk6yK4 V3rSdofiHsh7zr5DzYtbfkAaXSTQRbQutHiYJsBdQiP55ONik1cOprdQ35AtBb+XVf6GdHRdtf44 FFvTaN1ze7Z4yQidZixDLN31SVuSATP+Aihgod4sAizzfBoFwsQfsPWaij8R63MCYuJ6o52RhxqG d5ijiX2nIDZq6s/YV8ITsF3zRJqWAwL0SFiS24clateTehaLaM0+cYdvUvWHAvpBmCfeItE0dQV6 KxNyNF9I/5q93YV6FhoC1gv3M19jQOgIowDLXHrVpgRRkhabyY2UOzjB37RavyCKVpRFokGDB5dV wT3HgAeOjuCjvJJShgKXIsMix+U21w/6HOKZBcq+7UDcX4bYa2ELggj/E1st70/LbqFY1iPXXLv7 qOX3OqqpI4t0OcZNOKy6X+DFQB/cQy/1vK1KkT5ImiWwIz0yonYzP8Gnqz2Ai5GbJhue2CIMTDNm O4Ukm+4UWqCPbTJ5cmPgfEtGngZvfnePlKoWLTLX+uWwfWk9MmNrIvcwXolQMCR3JMNOTqH2leuh SuZZ1DRA19cHbzBuNIOfPKSV8FFDRo9mb+fFcHXWbTj1hWjPvb7EciJHxsEiTRwmckUbIWc1JqEs lpTnFPJfsx97qWc2smDmGX0AXyiUeAQxMWUNonsEBoLgL+5bq54MK4dQYQyUviArutP/25Pn589Z lwu6haRjVVtu1M5XvfuLqy4fPKjrqhHpeVO8uMd8gcr1mr1AiwpKlVbt4Rg4IRNOxSb7npgFGy0A QSLIR40EciQbxMd0IWjQxTb+6ikxeKMCDZlePmrLMunjPXfMJu9RCSAVwidjZXAWGYaSeupaaRGS SPt7p6u1kTNSj+XWapQw1R/5rxYi1oKXG4sJRqDlhdYTX3Rum8COtOBsP6vO3A1Bqcd3aEsMWlmL JzgsRRzZVBf0g3yifn3K2muRUgIgluoFEK+LcyEsGhuuH02ldZdLlIDg74a/ly1WC7215TMOa92z aNqQ2oTMogi/2Rh9CcgIl1h3rFjf12Kb2vYUub9t77UaCFcFJFtXCrUgtmW7c2pYezFP1RAhDFw+ L49D61opIh2GCEB7gBSQhWsxXiF2kw1WgpF7W77CzTGH3J9bV0WD5yJRKQIPKv2L4tHqHP6sw/fL KiatUE4nTMi0Surglf1R5FP7nNw2P3iTNWrm5yenHmGag3aU4LwJGcXc7CsRWr4KG85UiTH9OerV xRsmpxUokZmWzkA3epKXgekOQb1MFG//u/qMn2iTBuy/p1ZZ0SWxmIfd6f+bgZWuWMOFnCZiXVkP RoTDzCwP9vi/8DAr5RDSKLebsH2QbSaFYyDm4noXdX4ToBEE34c1+8kAkQQg+6geUnnsmcYt62QQ bmkhaE5dgLAzdyMRwhZDCDiuxpsAtHyGsF/rBTY//mH0+yzE6R4KW2J+1ZJQJCDh7oeG5CqKq6hs n4rhTRqMhbmITMuJT6ZgDFg60FcT9kXbbQEADTtmJhWSIW+EGVLcI/R06nHzt84e6ym2+Hg6HcXk q1U90Y403fOEgr9RO2+jp/raAgnaKxiqMXvL5KZUGu4MV0OjdQBeh3k2ySp3Y9iZ4ZV/SO66CN+u lRSS4Ej3IVamVun3N0d1XL79jv9UBMbpFVFufCaeLaIA2pHnOAvP939g7TBgJB9cJzAKXJmtNDUj 3JDLKpfL22+MU4WC3x3dSEeEAL7yE+UCr5VDdNRTzq9wpeJW806u/Qye0H/fxbkEJIRJVwiKhHS2 4F/FpkBfCkd3cWPW6si/2oUmKqAI0JtF5VBIDPeIZUWYKbONfOVnyda9LiCcmuoZUjfg22lSSsKO X0r6jsfri3UEjjF3BrX6ZyXCdPdSMggPdvhwZRzzPbHv8Ts80ij3XgrCmK60uendmTWEzxb+pSMe U2F4/lsLSdn3xXZAuL7XRT6Dkv4erT8VOrZks4YvbBKuZ3tzMBRV1NKR4OiG8ctqH47p3JqySqOO M+q2eLPV7lTmWuu8GR0GjKQLPlFwfSKoDHhklHF0bP+4k0poQ5TezqwLt0tnTWibLrOgSYGF8fxN Fx8aH+nm4ffUiWbNZgCs4IpVMHgevaBdxGoItOe0C//KyrcuKPKMXl9niMAGlGDsT0RgjhQH30Wc c1j+P9E0dNBvpEGss6jndcg6VEFivaDIFI3ZTeU2BXyH8l3/QEs7z0O/acHlECn1FMcAemagim+5 aACqDa9tjmvUQJb/drUms8vjPlKyBf7i3HD8/qcJA3AatBXtGNLA3O+aW6aHUbannV/O+jZO6Ahv EgzfcL1fxP6Id7ihUphHiyr4deEksOr3qsdrfFt9hTgekF3ZQrtOjPphqVtNtIojVB85c3+Ra4c7 wbb0tolgK2/VfMDiLRkDDqVZZi/1rDCtNUS1vS2qLtkp/eUiV2qVvKyHY+M1Vq4t9mZVeXUPukA+ S9BnbrxbluOLMoUyfjDYmf7DsF3gnfMHp3dfVaM9/9agJvsApee8VH+ybpn8WlmQ2ThSSqM5hv6n 5ModI0SSUvD6gXwha51vS7sETy5yUk7FOv1APWfFRS4VJTvBHQS3FFbHUe48ziMWjTMqtt4Um95u xEvJBe/ZnTw5wUjdUieZrEmpjIAvK1lSmDdhvL8FTA4rMJgLPrByePVhXnS//GfnyshcaUYGkxhO 6GyarIa63BNmGKIcRJ41RUG99POkAKW8twxPUHSEx+LnMXffpEA3n4SkdA2pzM0d2Wf0M9L7F219 159JG6JVJA2hlwe8mJ2W0DCOUlwHqEapNOfaMOn02uLlmRLAVLHxRv82XbPT2O9zBOKpx8eRR/V/ u7b+8UuieiBY7JeKS2h20j6p/RDNvOigwQlPONBMF6yOjJR8x74KL+1ao7eHcGAyyJM3q8t4+6tB UU3BqRYWG+DhkB+A1BjXMf2EjZQCyjfmbmGt1+8nN8IUs1TRob26iyNg9yOfnDhOhpJ0Eqg+isgN r3Duz9CJwOj9bY6ouiXLdqrUMSZ5Z9HoBSvOt/O7KNxTEK/DnIrBJyFx+e6e1Pa6QwIPZbe1wFZv 39YRSR35K1DcrQNG+p49hPAvBV6qpH5UQeDW0A+e49izZfHw2USGcs6LzD0uu7AVykKHcYYhf+iP 0t1q9v88Y58ytwKVg9x32FQd9RGfclbJY/dpUebDql/ahK5AdcoD7u+W5NunyO2189hTpLt9nTT2 dGZFgDjH79nBcQaVS6sDKeWkzCKu0wqgwllFSh/NTB3xUcxm4Bxan9qipq/Q+LcEquZv/kT4fIzg rwxC4OEWP3CLpekAwVoPlOviS8lIMxas6q4+Ox8qjRqX6jc7wnZp7WJZ1qV2biqYm07M1Rw1Pgyh 6HrpmDczf9wtgX3goUHTVg/cEabEnIa+0pO1R+VjR8QZ6tqXDL5VHSaBTQHu2bL1ooAjzCAGvinM VXa4RRzT0EWmC/1R70gcpGd3wgr7zf7dtXYrzOZo1Atu/CSGOjofdPZcubOMxLreyJWB3NTIFhId MgAfi1ykbYtCqxlPHt9pUv5SqtSVgAaEZ2cgUQIJ1SNn56hqxfuYpGucv2tORsACp8fqprrfoXBD /dq6EvhX8cV+/lz9uVVwYzYz56Kvbv1Zign8VkWOqnqfzZO9aNi6KKt3o0EhDz38GoSjveN7YCLz BnuFO4uLzgFjxrRfXTNqNhHU7LYZAP28kCHZ1Xn/zcCxiU1U98A7yR4WPb00S1V8CKBu5Cc8Picv jTyCbATj+AYOWJUChn4DJ5hmfhY6nyHn/uplbkOtqrAMzN57PTpV1PfgYWwdoRTeMaUwneknfS2p 7ZduSDNGNZujxtedX7Xh0KtSr5UtOSf+1ykoM9iull6suUY1vPuWOMRIKGMrM8TxWxwhplE0ogn6 10G0RiRAat2aTqwZl5W5YTWUy4vpWmwSGPtv6/vLDCsgHG40ZjpGNY5KutYh6hBFLlMolHbqI3fu RFzlzoDZ6QfHBpivBDfTlP1hi3Vi9Kv/gVwSiMTplBoILdXDF627lLVaQOjquP2vlqPZgu/m/2NR Y2PL0+LFx+0Zx7ku05B63TxRRm+d7kf2cfGPrxjyWv4GfmxEti+CMshZaM8iyGSW24dl2FMTySFC RXXUrbH4uLyibHCgyYR6D1hXmUtndT4e8aLA2bmTSH8SIjJWYtVSmfssnJQZKGlpbvvjh/21PEh5 IpCkbA+2Jt8HLpC2Hmyg3DqcvcSofbELJ4OL/3ivZQfrzfgdOuKeJNnOfGbt0N/c+mAXx619R+/C 3x3yK4A2Na36vmpLXeyyhZ9tVmtAzv9Qre0yoD84UEDpPGx/dtfPP43swLziLn25sHkw2F4hi0ZG IQlfdYeEETf+chVDm9NYw6kpyhR63vlnVQ2a7jorIH7pgd8KsNcb+SBllULRP/sE79TkM34VG6Mj B2+DXFWDy/QS3qZC//3NUmHAzPVcki9Y0UlJHED94VbCaF4vGFNKXR6fptNNDgf+yluXJwKic0oY jx3pkOszthYQ7V1pbel9CroXdsjNWK33WtGbj83zRKBW2/UBvcIazOLodyDprinFKHdEUX7Jb0M4 c5aCBd9MgPsUHzHP2GMNhQl01SvRrJivhae88FVbpBf5jhbUE8k69SzSZfgDJlJ1VU2Figd/miBP Y9mE+JuTb2kpKlTYeH4jLpwhldeW01biZCrnhrUUs3sAUgE6Jqog2VDYrvBs2ava/1Ns9pevyo8d 0Pm6mwHAlpP9SKusWoOff0X9iOBKeGP8F7fUgHsCeJWIIwSDDs/uzbVRRnoLXHO+5QK8xEBrSD8h 5AWTFSmwrcGPnQmStzZLFMChEGvYPWdyJ89P7YV5532EAlbVHt20tCzd9ayjmG9EAVlS37C7kuNm oe8ph8ma6wmZjvAX0kZxJ23Csdbo343lwHo1HuDgPv74NS8Clk0OH0vcRiojVPMRYZ1FbAk184/Q Y52RoPE3Zvh4C8Yg4vwZkxGZgBkg8Xa6a6yo5HzGM+L0HAu5P9487sYEQzqyzln04Do3O5drphuV h4UgPlCWxUL1ptZ0P84G4QDyhJbsTGpH7bQ0AAkhRJbl6Qe+gX/ejD09X2if/3wkE6fzdgzBQ6bL 68N7hdvt6AhCa+YxcNHrrYBkdZM+47jkeY0QJn/+Sq6r90Zyp4iHnIHnBwoxS+ksN4H36I2I2jHF JBS14rOt9APjssUNc38MUU9/erWpGYhxPRA8ZKo37VIyFx1acxQceNos0eBzsO+OAlOpUUV7Gpxo MntkvzCNaAixsPYmMsY/DGsyNpl8OMLX7PNq32KGQBElAj4eC7eS1ptG2dsKUlEaH0xHG+tL9G/g GuvuYabU7thcYscSnw+BOl3DnE4+22O8K7f/OyYSY1i767UdnWm3UwZvgmtj33MJUXIMgxtAhH57 Y0+nW1R4fCoEwXoITbOo5NXucCCB/0Z0KeKZtQ2+f3FT9eTm/DupuvMDmmDbVR/pccSndzO6yJh9 D448TGMOOeI5W1nVkMqRalx6ntM+wPcPkUwmNTnQjW9XplLO49KSqlIk/lWn4Oo/TPZATnVTmf31 9ALWSzn4rxMqwos0HWSGr6tStpeEimNj4vg7gQR29Awp5mAm3oCXIneFrTOPRc7Bsb+K8Y30aIgd AAAA2cz+ZCxy9xIAAdPiAby+K4Q06aexxGf7AgAAAAAEWVo= --_002_76674a27861d4685a9637d0151ecebd0EXCHANGEmboxloc_--

----- Original Message -----

From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: Users@ovirt.org Sent: Friday, September 11, 2015 5:33:21 PM Subject: Re: [ovirt-users] Extension aaa: No search for principal

sorry, forgot one:

...

Hi!

Thank you for the information, for some reason the administrator user cannot be resolved to userPrincipalName during login, is it specific for Administrator or any user? This is the default domain administrator account witch exits in any forest. But just in case I created a new domain user just for the

On 11.09.2015 12:48, Alon Bar-Lev wrote: purpose; same outcome

I am unsure what actually happens... Something in global catalog is out of sync. Usually - you do not add domain administrator to external application... there is no need to expose it. By default Administrator does not have "login from network" and "user principal suffix". Also in my environment I do not get result for administrator, but I do get one for regular user that has upn suffix in user record, you can see these fields in user and domain manager. So please use regular unprivileged users which belongs to "Domain Users" from now on. To test if user has userPrincipalName use the following command (assuming we search for user@int.corp.de): $ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://qa1.qa.lab.tlv.redhat.com:3268/ -x -D 'bind@int.corp.de' -w PASSWORD -b '' '(userPrincipalName=user@int.corp.de)' cn userPrincipalName This should find the user (return one result), if not, please checkout user in Users and Domains manager for the domain suffix, maybe it is empty. To find user without userPrincipalName such as Administrator use the following command: $ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://qa1.qa.lab.tlv.redhat.com:3268/ -x -D 'bind@int.corp.de' -w PASSWORD -b '' '(sAMAccountName=user)' cn userPrincipalName For example, the above will work for Administrator, but for kerberos to work properly user principal name must be defined, so these users will not work. You can dump entire GC and send me a user record if no result so I can determine what is different from expectations: $ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://qa1.qa.lab.tlv.redhat.com:3268/ -x -D 'bind@int.corp.de' -w PASSWORD -b '' > /tmp/dump.out Regards, Alon

----- Original Message -----

From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: Users@ovirt.org Sent: Tuesday, September 15, 2015 2:41:02 PM Subject: Re: [ovirt-users] Extension aaa: No search for principal

On 11.09.2015 17:00, Alon Bar-Lev wrote:

...

----- Original Message -----

...

From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: Users@ovirt.org Sent: Friday, September 11, 2015 5:33:21 PM Subject: Re: [ovirt-users] Extension aaa: No search for principal

sorry, forgot one:

...

Hi!

Thank you for the information, for some reason the administrator user cannot be resolved to userPrincipalName during login, is it specific for Administrator or any user? This is the default domain administrator account witch exits in any forest. But just in case I created a new domain user just for the

On 11.09.2015 12:48, Alon Bar-Lev wrote: purpose; same outcome

Sorry for the delay, Alon.

...

I am unsure what actually happens... I might have an idea, at least from the commands you supplied.

...

Something in global catalog is out of sync. Usually - you do not add domain administrator to external application... there is no need to expose it. By default Administrator does not have "login from network" and "user principal suffix".

Also in my environment I do not get result for administrator, but I do get one for regular user that has upn suffix in user record, you can see these fields in user and domain manager.

So please use regular unprivileged users which belongs to "Domain Users" from now on.

To test if user has userPrincipalName use the following command (assuming we search for user@int.corp.de):

$ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://qa1.qa.lab.tlv.redhat.com:3268/ -x -D 'bind@int.corp.de' -w PASSWORD -b '' '(userPrincipalName=user@int.corp.de)' cn userPrincipalName It seams with Active Directory (at least) the search base cannot be empty (-b '') but needs to be provided.

In my case, the above command fails with:

...

# search result search: 2 result: 32 No such object text: 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:

While adding the most basic search path it succeeds:

$ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://int.corp.de:389/ -x -D 'bind@int.corp.de' -w PASSWORD -b 'dc=int,dc=corp,dc=de' '(userPrincipalName=administrator@int.corp.de)' cn userPrincipalName

...

# search reference ref: ldap://ForestDnsZones.int.corp.de/DC=ForestDnsZones,DC=int,DC=corp,DC=de

# search reference ref: ldap://DomainDnsZones.int.corp.de/DC=DomainDnsZones,DC=int,DC=corp,DC=de

# search reference ref: ldap://int.corp.de/CN=Configuration,DC=int,DC=corp,DC=de

# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.319 false DDDDDDDSSSDDMM= pagedresults: cookie=

# numResponses: 4 # numReferences: 3

But I asked to query a specific port... the global catalog, port 3268, see my command above.

It succeeds with every user I tried.

what we see is not a success... :( I also asked not to use administrator as a reference user, please create a standard non privileged user for these tests, so skip oddness of builtin administrator for now.

I would set the search base; but i am not sure where to do so.

...

This should find the user (return one result), if not, please checkout user in Users and Domains manager for the domain suffix, maybe it is empty.

To find user without userPrincipalName such as Administrator use the following command:

$ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://qa1.qa.lab.tlv.redhat.com:3268/ -x -D 'bind@int.corp.de' -w PASSWORD -b '' '(sAMAccountName=user)' cn userPrincipalName

For example, the above will work for Administrator, but for kerberos to work properly user principal name must be defined, so these users will not work.

You can dump entire GC and send me a user record if no result so I can determine what is different from expectations:

$ ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://qa1.qa.lab.tlv.redhat.com:3268/ -x -D 'bind@int.corp.de' -w PASSWORD -b '' > /tmp/dump.out

If you still require a dump (its even a small one..) please drop a mail.

I will be happy to receive a complete dump of your gc, please send me privately, so we can progress. Please use this exact command just replace qa1.qa.lab.tlv.redhat.com with your dc, bind@int.corp.de with your bind user and PASSWORD with bind user password. Thanks!

...

Regards, Alon

-- Daniel Helgenberger m box bewegtbild GmbH

P: +49/30/2408781-22 F: +49/30/2408781-10

ACKERSTR. 19 D-10115 BERLIN

www.m-box.de www.monkeymen.tv

Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767

----- Original Message -----

From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: Users@ovirt.org Sent: Tuesday, September 15, 2015 11:09:45 PM Subject: Re: [ovirt-users] Extension aaa: No search for principal

I think I did find the issue here;

my domain is named int.corp.com

I have defined several UPN aliases and our real world users do use the UPN @corp.com.

Using some internal user with UPN int.corp.com the authentication works as expected; while my real world users fail.

I tried to create a new profile for that; but it fails to load off course because the domain corp.com cannot be connected.

the user is upn, users should specify their full upn if this non default domain suffix. you do not need a new profile. in your case it would probably be user1@corp.com for user1.