From fe993f3d71e50fa14f686b6bb9e57c8dea918896 Mon Sep 17 00:00:00 2001
From: Christian Dresen <c.dresen@fh-muenster.de>
Date: Sat, 9 Jan 2016 23:24:42 +0100
Subject: [PATCH] Updated LDAP
---
ldap/Dockerfile | 3 +
ldap/data/config.php | 576 +++++++++++++++++++++++++++++++++++++
ldap/data/ldap_db/data.mdb | Bin 131072 -> 147456 bytes
ldap/data/ldap_db/lock.mdb | Bin 8192 -> 8192 bytes
web/warpzone/settings.py | 18 +-
5 files changed, 588 insertions(+), 9 deletions(-)
create mode 100644 ldap/data/config.php
diff --git a/ldap/Dockerfile b/ldap/Dockerfile
index ca4a837..4c76e8b 100644
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@@ -28,8 +28,11 @@ RUN apt-get update && apt-get install -y \
fusiondirectory \
fusiondirectory-schema \
fusiondirectory-plugin-ssh
+
+RUN apt-get update && apt-get install -y phpldapadmin
COPY ./data/start.sh /opt/start.sh
+COPY ./data/config.php /etc/phpldapadmin/config.php
EXPOSE 22 8000 389
diff --git a/ldap/data/config.php b/ldap/data/config.php
new file mode 100644
index 0000000..5e7154f
--- /dev/null
+++ b/ldap/data/config.php
@@ -0,0 +1,576 @@
+<?php
+/** NOTE **
+ ** Make sure that <?php is the FIRST line of this file!
+ ** IE: There should NOT be any blank lines or spaces BEFORE <?php
+ **/
+
+/**
+ * The phpLDAPadmin config file
+ * See: http://phpldapadmin.sourceforge.net/wiki/index.php/Config.php
+ *
+ * This is where you can customise some of the phpLDAPadmin defaults
+ * that are defined in config_default.php.
+ *
+ * To override a default, use the $config->custom variable to do so.
+ * For example, the default for defining the language in config_default.php
+ *
+ * $this->default->appearance['language'] = array(
+ * 'desc'=>'Language',
+ * 'default'=>'auto');
+ *
+ * to override this, use $config->custom->appearance['language'] = 'en_EN';
+ *
+ * This file is also used to configure your LDAP server connections.
+ *
+ * You must specify at least one LDAP server there. You may add
+ * as many as you like. You can also specify your language, and
+ * many other options.
+ *
+ * NOTE: Commented out values in this file prefixed by //, represent the
+ * defaults that have been defined in config_default.php.
+ * Commented out values prefixed by #, dont reflect their default value, you can
+ * check config_default.php if you want to see what the default is.
+ *
+ * DONT change config_default.php, you changes will be lost by the next release
+ * of PLA. Instead change this file - as it will NOT be replaced by a new
+ * version of phpLDAPadmin.
+ */
+
+/*********************************************
+ * Useful important configuration overrides *
+ *********************************************/
+
+/* If you are asked to put PLA in debug mode, this is how you do it: */
+# $config->custom->debug['level'] = 255;
+# $config->custom->debug['syslog'] = true;
+# $config->custom->debug['file'] = '/tmp/pla_debug.log';
+
+/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
+ to a big random string. */
+// $config->custom->session['blowfish'] = null;
+
+/* If your auth_type is http, you can override your HTTP Authentication Realm. */
+// $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login');
+
+/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
+ to determine your language automatically.
+ If PLA doesnt show (all) strings in your language, then you can do some
+ translation at http://translations.launchpad.net/phpldapadmin and download
+ the translation files, replacing those provided with PLA.
+ (We'll pick up the translations before making the next release too!) */
+// $config->custom->appearance['language'] = 'auto';
+
+/* The temporary storage directory where we will put jpegPhoto data
+ This directory must be readable and writable by your web server. */
+// $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems
+# $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems
+
+/* Set this to (bool)true if you do NOT want a random salt used when
+ calling crypt(). Instead, use the first two letters of the user's
+ password. This is insecure but unfortunately needed for some older
+ environments. */
+# $config->custom->password['no_random_crypt_salt'] = true;
+
+/* PHP script timeout control. If php runs longer than this many seconds then
+ PHP will stop with an Maximum Execution time error. Increase this value from
+ the default if queries to your LDAP server are slow. The default is either
+ 30 seconds or the setting of max_exection_time if this is null. */
+// $config->custom->session['timelimit'] = 30;
+
+/* Our local timezone
+ This is to make sure that when we ask the system for the current time, we
+ get the right local time. If this is not set, all time() calculations will
+ assume UTC if you have not set PHP date.timezone. */
+// $config->custom->appearance['timezone'] = null;
+# $config->custom->appearance['timezone'] = 'Australia/Melbourne';
+
+/*********************************************
+ * Commands *
+ *********************************************/
+
+/* Command availability ; if you don't authorize a command the command
+ links will not be shown and the command action will not be permitted.
+ For better security, set also ACL in your ldap directory. */
+/*
+$config->custom->commands['cmd'] = array(
+ 'entry_internal_attributes_show' => true,
+ 'entry_refresh' => true,
+ 'oslinks' => true,
+ 'switch_template' => true
+);
+
+$config->custom->commands['script'] = array(
+ 'add_attr_form' => true,
+ 'add_oclass_form' => true,
+ 'add_value_form' => true,
+ 'collapse' => true,
+ 'compare' => true,
+ 'compare_form' => true,
+ 'copy' => true,
+ 'copy_form' => true,
+ 'create' => true,
+ 'create_confirm' => true,
+ 'delete' => true,
+ 'delete_attr' => true,
+ 'delete_form' => true,
+ 'draw_tree_node' => true,
+ 'expand' => true,
+ 'export' => true,
+ 'export_form' => true,
+ 'import' => true,
+ 'import_form' => true,
+ 'login' => true,
+ 'logout' => true,
+ 'login_form' => true,
+ 'mass_delete' => true,
+ 'mass_edit' => true,
+ 'mass_update' => true,
+ 'modify_member_form' => true,
+ 'monitor' => true,
+ 'purge_cache' => true,
+ 'query_engine' => true,
+ 'rename' => true,
+ 'rename_form' => true,
+ 'rdelete' => true,
+ 'refresh' => true,
+ 'schema' => true,
+ 'server_info' => true,
+ 'show_cache' => true,
+ 'template_engine' => true,
+ 'update_confirm' => true,
+ 'update' => true
+);
+*/
+
+/*********************************************
+ * Appearance *
+ *********************************************/
+
+/* If you want to choose the appearance of the tree, specify a class name which
+ inherits from the Tree class. */
+// $config->custom->appearance['tree'] = 'AJAXTree';
+# $config->custom->appearance['tree'] = 'HTMLTree';
+
+/* Just show your custom templates. */
+// $config->custom->appearance['custom_templates_only'] = false;
+
+/* Disable the default template. */
+// $config->custom->appearance['disable_default_template'] = false;
+
+/* Hide the warnings for invalid objectClasses/attributes in templates. */
+// $config->custom->appearance['hide_template_warning'] = false;
+
+/* Set to true if you would like to hide header and footer parts. */
+// $config->custom->appearance['minimalMode'] = false;
+
+/* Configure what objects are shown in left hand tree */
+// $config->custom->appearance['tree_filter'] = '(objectclass=*)';
+
+/* The height and width of the tree. If these values are not set, then
+ no tree scroll bars are provided. */
+// $config->custom->appearance['tree_height'] = null;
+# $config->custom->appearance['tree_height'] = 600;
+// $config->custom->appearance['tree_width'] = null;
+# $config->custom->appearance['tree_width'] = 250;
+
+/* Confirm create and update operations, allowing you to review the changes
+ and optionally skip attributes during the create/update operation. */
+// $config->custom->confirm['create'] = true;
+// $config->custom->confirm['update'] = true;
+
+/* Confirm copy operations, and treat them like create operations. This allows
+ you to edit the attributes (thus changing any that might conflict with
+ uniqueness) before creating the new entry. */
+// $config->custom->confirm['copy'] = true;
+
+/*********************************************
+ * User-friendly attribute translation *
+ *********************************************/
+
+/* Use this array to map attribute names to user friendly names. For example, if
+ you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+// $config->custom->appearance['friendly_attrs'] = array();
+$config->custom->appearance['friendly_attrs'] = array(
+ 'facsimileTelephoneNumber' => 'Fax',
+ 'gid' => 'Group',
+ 'mail' => 'Email',
+ 'telephoneNumber' => 'Telephone',
+ 'uid' => 'User Name',
+ 'userPassword' => 'Password'
+);
+
+/*********************************************
+ * Hidden attributes *
+ *********************************************/
+
+/* You may want to hide certain attributes from being edited. If you want to
+ hide attributes from the user, you should use your LDAP servers ACLs.
+ NOTE: The user must be able to read the hide_attrs_exempt entry to be
+ excluded. */
+// $config->custom->appearance['hide_attrs'] = array();
+# $config->custom->appearance['hide_attrs'] = array('objectClass');
+
+/* Members of this list will be exempt from the hidden attributes. */
+// $config->custom->appearance['hide_attrs_exempt'] = null;
+# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU';
+
+/*********************************************
+ * Read-only attributes *
+ *********************************************/
+
+/* You may want to phpLDAPadmin to display certain attributes as read only,
+ meaning that users will not be presented a form for modifying those
+ attributes, and they will not be allowed to be modified on the "back-end"
+ either. You may configure this list here:
+ NOTE: The user must be able to read the readonly_attrs_exempt entry to be
+ excluded. */
+// $config->custom->appearance['readonly_attrs'] = array();
+
+/* Members of this list will be exempt from the readonly attributes. */
+// $config->custom->appearance['readonly_attrs_exempt'] = null;
+# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU';
+
+/*********************************************
+ * Group attributes *
+ *********************************************/
+
+/* Add "modify group members" link to the attribute. */
+// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
+
+/* Configure filter for member search. This only applies to "modify group members" feature */
+// $config->custom->modify_member['filter'] = '(objectclass=Person)';
+
+/* Attribute that is added to the group member attribute. */
+// $config->custom->modify_member['attr'] = 'dn';
+
+/* For Posix attributes */
+// $config->custom->modify_member['posixattr'] = 'uid';
+// $config->custom->modify_member['posixfilter'] = '(uid=*)';
+// $config->custom->modify_member['posixgroupattr'] = 'memberUid';
+
+/*********************************************
+ * Support for attrs display order *
+ *********************************************/
+
+/* Use this array if you want to have your attributes displayed in a specific
+ order. You can use default attribute names or their fridenly names.
+ For example, "sn" will be displayed right after "givenName". All the other
+ attributes that are not specified in this array will be displayed after in
+ alphabetical order. */
+// $config->custom->appearance['attr_display_order'] = array();
+# $config->custom->appearance['attr_display_order'] = array(
+# 'givenName',
+# 'sn',
+# 'cn',
+# 'displayName',
+# 'uid',
+# 'uidNumber',
+# 'gidNumber',
+# 'homeDirectory',
+# 'mail',
+# 'userPassword'
+# );
+
+/*********************************************
+ * Define your LDAP servers in this section *
+ *********************************************/
+
+$servers = new Datastore();
+
+/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
+ declaration. */
+$servers->newServer('ldap_pla');
+
+/* A convenient name that will appear in the tree viewer and throughout
+ phpLDAPadmin to identify this LDAP server to users. */
+$servers->setValue('server','name','warpzone.ms');
+
+/* Examples:
+ 'ldap.example.com',
+ 'ldaps://ldap.example.com/',
+ 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
+ (Unix socket at /usr/local/var/run/ldap) */
+$servers->setValue('server','host','127.0.0.1');
+
+/* The port your LDAP server listens on (no quotes). 389 is standard. */
+// $servers->setValue('server','port',389);
+
+/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
+ auto-detect it for you. */
+$servers->setValue('server','base',array('dc=warpzone,dc=ms'));
+
+/* Five options for auth_type:
+ 1. 'cookie': you will login via a web form, and a client-side cookie will
+ store your login dn and password.
+ 2. 'session': same as cookie but your login dn and password are stored on the
+ web server in a persistent session variable.
+ 3. 'http': same as session but your login dn and password are retrieved via
+ HTTP authentication.
+ 4. 'config': specify your login dn and password here in this config file. No
+ login will be required to use phpLDAPadmin for this server.
+ 5. 'sasl': login will be taken from the webserver's kerberos authentication.
+ Currently only GSSAPI has been tested (using mod_auth_kerb).
+
+ Choose wisely to protect your authentication information appropriately for
+ your situation. If you choose 'cookie', your cookie contents will be
+ encrypted using blowfish and the secret your specify above as
+ session['blowfish']. */
+$servers->setValue('login','auth_type','session');
+
+/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
+ 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
+ BLANK. If you specify a login_attr in conjunction with a cookie or session
+ auth_type, then you can also specify the bind_id/bind_pass here for searching
+ the directory for users (ie, if your LDAP server does not allow anonymous
+ binds. */
+$servers->setValue('login','bind_id','cn=admin,dc=warpzone,dc=ms');
+# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
+
+/* Your LDAP password. If you specified an empty bind_id above, this MUST also
+ be blank. */
+// $servers->setValue('login','bind_pass','');
+# $servers->setValue('login','bind_pass','secret');
+
+/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
+// $servers->setValue('server','tls',false);
+
+/************************************
+ * SASL Authentication *
+ ************************************/
+
+/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
+ configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
+ false), then all other sasl options are ignored. */
+// $servers->setValue('login','auth_type','sasl');
+
+/* SASL auth mechanism */
+// $servers->setValue('sasl','mech','GSSAPI');
+
+/* SASL authentication realm name */
+// $servers->setValue('sasl','realm','');
+# $servers->setValue('sasl','realm','EXAMPLE.COM');
+
+/* SASL authorization ID name
+ If this option is undefined, authorization id will be computed from bind DN,
+ using authz_id_regex and authz_id_replacement. */
+// $servers->setValue('sasl','authz_id', null);
+
+/* SASL authorization id regex and replacement
+ When authz_id property is not set (default), phpLDAPAdmin will try to
+ figure out authorization id by itself from bind distinguished name (DN).
+
+ This procedure is done by calling preg_replace() php function in the
+ following way:
+
+ $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
+ $bind_dn);
+
+ For info about pcre regexes, see:
+ - pcre(3), perlre(3)
+ - http://www.php.net/preg_replace */
+// $servers->setValue('sasl','authz_id_regex',null);
+// $servers->setValue('sasl','authz_id_replacement',null);
+# $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
+# $servers->setValue('sasl','authz_id_replacement','$1');
+
+/* SASL auth security props.
+ See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
+// $servers->setValue('sasl','props',null);
+
+/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+ blowfish, crypt or leave blank for now default algorithm. */
+// $servers->setValue('appearance','password_hash_custom','md5');
+
+/* If you specified 'cookie' or 'session' as the auth_type above, you can
+ optionally specify here an attribute to use when logging in. If you enter
+ 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
+ and log in as that user.
+ Leave blank or specify 'dn' to use full DN for logging in. Note also that if
+ your LDAP server requires you to login to perform searches, you can enter the
+ DN to use when searching in 'bind_id' and 'bind_pass' above. */
+// $servers->setValue('login','attr','dn');
+
+/* Base DNs to used for logins. If this value is not set, then the LDAP server
+ Base DNs are used. */
+// $servers->setValue('login','base',array());
+
+/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
+ at login, you may restrict the search to a specific objectClasses. EG, set this
+ to array('posixAccount') or array('inetOrgPerson',..), depending upon your
+ setup. */
+// $servers->setValue('login','class',array());
+
+/* If you specified something different from 'dn', for example 'uid', as the
+ login_attr above, you can optionally specify here to fall back to
+ authentication with dn.
+ This is useful, when users should be able to log in with their uid, but
+ the ldap administrator wants to log in with his root-dn, that does not
+ necessarily have the uid attribute.
+ When using this feature, login_class is ignored. */
+// $servers->setValue('login','fallback_dn',false);
+
+/* Specify true If you want phpLDAPadmin to not display or permit any
+ modification to the LDAP server. */
+// $servers->setValue('server','read_only',false);
+
+/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
+ in the tree viewer. */
+// $servers->setValue('appearance','show_create',true);
+
+/* Set to true if you would like to initially open the first level of each tree. */
+// $servers->setValue('appearance','open_tree',false);
+
+/* This feature allows phpLDAPadmin to automatically determine the next
+ available uidNumber for a new entry. */
+// $servers->setValue('auto_number','enable',true);
+
+/* The mechanism to use when finding the next available uidNumber. Two possible
+ values: 'uidpool' or 'search'.
+ The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
+ blindly lookup the next available uidNumber. The 'search' mechanism searches
+ for entries with a uidNumber value and finds the first available uidNumber
+ (slower). */
+// $servers->setValue('auto_number','mechanism','search');
+
+/* The DN of the search base when the 'search' mechanism is used above. */
+# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com');
+
+/* The minimum number to use when searching for the next available number
+ (only when 'search' is used for auto_number. */
+// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for the uidnumber. The idea is, this user id would have full
+ (readonly) access to uidnumber in your ldap directory (the logged in user
+ may not), so that you can be guaranteed to get a unique uidnumber for your
+ directory. */
+// $servers->setValue('auto_number','dn',null);
+
+/* The password for the dn above. */
+// $servers->setValue('auto_number','pass',null);
+
+/* Enable anonymous bind login. */
+// $servers->setValue('login','anon_bind',true);
+
+/* Use customized page with prefix when available. */
+# $servers->setValue('custom','pages_prefix','custom_');
+
+/* If you set this, then only these DNs are allowed to log in. This array can
+ contain individual users, groups or ldap search filter(s). Keep in mind that
+ the user has not authenticated yet, so this will be an anonymous search to
+ the LDAP server, so make your ACLs allow these searches to return results! */
+# $servers->setValue('login','allowed_dns',array(
+# 'uid=stran,ou=People,dc=example,dc=com',
+# '(&(gidNumber=811)(objectClass=groupOfNames))',
+# '(|(uidNumber=200)(uidNumber=201))',
+# 'cn=callcenter,ou=Group,dc=example,dc=com'));
+
+/* Set this if you dont want this LDAP server to show in the tree */
+// $servers->setValue('server','visible',true);
+
+/* Set this if you want to hide the base DNs that dont exist instead of
+ displaying the message "The base entry doesnt exist, create it?"
+// $servers->setValue('server','hide_noaccess_base',false);
+# $servers->setValue('server','hide_noaccess_base',true);
+
+/* This is the time out value in minutes for the server. After as many minutes
+ of inactivity you will be automatically logged out. If not set, the default
+ value will be ( session_cache_expire()-1 ) */
+# $servers->setValue('login','timeout',30);
+
+/* Set this if you want phpldapadmin to perform rename operation on entry which
+ has children. Certain servers are known to allow it, certain are not. */
+// $servers->setValue('server','branch_rename',false);
+
+/* If you set this, then phpldapadmin will show these attributes as
+ internal attributes, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_sys_attrs',array(''));
+# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+
+/* If you set this, then phpldapadmin will show these attributes on
+ objects, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_attrs',array(''));
+# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+
+/* These attributes will be forced to MAY attributes and become option in the
+ templates. If they are not defined in the templates, then they wont appear
+ as per normal template processing. You may want to do this because your LDAP
+ server may automatically calculate a default value.
+ In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
+ gidNumber and sambaSID. */
+// $servers->setValue('server','force_may',array(''));
+# $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
+
+/*********************************************
+ * Unique attributes *
+ *********************************************/
+
+/* You may want phpLDAPadmin to enforce some attributes to have unique values
+ (ie: not belong to other entries in your tree. This (together with
+ 'unique','dn' and 'unique','pass' option will not let updates to
+ occur with other attributes have the same value. */
+# $servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for attribute uniqueness. The idea is, this user id would have full
+ (readonly) access to your ldap directory (the logged in user may not), so
+ that you can be guaranteed to get a unique uidnumber for your directory. */
+// $servers->setValue('unique','dn',null);
+
+/* The password for the dn above. */
+// $servers->setValue('unique','pass',null);
+
+/**************************************************************************
+ * If you want to configure additional LDAP servers, do so below. *
+ * Remove the commented lines and use this section as a template for all *
+ * your other LDAP servers. *
+ **************************************************************************/
+
+/*
+$servers->newServer('ldap_pla');
+$servers->setValue('server','name','LDAP Server');
+$servers->setValue('server','host','127.0.0.1');
+$servers->setValue('server','port',389);
+$servers->setValue('server','base',array(''));
+$servers->setValue('login','auth_type','cookie');
+$servers->setValue('login','bind_id','');
+$servers->setValue('login','bind_pass','');
+$servers->setValue('server','tls',false);
+
+# SASL auth
+$servers->setValue('login','auth_type','sasl');
+$servers->setValue('sasl','mech','GSSAPI');
+$servers->setValue('sasl','realm','EXAMPLE.COM');
+$servers->setValue('sasl','authz_id',null);
+$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
+$servers->setValue('sasl','authz_id_replacement','$1');
+$servers->setValue('sasl','props',null);
+
+$servers->setValue('appearance','password_hash_custom','md5');
+$servers->setValue('login','attr','dn');
+$servers->setValue('login','fallback_dn',false);
+$servers->setValue('login','class',null);
+$servers->setValue('server','read_only',false);
+$servers->setValue('appearance','show_create',true);
+
+$servers->setValue('auto_number','enable',true);
+$servers->setValue('auto_number','mechanism','search');
+$servers->setValue('auto_number','search_base',null);
+$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+$servers->setValue('auto_number','dn',null);
+$servers->setValue('auto_number','pass',null);
+
+$servers->setValue('login','anon_bind',true);
+$servers->setValue('custom','pages_prefix','custom_');
+$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+$servers->setValue('unique','dn',null);
+$servers->setValue('unique','pass',null);
+
+$servers->setValue('server','visible',true);
+$servers->setValue('login','timeout',30);
+$servers->setValue('server','branch_rename',false);
+$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
+*/
+?>
diff --git a/ldap/data/ldap_db/data.mdb b/ldap/data/ldap_db/data.mdb
index 83a98a617030a5c75b944473439068e308105a09..67bd36ee62a96fbdcac087ce5321ef1ea2b34450 100644
GIT binary patch
literal 147456
zcmeHw4UinibzT!(0E@%jEvQfwOjGg_KQu@Khnf9fN}vG(1djj+AowAGBPnurXZCJ!
zd%Kt2y<gd?i>z|dj7_UlDusb$7^PBRT9qiYO;upI>`)4eMbiw;@{hu>WLr_$GA%O<
z6w4|~k)6D+d)~~>-rpXudprW&SAEkx)6+fs`gQkvuitwu1c$Ip{N?li`wwp5Tk5)7
zUN#637XA}Ir3&4sE@G{FRTsaMpHfe{+;Z=8ubbWLN8PKwXb5NsXb5NsXb5NsXb5Ns
zXb5NsXb5NsXb5Nsv=0J4U)~=6e|_N7{M!ALD!}~zzi`Vl|NmIveVx$|&=AlN&=AlN
z&=AlN&=AlN&=AlN&=AlN&=6<`1Xg*K+#o(Ao{qc|c|G!G<fX`^$kUN$BH_p@y<h5i
zD>UA7py%?sXwP@LFLnPYTwnL{>X*aMt-ZKra?NK~KN<Q+$g4yrGz2sRmH>fgrC=;9
z-tWG%j;^;NP4|CFU8L3x^kg72quVoU=!yuP8@!HZ7=n1Vg|4KkBUZb4)P;!hC>x;&
z9UY{%QH0bF?{PV_&*duBL91Mxw(7-7*(#kZ7wclMS{WOy@nwzzmXS*)Q<>O~L@t%s
zVH)w|j%*<p-;pqrnOHJwB@@Y<xbT&SK5@|Ako@)E*>ig9xf2hIe0i63j9SL`uq04y
zrn_l7<`_oIO66=PZRHCwC!0^?^QpLFCiC%vjW-u9!?MP6RDXzC;QTGJMf^J^Zl=F+
ziYg3<nYOjgzXwqD!)^3aD`UG#mHco`cnO}3(Tjk^CVruterIiL)TxfuoGN~_pZN*5
z%z3)v*Kz(s?)@<Rx?AXPQXHWFDr^@s3)IN12EX_YF|&>uw(|AjxFdT^rJ`<~!P3<F
zI{H~IzWAvRxTV$Cg$2JY=B%54iz*csA9UXqU1LRimoZr|Vzy{V0?QFzr3hGX-g}Q=
zv623s5&iVPF3VyZ%*<0CzZd*%Tf|HljoMXfO13T&J#KBmvVb(o7VI6CJyI;o@?M6u
z<$~|Hup4zMqa_E(;ikA0!;WxB1wgu98FtDNmE08L((6<Pu;4u70Pq5^xFGh6DqU4T
zFV9sQx5eL}N&^y9x(SPUd~u6@&4fSsO1V%R1pc@w%wh<^nhl!PsOG|0jV2$vSatIC
zN_7grXuieoMP)5v@ssjO|GKD+5oaXlRBLFClRVR&r6Pa}=Y1kZ%?A6t*#P*_P(eeI
z+v0CfP0xq>T&m=@92^UHSG9bv*RtCivqlk*3x=I)m&WaS0?>q29ks^lLjabS#+rb@
z*uZ&(OPFgEHhe+O6O0XaiJ5t8<gfSPhWh!7i}jL~!xs#y6wj;-1C$jszs;=0R~Cnh
z@@sKrjnH7pJ|S+RlEreNYSrr1v3z~3D#u3C9e(RIN}zW+&sYx_N9pg}4N>tUvF(Nz
z#bNP;7;ua6*Q-?yU$0V(BSDOgiJ1tM!IV5&t(+wkmE$jv=lw1I4*9c1O3bwMYq*zq
zo=|UNPN8;dWoxuHR8fuk8Qy^lw&?z{S#t`{kilMb``yZys+E!>f0dW!l6+O)lo2y6
zj#q{uC=@@Sf9<@)*Xc^x*-q(^nwWiu-{3ir@k*^W%~;3qyGy<n7Tg<R(SBp-fiA-6
zV5}6g@Ri$8Gh|rsIw0m)BN*CS+*-M>!~*@vU&6lu6q*bXnur{`Sg%Z!X%JN8Bp1kY
z5Am4iJof;P`7eu4$kDH=1y(OsGk*hrn|hPyNvmuPDk^2fO{%@+<~bg#2eqWuMK8g4
z5v<#t+dM2J{P)saGAchKOugj>Icv}U8ioV+f;YMrSgE<^xR?1W#T>tY>t`JGW@*qk
zv(`WEjRJi%W-JxB9bREnongW2@a?jgzj_gTDEQc?zBf!Ys-Swzr-=BQ_$r7#xJA5n
z<Llkw^{?Hyf&QNAd8H>D`DX70`g^O_t!CEcdHMPNJd3qoe%lQ<&{}|66@P)>g^2dh
zUr6KIDBTjzf_G4!>%bNLmZ69`Cg_TYdnmh&BFf;|T)YhyMocuqOArxbm5TK#VLG{t
z;}jfXVG?P@!ek0Yd`CPNPsU<aI-Q8;#fL7v{m%#Q-;n&(8$X=f^c(e$NP-vy9%e4C
z)1Ac_wdZ&gGt87>8d)=AB#iU`O?XFgSV%;@GAg_;8m!c;J^7L_?yimH>Q%?N`%Em6
zJ#*?<-8z-1<>DtPeYln%$<_u=KUf>M|G}&s+dq}>A05w)oRs<8=?8b+ZJ#O)A3ZfN
zeCX8v;oPax*rEHg=F!vlmU8iXYXiq8htEu#@iV6nOgJOiF*je&Pwd*&(C!qqJ2g?Q
zTN7w^jM8P<?)2nHZF+Eo+AU1whtTer%;zRYsNIRu@aV+!aA~42oSP_(l?Jos=wy!C
z&DExBlfzTg?$qR2*{+*c?KVQk%=RVHnMB4I*lfsvi<@i%@XhRiKsRi3@tMarX6Vfn
z1>rMr3b=(Lz+>Q-Nf9`P@`y1v58fRy?&eVs;+5imt9ZRlPG(`*4mBrsQv5s;^pRgt
z7x^2o65@LrzrEYdqY6Z<WO$Ah4iT~g$_tD`<nat?#G6!J!T@U}$^jl|hu^_k&1q0n
zcporC1bxQOKv^OUSb-8nIiwLm`QjPs#<=EpFi&zCb0nw1!BKh!b1_Hc(FUR`W0^tw
zh*64o&iUKjJh#8e%`;3ktGoaVwzz4O-P&*;^B~nJ%lx!T&tN`AbaBed-|0SQe8H-Z
z@8SH<sJ#6B+Z)n5+%(!DT1vJD7@_}ZPL^;+dw@0i7FYfTq|w)yyZQcN<qRr|w$KKC
zFVg619uHW55CIo_KVSoxp*-?DC!-AB1#V%H!Luk`5%HaPwv8gb2haFDd^?`uJ;f33
zV<vGgahSq(9@}@H_rG9`mFkpJ*F7UnwV1bd9(E=kJ5#9+i&-~L96NcRsMUrn^>6>4
zL&xtE>c4y>|2gG)b!zYN!@^6*+cCoclP_b#D>TC!LKbKw-RD>m7J0nWspogrYNef{
z)#A8ScXk%+zF}udEP6lhRO>aAM#3+?;O)FMXKB98KXdCKiG<3Btr2HybZf1=Rm{2}
zf4E5yFui~DJ7;ktbZ-`~OZPlVuQ6S(T15Ox(WGchH+GiccG}KdvAol&4GEdZd8s_#
z;_EOc>fR&UD?N>eHB?oulq!QH%#qa<tWwQUNv~)}noz%NE^KF_Qpr|`fU(k9tBHU~
zHW4sio%*sQU{<%4fXQbwg_spL@`Z$H=aR8_HlDL$$$~|sfgMX)V$lNrq90Eg*}il<
z(V;~j)eq40A;a^SOlX#o%Ri+szhJJxBr~5J9&-;O&wp6=mNMV9I={^!W^WdPHRtDe
zg|H%9uyRI_tW7jw#qa*;S&0>)wqk|fryz6tjBMOU$2&vFfr_TE5uHN)DZ7<Yplz_0
zf{xos7xXhdo58w*$bE?PQu?r&|3G_K<G4;-(a%`hu)a37$+RNMa5=oc&CR3iT<aaP
z7b}c+x!$;wg?TmbZ2O#1t6Co+`oQn1*`4Rz@kdEKWybqru}s3qbYhgCdUxgnuB)($
z=DSaYF06mN=To6)*3GO@{QswWk4oOZ9y!r-q9=@LQ3nkH4FL^-jzHjBSO94?jJmah
z?*-3|g%j%{9wTBc-Q}h+hw=K2`%78BoB7py=zXFMW>5$7uei2KtBqD_#mW1zYXnxu
z6b<=!BA25LYY<>5%atqI@xqQm+)CP3-Ygh)N+f>oa`fQY4ar~m*?;)=Z+z|YH?C5&
z6^ofkGc_RGU3>Q;_p9CA^TsqUK=f8Rk?b=wW+G;`e*sd}4+seUm`>YFFh)RsZ$W}O
z`A&6_{SEoVhgE(Cc!2m3H~$D-5z&|EJJ4TIihO0<KpjiLjaK^{OZ_2I<hTz4fxrg;
zc8|%OgVAqP3s|tA680W8tkVM}DYHFgPvzndP2{I0$L$kJW_#xJLx#0i=0|fQ15;;C
zA2#ykhtAsl4^1s7+f@?XvSCe5m!x2J0+o-e%IiunOYIm|o+_`KRQdGO)MS||A3tjk
zjZZBoz}-?NnSfYSL8rxHK{#i!PTH`tiNJ75Si#}+OMlz-89AH|v}-t}<HR&J4wQJd
zFP1e-y4`lcGzJQqBfX9{G3n8~DCa^-Ei^CkoCabIu^sbd8|Ot|b;(cBTp4SeD^sy-
z#<A?C&P@h8H}~{+|4er7eeLSpRGjGI#u>3O9q9CQUo4$UnTZZ{Ix(?oV}$hsA=5@c
ze=a7Mz<Pzq^WHMbC0yMjRz{kwKxpUVW-L+2VAN*3MKBZW*l(I!-Z?l#i(sZr9cv`x
znZ{9zd|y17Ok_K<ys74>2ZZ<(El3!*tVsrDst>nlJSWse_7m17?2n+|c>F?Uf#{Z#
z>l)UyBt?3ChWnZ22)rkeYI>eldAT3UIMJ!Kuvm8LN2-HIN$ILm7C|wTdy}*n@$AG<
zWyGpQ`-wxI7Il>wk{NYNrBx~SxllCAZX&AcPNmOw=DXqE7au!*ynoNnk6G12+40i&
zsUw;C^qC{MW0Rw)p`9mVC)4qvTJG>k5&Y-`2`}wrQle<qL(yyyMR))4pPxQhBoxiI
z3q><A8ub1gV^F@&Or=xtbSLH*R1XmV@JR)&|Id)nR}F#Xf&j1YtYNsq*LQb!jyLIM
zukTv_zu7{8Ia^7<duT=U+#H(Il31WJk^^p__Qe9)`m76lp5BB080VqwfS~pNg-3ls
z`&aA#`*@-C|9uTgNQP9<`v1_nLeTpETK`|`|6>h>3`GX5|4)_%pi&WnG>z8(SEdZS
zk|+wy*Tt1Kj;yNXSpqQ4S0H$Tep5lo`+RFQb-(@k|BxZ6u!`hQ8@qS+ZtND3Kk5Bu
z_r>0Az2EP7q2~+Tw?NoDPk7#yZ!sod|Lt~^)%yRQ6_eKg*ZTh$LWnGX#dz+-UL@>B
zuupc3?DmA3j@1AANkz97wMwOEwKzCbuSF|mnX5>96Ef*v<hgM-z5C((h+Ul^dk{bE
zH5N;mnYf*8(mKrq^$YLVxa+*sFATR$zYvxiEH;H14Gcw+iA*}xezB>lUTRLU+=l1+
zR^&G5b4130W!#tXG^o8qP&6-{J5Ud%^SJ~B-wlRO>82k1z#sL?9$eem9yGJb4x0K1
zZ6_n7Eg{xz;IOun(RMOyAH&yKW-+sFNVASM*vWjHFc5Pis7D#HumquH?6I0t9~*tF
z?o8GnlV&!L)&G?}8Xp_3SR?h?s97ct8Hv$itU8iO#<JODCJ8?R_aC{UH<^ZgTdcJ2
zQJevPpHGe}Y33!8Y3?V#4Js^V>CgOzDm|a2|9jmIQqw`24w{3+@yH)9F-M{6i4KB}
zqYAM9&qOkjXCtFz)bwuq|I>OizUMWqH#5tn0yBKEm{Md3=9fWlhWWqiSuYPZ@}SzH
z@=E_!L(&zKD(f+CANoal(6}$n95Z{Lxj@v*J)%TAvj|Q8|12wE#1p1to8;^-Z{%b7
zLN=RCSTRZ%IV&UETC5CHmFL_q;XL&1RG7#AUt3z&`~T8^l&dlVp9=^q8;{By{nP&c
z7!rUDeDKY(j%WIxVaIciEX^vno+m)2^IxZWG5$EuSnrQN?f(y;=Xr^}@M-^l*V6t!
zW4-qO7xXF0`+q+6V=T-k6@V@Pm*gwT!w;AC{|7ku9@w=1Kk~VH&HDe_hR&wmenejV
z)q}M!S%Zq_9r#8<fZrs%_fdKE_3x!k58Y!u;G5j%u<1a6pAm%J@_$%7DzC~e70IZZ
zXMcgP??8b42m;FtvHyg?djFh<<>W?jY3&8F|G%_$w*CLJ5qJOyubb`v|8432pW8)y
zccK9zR$%7>ngx^x?&G(xZ42ZMh-|ykyg!Qam|^JsmV8HL-LiNG@otLLu6*|nN^hZv
zYs)sBQ2aVlfKMaZ8zo7!wCUv=>`R!hduUtrLD$tVwpjVTBzpNJD`h4N$viel8%&?l
zLA#QR@BhbFrRh_;U3MkXui(QcA9z$eJXU;Eny135Z9$7un5HUQn?;MYtFA^4o@|e^
z<SjlCYkdp%8A;yy`Z5|1-)nfN`2TNV!l3yviVFqI3!9Lj`<Qd_7!f>tJM3C{J^~$t
zcn?L)8<<0o=WDC;MuWY-w*P0(Hm)C3e~81qfVTf{I2K^RX?8CAe?3mFFFzUD{y$?U
zwEe%f|Gxs~+O$ce?f;3E0sq6ghuZ#M+y6t6l`T0y_1-2ft=irD?E3J!-D_q-msUM5
z)cJq6h5w-Yv+KXJ{xY5X_hR^~YpZK-1v$JT0<VkU_YlArM3Er-gRQtw1kOX(7FYP+
zKpDC}gDWD-AVBLQ@)*H8$fN8Qx<Y;dxe4-+*C2vNKpT+Hw8|sQp>o3NN(~+(ag2<+
zY1WWD;ne7G0Q{SymP{d0FcSrM%}L~y=ZdV8adsHF94ThU@)?UflKtwDo4<eX(1zss
zr`G@e`Rz~MaFrg$%uFI~kk=e0?p2;tursM_2V5d?bC&>g;uBe})r$T#${@ZA{p%mk
z<EQ56z$Be6VWhG+J+Gky?O+EEOsx5|?7&}XR|lH$M4$sH-<L7WnArjEIMji%IdmTd
z)}z2UL};ZSF$NLeg?>~govHtG^k3f2XY<)a3jLRJUB~27xgEJ&)=np#OfD8nivRY9
zf4KkP!41iOGyHqMHumOkZ@uaP7*98PHzF$x%J<={j8w990h&B-sU=G#)f~YeL-3L-
zcSFA+U_5R{g63byYgoR5`5BSt+9Q-kL>;ICeF<4~oFd(u!Q73=eT-+Fn2Q4kCIvDi
z)2&QIG4<A>^-2`aqV*xCSdG$wOHrJ-R2`8=V@9`)SjBR*Zsnp@*^WvH5Z)sTo6;1_
zY{(hBbEhDATwCkoB|}>J7<c1CcgnW+<nxuWa{a@#>cn<=7ypnWyB)ujHE$`;q9<-9
zNxjOH*z6yKlMmX1n8(7mNPCd(w%LOOvDruvHpeoVWU?c(5vnIb=xG;^foBNw;W5^D
zM8@Oolt!Enk0GN(>@*(pP8(lg?$u=Ng}$#5;sT4K^2CN{u4<L@L(=xE<-&8~omHz%
zRI0YJ4{N|WX)mVo0o-IeGKG(=zRftR-fqNG)65!8c$#a%(|`FBYb2ho?<}6i67f#r
z>5Pk~On`%ryNe<a5POTjL*N?jWA734DbK;kBPJ+fjzt;7W`A<*KMrF7ab^0CJ3d8D
z;6|c*aOhT%j)b)6fKX9WH>Js=cQaTd_)OK}z9+ncS-phvAZMLAdvs``viFQ(K5(Qo
zSe#B74<6c69!MWH(*21O*(MKiq(GjF<!lRNfIo3sL4>^HCx7M*iI81wL&&*IA=BhT
zzJrEzOuqro5L%(%P!^Hr#AW2OT%9^rt()z?in@-pKAWvrvrS!h>lc+3>$=W%oso)l
zu<J@R?MnU^{RS%RX7PIDt;p+<O!r$6*8hJZvW08{UZCCopX>QKx&Pl!Qh*<XzaHKg
zUbXi7tKSTL6=azX8Uh*u8Uj}gf$1~H<hx;4Gn_J;i5p$Ob@<ZCFRip=Ci7%)0M2}Y
zFHmJza&eA68G6>7XHJ6kiN_`Fg&#Q}W)}Hvt+%dp!4=(yx>X>}@CCdJMr9%2C$Z@A
z^?js%kb5)$uj#K+dHgcYe^50-|CisJ-b)~G>06?>PynA6MS||%p)QgJMlUq#hd{4`
zip*fKLS)(l<(48>U|JfmKx|d!+pHHN9gE9<4Nq3i2@x#K#rYA*SYIY%(ve;57bdCd
z2gH_g7#%|WdOI!@(63vNpia9}U1Yz4UzzV5h!gY-5q(5#(hOvTQHp%!K1Ur(>GM|m
z7z}C0&w)7cfIRSbAbw!nK7H@BI>Xl<(&J)TPEJ|&al!l*+xo0<{!07*H?pj5K(mbY
z|37G5n|91fzdtMv$zE1_7)Y|-KkM=Dme0fDu)HdI0ZFFYn3lp`G6Ljt2x`3h`poKn
z>;C@~^%)W~B6N6@s*+Y$1bOels7$MMRwdc~|M`IZ|DgyZ056bNfJXiQKM1`Xes1l>
zHIr*ftDltm|88~qq9LFmpdoMt5RlY9%~3pCDWCVO-@|vo7sxd61=}c17a76FF>eMM
z39*s?W7>bI{9YUF0sPah{FFZT%2OPYhn;!nUPWDga5MEI!j<rYkJEdI*D^ntr*i-Y
zP9HGyv4^I>3+nN5ed>v8{$KO|SlehloMG7{uX)S3zpD9v&HrB)=l_BBguMDuc~$ac
zB%^Mg?cpJ7M(9=-v0Gll;xRYRdOXeY0Oeat>8+zEmxJ6IVU@aEwLby=F4U;}{{{K~
z=X+o8d9J6_8|43AUd{afXEp!t_JqD@2xtggDFpoef9CiW+y8HUj~sLnLh}wi_61d#
z$N%4=d;hKI2k`HKq{0si@6gXJ3mK!6bD=N`wFF;;z#eDLQ{|0*7I{U{=l|*R{~G=O
zG1hDUe`>t&P7PC5tgoZ}|9O7k;K#!ns}I4qzL#cCo<7_#ySd)y2aENRl|y+q#rs;p
zS#Xn>nRT8TxK)H;N%AFi6V*m$H&u(2y~pzPv8sdmo9^&iuTcV6&w0jr?f<X+{{Jph
zZ-wYjeD*K@iTRSSsET_@(~aTJ_aT!&V65SOfy@Gd`5d)ZspR;$&ucj3zzED&!6p}h
zv4;JuF~0HWW^CovlKC^%tKfausI1N1W1uvz-tO&L7v597?TL$bb6MD703QGJ3%~V0
z`F8^zH<LzF)U9EYdu@gX_K)%I&coYoVi@7w_t77JGne_=fqTa1EAxa~&*$DwKE^OZ
zJ$I33H2x-jmto%w<12+N!xTTUk<RINzv)lUue!|NfN#2u;KF#aSex9Bj3*51Umkts
zhm1?8^A_4+=Q4~d+{gU8`Q24V|Nf7b`tCOTIGSI`bW8@Wlc_Fli}`rQ!`-s9?>CUY
zk@1rC2N-`DpSc{j!|=mzz;`?>ufAVD#zh_%H@VLlzU)tsVFUjEUU78wlabfEzP<L5
z$Y1vuk#DT|aqla=U+Ou!dc5aA&*gQ|p6_(e=l{>GUSBi>Gz6{_2pp5Y)7RO(8jgKA
z{Qswx;fw*;PJ-^_wbY+qkI6Nh=i|n85oD}#DZsP(78kOc7?ZjKEPo)wD~IO)ZO=ks
zC0Q)Ybi=yBGbjyYcvWZWM|C&R5FPaY&luTx{y+Guz!?(a&N}~?Dd1pfqHEqq!=f-&
zD^|*OvFhZ>ymtyCrTG@W7j?%BQ^}%>T4P7N4N0cN&Qf`dRL(PHrTPB@o))X?2j1iP
z3H)A~DRCce=zx{V|1;KW{=fbFKl**?{{Mq`1Nn|U>zJq6chDAs;<Lh@zO<Y%XGxuy
z+qp}=6Bf)(i3njbMCqf|%2}FP<Owx_JkKghFFWkX7sM=i6}O?dUhV(ibNY`t_nP(p
z&+-Bhrk^QYN_cLZXjM^xag<j$dB)MK^^a-30=<Owh(qIybu-~P_NY`yiJ6wh3ga-#
z6x7@Pjz99f>L&fi{{IWo{{IE?0RaC0<!;6Q|8sb}=Y03Rb@lGMySuyJS#u)%iSR}8
z0{GIJ-}b=ZRihIc0vZAu0xKK>N9DBZ+gD*${AqkMO`6-)Mas!>A1gfD7Jy?zj8UYb
zGmxz#X5BpIdc?ck{1&<*;vVK>)Q9x}@8Uk{#w3b7XbnWj<56~QpQ5~~cv5!oiY=f1
z#_Nmb{@yL_54{eFy`n5Bc?Gf^mM$$_w}V>+e)+-W&8>W$+{Q^lMx}W7B3Rm$Pq@x$
z3H#g>bA*hc{Px0UJC^7(K=<(5{M(ohzt^LCn772yJdI~cvINYdv*ZsW+1dI=ezh^p
zG<&nO&KpxiZDGf)HEG@J?l0h4`4{jQ`vRTKel7CUJeO#mdTyRNh>y#0rXE%nKU`lt
z_2=n_V;<q%Z04(gowv~6IK_Ki;A{~yVF+TS0~RmA99M9*+b-HK!R0l8cjiSm%}x!T
zp&K*&H7vt`Wupuc;yeQ$Yn$_o4Lm<_o*~2Y)0f332u92$#>C8`HS;&{x2X@>MlRJG
znEr+&&lJJ(=mjd>@h87%A0=2pH`t>6?&f|r-(l2Q2?VV{Sd=W7@a+zTv)7Yj)0
z8LL>z!(Z7s{-0sS>)`zSzbY9LfA{`Ret`83_}*8J^uES;&G+v7z5n}b{F_-102Jqk
z#M6;?i1&Xp@{;HOPuu@1+}8g!1T+LX2?3ssX{J{}@<rO7`TDeH*7pCBEL!wjKyCk@
zaV#4r-lQz|z>VwjoH%X&ukHUKcOqU$+yBoxZ&siG2Ojwjio6d2o)CO6@CB6D()S_!
z{R&6}P(OIdV%fPa?EiQF@t>bQSlp2Om2A7tY0t#S`H|;el;sSp&8B3_t^5B|@`|wR
zW9k;^4-2~vEXQEkB+IO^|9`7^CUjx_<2^5}du{DAp{IIY=?O<Z-FsB32+VK)|F-o1
z$KQ$ltvk^mAq2@EC0;<@)apJO<L6TM$$0+_IE{EWMQT^#Ht-%ejw|FIz}0OOArArm
zV^0LJ5s&4T#*xBdYlMVNaO`_Ob{+Tzs}=H<&WegY=#1p(fE}Fk6y^JYTC9|rEF|*|
zXq61pD)ID=LflH)R^BWac1m1)|3AKZaES0K-7dUJ7=%|3pM2m^@$gvjQR&|sV$TIB
zONd036YxcgwW}@<^XbT`M6xfNi6s-U);&%?10<s!)p+<`#Y46x*o=-ufRB93N*M8k
z>DU|PgcbJe@gO<Jn8pCce1kEKh;{A5Dm{ZSj`$Hb{|H?XuVsI5XHFe9tkVM}=@<Nz
zJ(VN>aQUgpar=ZBKXdxP#F^6%8P;BzAI*&nOr1G>*vOY3I&1eoG&OL1a`?=&D(8%3
z$J~59Ke20<n2IH`Qxj#wnw&0`2D9eq1S%g_mDkPq)a2O-YR9nhRC(Q`%BQEMCd*X$
z_*r{sd}_KjIXp#`qZ}%C^Q!VKWtwNjqV5)2EEe>`p2<3C!^$?Xh*ogg{iVO{`pm(z
zH0>T})3j@*<JpGgJcfK<ENhr_d$S<}E^gA(9R%eH4eRMj*>R~@-XWRekw0gu=E^mp
z<z?5WyiD`|n*Z1Qe{kmXr$^2IgEj*H!~B)z|4+tFrsG4k+~Jc=LW_ivFWAXs27Fr9
z<I}Q1f}zv=KXE~^bf1|@r{d{O5Dch(fbfC+0x13e44w7&Y~*ng<nZ}_u>XH6w2=LO
zXZ-(v%H`)+p8-M$$P+;1C)7paGVmC75s+)JjxJ;eh;BJ~4iNM;k`(E6Pd>^zypVw)
zLL0F0d0OT5xH*!kPoFuGJ2p9*8rrGH4aSW=m*;Djm40tnL<t@;tOl<Vlgvy^uvYGi
z^ay%+oQHG{fwj*rkmlJvVma*p&rz%R64uXUdn(qjnsq{-Cw(yKFu=T#kL3&5Y&K!V
zC}HHRjQpi6p_s1>%QI+ZX$U0WUEqX1DcPVe-NbKPfsVM+!d7sG{v&jdStA=djnr4Z
z6Tv`+TMd5kd^+M$_Zx$yTh$Tgw-?qCSEb&YCl<C}dzAI-35Qfzk_8B3y+8i;lfNX^
z{&aQhXW5f*Tftt21}AA^D(4kmg2$I!!ucC%71j3t3K%82U>;(N2Og<B4|USwfpvj-
z--p{~Y`9i!6&ULQ<0$=|yCEumB(~k~BAv|jgcxwqdOiyi_7M@pXlP0k(g*CuoAYdO
z9vnBY;H8pHz6)pH;a*~GU4=iGy{YUx`r@op9&FM5Wqk1Y*e*8(x*362WtCeFTLn*p
zS~f|veM>gY>ie|)Kfz&9Eq(4&9`l@MEaow<_5WS0T7v$+S}%RSdkj;i_SkZ4x2)Pf
zCxAzC)NPXYE5XMifNw?MQH(um1RgEBWv+ex1Nl3_|8Egb^}G;ywfBigZ||W<tNZ_*
z;s52&)c-UDGz6{-2x$NR`Qe)MIDqcf{J*k4XPHq{jsea8OE7r8ub3y7zOQC+>`aj`
z^~ZUpB$)cUAT<9ExH5IjT)6iCul@hCXA8~$`_|SxPWURsWjT5%ul@ha3EFVsu@wLR
z@<n-?+bY`2RQkiXm%xss8~l{I!87_#xzEw=D$-(BZ=WpMxW7;Z+=a}vy6vwMgGKxB
z7}S{;tARg(MZR7Qq(R(R1L|2g{69CiHQWeAWxTP__d}Th0h_}zC<v^geHmmIdX@QX
zmVc@@*NaLH{vh|3tXgfcD)z`G8x9vzb%aFGjyZT1rrzK_W4_;g$J-5K0P?$bIaWlO
zZtqQ{*UInV8h10io5Sx~wtCk;^<?(D_qgw}?3v}0SI++{{eQPwebErm5V%eta7_MA
z?f)N|0K5P~hp17<faSX2Dq8m_w#9|)CdQ-%cI%l(KJT{7d0yGT=jr`_1|<9(Z4}Rl
ze)?Z`Z^CbpZ}B88q?GZKVC^$r#nlV%w)ZI2v%W3h()fSI$j<ZsL8$5de};$N|L4)T
zeCPi$*6aQMxqTHfE2w&AY5V_|=_Nk@k7rDr!KTmuYyJE`1$V{CY5so|>2`OP|7UuQ
zsU-#ZCGr11>&{|I6@W6#hquE2^Ghs^=XYD-|DorOz&cI*?v?QWTnG4neg2<<tNyPc
zpdqll5ZGn0G{F-_!~TC!lkir`@LWI7`G0M0Bgp^z^Q-3n;kBLR&dkF`8O?AuoYm}q
zo>ym8O7H(GU@`2jZ2zAzQuF_6r1IXb&jG>H^36i;|6fb{|BUsT|8GD4k6B5d|EFeS
zeg2<!=pQZU`usm=0kE3F($4>DoUuB0{vWS?i|zl{BPV)J^n~FePX`SF4FL^-Wr2Y9
zXLf!1GmFYa^XmLPK28{lcrE*TZ1(?uwB0@*^W@`kdh)E9kBv`t$nWE#ZZ?$P$3=@Z
z`F%{}Glguf$?s#68>dgc^uy<*-^T~q=l9WQ^80A?rHw=)Yj(no6Zw6l=E$d~_W!5-
z|3S`8IwqcfD@>u#If0EYq+56f&9V&?vG0idt#n0%9{`k{`^;ItT%(WdN_EgG7pJXy
zu~N25C(FgUaIKKo7-@C^J0CY=iGp;l<~za81f8pW)7<iobb_5})2Lke{{IN{6x2@c
zvhDvfV+sV2LA9^-|CdkypU>apJ^WVo|J$km&o%_$|M!U}Lr+Ft@A~%IM<RdSV?@5O
z=EuG7mj6G-NPX21xRxQnegs(#hxJuX$Fvy3t_y22BG&K~u)ez|eY=-A2ms5-C6lR4
z49-&%%6V$Gkc;m~m`OU(A!{WQ$(*?Gm4`lY(B6>z_21cZdh59p4@*CKo!|dIM=)&E
z&G+X%wc|I-|6f})12$8u2<SyW&~CvTp3~SG3{)B<$6EhiK`bgSdjDTR<LdVR8S6X0
z|IgU0zFO=5^9-Q%{}o0En%`#Dk|(=~;&2fsddn+TIs}H6%E3R}Z2x$(@9<l%Q37*4
z=Naqu{{KqZ|7Xo-zkg?+eKPxwDy{wh5gfGtzf!eQqT|_kj7KGMglW{fp{qd!p&`kd
zUQA_qw)so&|L0+E7<!BLNU<!5SefAZd7Wl4%hLA$8)vMm+y7@RN(B}6e4uiyj|u+&
zm&F_F-i*8vxfJ<A<jF`mG7#Av*%G-WA|h|~exvuRy%%~v-g~+?(R*|6k9uD1xzzLd
zo|&Grq!p0r+1T^X-QVecrTf|LC%dcN$GY$7-qgLO`||oX)_;Bd7uNsc`ttgR)~D8Q
zS|3{fgRZ~q`g+%MUFW-=>KgC*XxF`6M%Qg!Yq~D4dn2G*p#A^*lGUShtYD=qM%CrS
zP-VobMf<I4eOlC2W=Lk#EtOWK+~-1>v+f?P)ap*9&vxd!;ocV?JAS->&(Dup)kE3w
z()cOu|KBiEhG}GD@>q@m8am9kvkvYG=i67jT;BKpr)Et8G4%g)NyjuTvye6ITsoP|
z#ZnnFXD8zcCv7Ivj)h5g(K563|2x@6P{zP(!P4yiqjGZA{H_GURr<T*9_T#3%XEnP
zYR&I5Jebb%wwbQLn+1<y^y1RIS#YcTHG$rlWpTn(SFkkA7dT^q#hzY@sVAoN`0a&H
zvuNi3`L|(?0Ht>?MgJ@3YL_WGkFu1-Nm{s`O5^-UYpkxwsSus5A{sn`@!ef?*Z1<J
zz91w|N`)515$Od>(a|A!o+|F1tT|QXFFqvCS5|(;u$zoIFN+$zgOX(hHAQQNNIP6T
z+mkQdSFTs5_<ox1!+riya<?^6soLuIgycy~u>a++P2&CHxKqY?%tWaogvh^_5Vf+}
zK?_N*SZJTxIN^+pmaMwtdeIJv7?rf0TE1Ew#b&iv12lv3<(ud~>cbvf!N&Vm?nqg|
zpyqNDA+b|FJwD`=N;Ty*D<n^(D%ksqHEM3Ezfu`KGFBfQtGiyjLt=+~XP=WB8$9HU
zJ0<1SJ0!Nt`-g06^myH>*W|7{zTjt6c~#$i)oO*#lUBG85_idG57>0pbR{qM+#hs^
z{IeOBcgpAV^~Z=QI=1gH_bE=mE!g+t_-eY#5dCR+7d=Whz4q@=W!ZPzy;jZfo^4fc
z1fD6*DJ1>X7VHO$<p*rRuz}pWU>~nni}^ZrTd_QNYz*8Q!vM1Fg1xtV)T-B=YT5OO
z781A1`+M^F%2>I6v|1dos#AOFR84M-dX#%Rs%o#5_F8+LYMm+>l4t({ir6=ymgyNk
zVHjbY$|nb%DZHW_$AzSy7rI}zMr%WrI(|0e1n9eheP7wil^lLvb5BhR$<wCkJ*QS9
ztU6RII46pPpA2KnJO%rdRV^Pse#rF@6q3KQVDGO~^A6qS(F1$%f_<nmSS))#mVYZ|
z8F~h6DNZ|wiX)_G!EIp1k?+xqgCa^fKmfZ*)E^bQSSTu7+2_>BuN{4*SG)3v5t8^t
zH56<0<6|QLwuf=($%5^6fkdGF#S-<En)O0*PpV+|TV=cC+&4K|tU5G!WVhAS9u|EG
z;OPEZ9_0I+f;CpE_gl3gwd)m<8Y$G0I}0=v@cI<6AV}wjoDpm9kdq(wFadp77()l_
zt&|JJ!3XVRg>fIhv0$T9aG)+@E3kp?QdN%EE5J&Ef>j<Ivj!cWVNg$HjQasF9|26K
zP-Crbjf{HVhq+QdD-xF`XDOaN(W-+<Z}0KLToY!|eAS^T%CCuW6p{t`j0Qg{;+_T_
zBkMVN@_~J_htboRF>CeeSiU}1wMuHvQrZjr8*sJrJnFEnHTpPYKLp_aw~NW{$?hNb
zz7_ctodfVXodx)O@9RC!^^|&_jj;azrS2bv>+4=#{c`xZwHMb+uKDch&iMb={J-Y^
zS+cg^$=B*2%Z8&~m*?C}&HwB3|MdBPM3TESNArGNs~l65)*~6T{Xatj@(ysDv(D<m
z+Km7z7TO^!dt93TKjtkvFAq@^i2PXkr{y8se<gy3KK~DRv3&dgjP-i|zy16FmnA+E
ze?tEM+5g{bbKHYZz}@0;xnJA(oOuxSe7Cos%kzhl3SrEsz<aMs7A1t@>o6m#pg1O_
zFNr&f_Yp3yrtBYZpEXUC#KQNd#=4j+-D7DRpVh|mF8|gjDx<JTU8Ecd{t%bq|DS&w
zV1ajc9^Q5n-veCWJDA(&GG9Az&-i?0o^b2=+}p{=`1hlpyGU}!aOHOyj*4sc;iY5~
zONSG~2jHNzr{~!3e$$_xUv-(k0pD~R$&Yw$T&zv*6Yg`vt@D>hU-=>91?s$oR!J_y
zzCXFY_;>TWtB(HtA6@CYzZi=D$18pJdmqhzPD!AEyXu?$x&S>Q1k}aDeU>Wx)y^+|
zhGE9{QvdaD?%=V)_jVWl^#3%MyZwKB>p$^5#%*Q)pCO+AE#mwik31XsJn{U8B2PqK
zkblhoyPu;k8Uh*u8Uk&Hz_;YY6c$mpW~^OuU8VcmD2>O6SgWvyg*4`K%zJzvc}llr
z>xdm7l*Jl|cn?Kdn`Tf4@_fZwg8K0dm|O7<<ok%2qwx&VT~e_rPD)w1Fipd3%*PYC
zT)~JLFpaR3X+*}37lNjb%VNc9SFI^l^=VA|QZzH2NcNc-GZE{M*>WN|Acm)=&5d%w
zx;i`mM+okS=u7k+*3c+LzA|or4p<6qwA$y`bv#tb56i7hd3->@-XV1Yw|i{-95PHC
zInYwUGqFVW%&EhMb$Xz5=>DwPb{qexiLzl$PM11l-@m9Cjk51wv{(?%nXHpGtZb8g
zzZD!#zx20VpON<c2ijywOa}MaCj0(uUo2~wbbGTQ11@gT(+QoU`&*K3tLDlzq5Ys-
zpMFsEKEu~8f8(l$(aN{~$JzuL6=)8oNw6b~n4k!H1M3+gv|*5Eng!Y|$b)xAOf@}E
zt2{|yeLAUAYhkhM)Q?mLU6tjaf#`cdkD2-AkN?Hr{nciI7s5jK!r%MiJ(50cDEHLA
z8w^G9A_abT@0qPPviyPX{p%0@##1cQ;d>Wv{d$$<6@2ew(|dk_<p6xoSv7f9rTsQ8
ze{}8tVwne*`{1+tJ_DRV;Cr`z=?{Nbl3jF<wc|iJ-7KCZzW;^Dm&yKrZViC&y4m~x
z>ij?c9l+N+(HJ2l*=*q=<xRK`++^IwcOo+Gg3d=|S`FowLaRah3}XQAAl^+8wBQ!H
z0`K|SGEE14sUrm_VALAa+T0sT^R4FU)zt*)WJMozaA0OlSd`}HQelv5u~KHTkjy)v
z|9#gd=^(*!@%{h!s&svlZWF;`B#iWcc=+T4kBW!KijPY26g2;$q^YtQShQHX>hgIH
zBSXALmaN4SvDQhdXQ;D*;TjL$t9W<}9Y{UMv#!+tU)1LpsAwx;#1p1toAH93H}bK3
zA)C!6tQaMX;Msi3(FW$9u&Y-lNDj?G`~TPe|H(?Qk?Z$%D6mTUp|kt{jFFw+{}28u
zz5mbfC{b7I{eR&5^6mdK*6aQM&hGy=?&a(A|5`u)4?GJ3@9pdTe+7?b-3-0|54eQH
z$M<gwvD|_67|yNT@NMSjp-*r#alKImMo%||`F_SX=9j=Nx32%+w?^szi#4ZLp9__^
zGPf;#(GbuOXbl1^-)EgO$ob?LCSvjW^8W|dDXnjly(Woi-$Nc`hf#o>?nB;($B57q
zV3{Lei`Wjm0q6-({WF;Q5L=ZiHs}Y`#>k@wtY3wnBAtO)qs~Aomd!Yp-L%P>49X01
zPk;B%<R<5RZIT(9sd#)qNX-EG&zH@aX*1my%b3Y{hx7tW5>}qIhsL9Fq4K3c=-(|A
z0d&Zhxql%m|FFu>Y@;jUN8J45bVa<D^#Zj2e_zfQ)DK8!5?0o-t$?~sqRG?v<biW<
z$f48UuA!4Qn)CyVY+pJNPbH1kh1vOCBejM0JR8R&nxlD0`~P1S&8Y^+CzG+hOvcR8
z0Sui`{GjRw#FjGC2c$<W!%CwM@KKj3LT4TN|IGitHpe~iB)e%w#@yZboOuxSe7Af~
zMdZFAuFX6P?`LBF8v$!Cg4*Bob*7v3*?C`egDS4||6MpR9Gl^FrEp?gMfH@{`u{GR
zK_?;@6fs^_g8skXSF30|^!N1lJhA@GaBnaC|G&6;F8}}EUAuo>ecjVxJN(tPUzGO$
z_)R>9_5Q!!|F^26aJK<wj_4R{c(tHQ;IFJ#wEy2a$%N_$g!V77()>&C-n_DIrYWWE
z{{PO&dDq{YXF7uYZq4%lzo=)yR=f}L?*Y~0hsJdguCK|b({RnBc%rhP_W!5gr672v
z_U_!vo!{@4Do9=z>-}!Vcqz9b>YVo`g!cbO)L&TeUKZ2cJP)<U|KE`Gs84G#`2rl0
zx|cxB*D0cHrtP_H9vxp0lj4Bfg+%GQ#7u)n!C;O2^-R^Gyz=ru)7fCLUb1rd0yo9>
z_ly&&^z!Zh^DMAZ_y1QqpYKx(`kX)C8FVt9f%J`n)<1>rv(|%lz4pwpk+m}UAht<>
zw5?C<>)uEH|91Dx=K*kj{eLwI^nVQj4T0+g0?e`B&OaC&`=VC7bC)TR?`s5q$M@RM
z|K~ji(4Fw%^F9|=3-kZXF|mf%m2gZfcK~I-G>_@rYLHfU`B{s+2$R=8*j=bp)cr-l
z($soO9@F{lg*~RLQd%COKz()c5XMO6_%4Y3v@gf|cIai|+V}u(FU9)=!Cu}XX1v`U
zUy8*%Ww5N4hcG;}{=YkAETjHEWBp3y|HrBh22inFs9NmL+wr6{yu+>Fwq4A0Q`ws9
zuD*sB{R}jv5E$E3&K=jYe2VhkZ%~Tk%6+W7d%_wu;H9}FUxWMq%uir1U+e#C{r^Tf
zr=L&}``+6B-^$tlXDSi=|2DB9;Qw!f>j7{J`2<iW0L;bzcgFv}nzi(Q4FL^->j47(
z`G1@F=U#<0A)m<SQ*p;k=E)_1XN$k&{r@YJWdvL2-xH+A8rMaibK)Ij&HpRe0(+;8
zN}SOAzZx1>$N%$AXy^HV#%A@^n*Zk+K=c0!BbL+tpRr!^|DCn}=P|GOf9?Mtqr8#M
zd2jIl_-eARpTqy(U;LL3+|SgUvNa)1s`t46KiC+nu!{TzT#9@%aw*ckF0*!~;RL|{
z;GO_j>H+`%BAx&D!s^}YJ{z7{Th;pi(&wMndwI9@UbOzzdtLvE_y4^a3H*ODVH$ZO
zYsQmS&Q4f%Hk~(}w3W1+LOPa6SlEYNv<&Y@HuL|yQv#Y0=Wfr^|6jD`R$AxZ!_>c;
zZ5!9c+5A6qc%F22!PD{1Q<c!^Wp0`6ApM>HTf{zhmUp?ZS-be$Qt&IW(?q|~_fHVW
zus(P29ja-;o&Tu(63xr24pDHwQriZ`V9m>`5x`zl{JlvvviH&GR$-f%=^`X%2fYnR
zwqR@xo4FKA>Ub=)qN&r&|MPg|dFWp6Yu#O2=|)&?^SUV>>1-LTejDlS%&V=>`u@%O
z|J*iX(6y@n&m%?i|BLhg?+`k%JwNMBfS=z-r>rpEGoQ~G$Rm#BEYK^sJWo9<SucRc
zG0z6HPRqc04N*6LyL+AQ!u;WFPh7m4%kn*(3mA1@#1*h^_V)*Rr1@L8Z1cH)bCrF<
ztyiD_=b!t?eaN`VcKGjw^Z%fq2Rv!M8vnL$j44cvQD~Sl?sC};d-wlfzB0fm6;_dd
zC4K%MLqlIR1T+NReF*4tuddH?ueATa#Saj~xq#aL-+cc6GKqYqkj*u@&ddf~XMXaf
zA3i7j|2@z)|9|8UPWaAj=m0;XFKr|e*$z3(M02MfGPM6c?f(yQZsO0qbK$_7gI|Zu
z8F(H%gS-l|An@tPgU3V!zmBpv!?smlw!zcgv|oU^`~qk{Q@-bj_tN=)L!qs|*}T_3
z*S+`p{{QVX-c?vdR-!XqGhL#0clR@E4n>~od8H>D`E>8mUOb2XzuN!rr~UsQgufo%
z7+$sZ`>Wp!eU-&2Zaw;<A)q0kA+R(E`1=366D{rk7tp|GeSy}>FRe6N4$$`C0$;GO
zbph|J@vh!1?Se&XZl!hp^`PDSu&{PPR2I}b@Csg6w*$|;%=@REv!>@AH}%z8o1QTq
z91Z-2@NQWvJMd+CqfujqcZbo7*iGyAcHldq0n@zykJed#jekWq-NQK-V9FLcM;ZR$
z5o4<84Ck5mLp@93{g(F}<=Pngy<^P{e7}SN{ch}8p_dWC!>$1S*44jYg^cQ;<+C@E
z0k(`>GMUQ6aOy;2hiSx<JF<mbd`H4e(uu}dE15{<#D%Xs^ofJ^hUBmR&Ysg-&z*R9
zp|c)n5m1sq@}@iy^sMYjnMge@)+lw7`MzY@OvRRPgmTL+l-=g2M~E*#=QQY^z1REC
zNSNuI?WE9uNw5FX!Tt+<;P=0C(4qeO&+Y2J3=ZjT=ugV`#Z4od>crs^W?VKWy-i$p
z`;WbOVvI%6r8nFlw&Fq&a|y;Du3!dv9AfQ5<hh6QJon(8rOZ87C3hN?r?l^LMy+an
z#3|PW28(ok>LpImojq`d>fM<`g5}V`8+O`~2;dLkWDo)V=GcF~C<pLY+JyjVlbn(_
zAOPk2QkhKF?92d`%~AJw=K{k1|5mYk_0gWpdg%Y}UOjW;J0cu;rT0rcKMsxe9O${c
zF52^*Zl(YKil_g7QJ?<@FzTQoa77T{^;6S7OFRD$CrdO;m+u<=!}<xVU%Zs{6MHU*
zynb?iWvrjB<8JqIzjEm9=H^&8Q^`ciNG9?@!k6gaM#9(Gzxt3|H-Ecb>t;L=Bz!5~
zmr2rTYuOH*%4No7b8?_dc04TjeB!0_J9sig?sw?eBCd>n$BC4q)yi2XU#G)c8Z##;
z6Fu7aDC!lQ10$08RH|U+<pF#?C1nON;*rAlUX~c~TW!OLSdfy6$C7>7bS#}sb_OHR
z+|1^0xpXvWUWBFK188JK#s|)?41Aa<4i|;|cgjo6(c6W1%5*FP<DVu0#rQhe#112u
zv$IYtpRo*6{Dbw~?t_OmB+q|l{qLXO{^Si;$@rRdluy$1>1LJhizgG*-R<vfZVvq$
zcE>;4RV<~y!9yW(f3K|Z-{gX@Df<9BC>*YjRfYFZ=H|c(JC;btlW`}A6|o>z{K@^v
zdn8tTx?Na7Xc52)%J*f=M4WDKHe|rXO<p|`%I1I-LR@h1g6$^I&wY46^Fu;i<UEh(
zpc$~{^ZCTUB}BKJC(BFHJ$l{K>tMXW+Jl&KpYyztR(W|2GS4As56@B07P_`e2c%eb
z>PM=B?$&+~1A_bg`>IaODM$AXRg1NH(JIsV!tzGmyWv0b@2R)kvhHPfv0kIq$+1TI
zhzeBIG~ctP=mGuv*zx22dwzakpt#REF<Ch|P~S5!a5$BSPu9%S2TW_^*w{(?WIrKt
z<Ik|Nv24mTpgQKyWtl<{Yk%`jD<rY@SKEcP@kA<swUqD6#AESv2UN#sE|bk|CR|Vf
z_Ww^ro*-X;Utar2<Wmjy|IfMh|0ksV|Bq<@|K-&$ho4(}am^&z|Gypj2oOsL4FL^-
z>k0zL<gX2j+xb^tg~vYa|G)A4KdjJ@t#4w;E?|Yvw!r79Y~!9LYX)FXQ~UpCKprCt
zx{cx)+Tq<O>h4Y0g!`xSG#pqe*kX{VriK8o_b4w33@^bHU$89pk5Qyx?~vPgvUV@S
ze!YY5P|v}G!Yp6iT<YpH7Wg|mud%@2t3anU78o8S0tiMb@44|vWlf>wwEyR}85^!u
z`+vrIZU4Wx{l9naqv!Kq`~Pp4{sT#+{}mFj^JiYlkmFnX{{x^JH4*z=xM=_XnEylK
wdmqhz4)P%c#+i@r-xgv#f<6DuWR)M4CH%d5$aD~x?dEsSt=;hLrM~<B0pTb$)&Kwi
delta 12289
zcmeHNdu$ZP8J}67?{<BU-LuX43AO_!HrV&vyW68C7;2JBanlP0>JSRtozFN4*zWmE
zp{inoXysOIcudn#n}{S*le$Q4NSy}%kpv<k>ZazUC=yCYlT-;MU?tF46*La*%<hiw
zYz&5`Qd97r?)GN(o7vg@9`pMiJv~BC55FtCr<{jnyYF||vw?P$>1S{MZmC_|BdHWK
zDMg8XWu|`i5Q?p$mjiXcVf?X}68>&kBYt3Yi@BCj+mLOa^_QksEoaOP{LAL;<`w1|
z!C`#asF)gzWZYZX`0lOHIlGn2WdJ-V(&yy#GY^)7eDYZW^6|wja3xArOOQi9s1D((
zOVEafs^>hgT&3kfp*{x8j<+rJ%b|o%@x|QUcr=vo%8D=15=zLScre(a_(K7312kyy
zvqjK^KOcd2G<@;dKp}eVSs!ZnNJ1mE5|ZY5VHUz4J#JUXy6Lme(AUqQ=$i$oX>K9f
zSk0qT^XLOFJhybWVncQFABM*M&(1y1Rrcwl*qbuxqv;!SkWUBsE<wR6)W7eY3y@6l
z#Jl&3>=qiW1@B)AXY})KgH&|~XcULVQ(~jIUwl$biM`@_@vs=NQOYys-kg`sb>`JM
zjXc^dH3|djO?i-qcK3ZHyM~a|pp$)X=f-?1L(NV1ZH#Yf-Wv0*`fhwHwi#gw>F)|P
zZ)wx}H<Nx;zNiGP4I8^<pWho(68>gIj>`(+l;7*|%7k+*KELb_wtzWp(M<_3CE14d
z&S+zM{E?+?spMAR4n;$8#iP{9v4C9bar^wWp_XV%t?cnDUVkV`rj7yOH-m-7WzCZR
zspoNh85b_{xPz;K*X;?oJ?@a#<0EaS#~)HcsN(JwIcj?~eIEzH)!YRr0R1i4@!~tV
zuV!1w6$`TO{wa1;amCh-Wc$O3c&Zb0btaN{Q59F}B4X$c`2B9ODmkvNDiQM4x?{0s
z^5k(P>h^%Y)+Zv%8YTZ;gdeNn!o_~CH@zs2B9pc=;PLt70D5N83IlEb+B=_vMNAFy
zz%07Rv_RpC%dkw9BTJ?nWuec`l^v)r<qkn%P=Ay{m7y{jE#r#@_zx@^p&wN&Dpq+l
zrA}$Qnv!fhuUcAKWM42LkK<J=FrHWc8VP=&@#-a&SH+6koqjEZSETLq1%lo{5I-}M
z`<9VhCC5v%xG)USe?0vmYUVHe*_+Hzu)cQ=7Thzj@3CKOFgWnGr(ieC#;_dT+5foI
zly#tIHpl1S-db3PTDvV)4hUdVVpA-UT=`Hljyhow=R2VtZ*W2nUgd-vs9Ck+BTnc=
z^+%0a07w|R-~y=NSDny-m%E^&h*?~9h2)1RX))gBf<9rs-k*bCq0KtIIivsbx;&|7
z9vHFoT1RceVuS54(O*S8WE-(G**4nt6D>}OikTPY^85Hv(*+~Z-S9PZ*ClMxMZkgJ
zhb}bIA!SqhJ`*kda1(OgQ-F%L&5T6jsfRWvfPPx6w#ru$`7Up1PnIw4O10MBoosJQ
zCEA*GqH-$z>eVQ{+QP0rxboZJ!7lX4w)yzp<FKM`L$bZA;~Opa5nb;DQFqKAk9y<d
zC4vY@ruIJlhu3RV<$X~V2>izqPRdb;#`-)yw>w0oV6{=R2b60O!P-ln$3Q+$eC%H*
zqLWAS%0$vLu2+AzJV=5nP>()68if+tR9R56Umpv8{+G|wmNp3#prCa_KY|YQ{!l>`
z6DZexRd&bNT=b6ty!N%bHnTpo@!0wz^B6&rY;bb`o7RfAjlu#nddxC436JY{Lc@*F
zeSat1;nmhh@5>P*kx~slGxvvyxlbGXkA=g+0RJd8_eX98(Qp`KpX|r)my8pNLGzTh
zVKRG>whh1EWs%%<AUP@QxiSIvtT1giJ!ed2z#eC-DjL^?J-U?41w8_;zYJycdZl!r
zZxDuI|CO`E)=Z5aa?)0R2(3AvgjxN^&%X_?LJ+0;ttKFdQyPN6JGK&C*!S*&dS;(A
za=PuM4<^)9!g9edkub#^78Fx`c2Cxjl^6HeA~pj1)~J?rqb1BV#*Lj_OgqvuLQo6_
z#7o4iofQYg0kJ3R65unWbQ+dS!xCfnlz8J-ge5_{Rn<D4z<li}M1OJx>$G0l!;vck
z!his5_0#^?WFFwn`eXT+faS=oup3?zC{b@9OHrLZRj4>H5A3k)Ab$L?xZcX}<tgiv
z)=Ye9Grz?5@@*yp7JB;+?fRY3eup}m2L<Yx{Gf_?Md)mGAuL63-ePp=Z@H-NqaD=u
zpF5xJCu}ohZHmscV_Xd2>tk+lDcRUwL41u3@#l{aXZra0XYBzpf;!VV`p_ccO#4x4
zc(CMzdc^=Jgkw)gf!+eJJPqNn^f}~_<y>L6TPLSjE|Z)>HKuaK`c1kzIzfBaLKVbz
zl80tvDdxM`vAx=T^EH^N-{2}h`aeRDN}4Aer~xM|TZrq?Y|V5&PK-Gpx0CBJIlk;O
z-I!<XnrsWx1>yQ~;9>x(wD-9M%!fUsiI6JkjA5FjFQJkiVdBfQlZ|7+w|J^6nIHnq
z=KhkpGYceLJLq0l4%U;16^&q}9U2;Y%uzx38Iu-!9OaMkFPi$OC;aLyZODno`<}Ui
zF_6FbtGk%3Vtr{R2HFvPIxnAEcl!2v#nU#6jYJN_VG7lEas2~(R+uX_Kf?gt*vnmD
z#+3?HKCuH(XM}~iu4N@X8S<A&TBSP64?qikp%&(0_a$g3iRiS{DbJ)WB_YL6k5)qq
zVO0T6?SxIWKj|2{%$#KQ6kO!|pC|VH(BS*63BR%v&PMNjQZDD}i_;KME5Som=2l_N
zbd+;C%6W@KIiH)wadmkaVx9|VEJyRarxP((rGBP?|5XuE0{nMmRWjU4qcKdLG#j6R
zdDZZwH-AjrCJ)lkKo2E3W4=8?iHgOpZ8T}8$3Y!(iFq@0`{@P794vLfEo5JPR5)P#
z9{gvv!q6Bcm<29@h&3HDqv5VYw%Zd@U(-n?*rvx)$H1$$t%t=hi4S%Vw3}(~>aGHR
zYmILi-82F_k}a|{nGSntnydhI%;nV_vyJAMY0CBgGQ&(V<HXITDf0h@pKYUlHq5^1
zymRed*sb{%JaFpvLd`Of|18+diU}yZq**#@g6Lt?P9y-V9n2gt%+K6vh8bBBjm_iI
zhUJb;#Htkv(aG+Dat%L%v80Q(Oge@mOY6zPQaP9JxP6_69t$i|)1J~9^V7t6sxyD-
zgFOAI;lR~N4d&BMOlo|GCUNCG5<iwaqmp+M`CLKJBn%kTjII#Wn<8#-!8zAV>gKCS
zT{s`Ta4-)Kx?okqSVC8yfJr<cZq;=9W4bDX6gEv)WvIGg0AoRmpq=gB3_hvp4_Gp7
zw60f#g8N3Hgn3#=;@8cMX>xnT@I49XQ0i)(x>PMfX`E=Y*ltcO=mK#1hSK4ujoVE*
zBo;@&*iBXe<_TlWN89FBE^H->o1%D7Up~#Elfpkzz%p)z**7r5waO3Cm9wjEx}c9{
zF46^kq!8<k|12p_(kY~@ubweWd&+eFoVFS6p{&U#LDB&dCZ#xe(v19|*>f$x7FH+c
zfk(Rufoj@OgfFgx1>I~3EZWB6&LrQW9t`&}eD+0gp2j~qHAf0Rn`WD|L}!zUmM-3o
zwJfKygos|kRZL5`@S!5E5QRT{m{o5%JG(j(Nm`Eu(*M3WN#AvAvpjMjmWVd1wOM{v
zSs5dRmYKC#`H!4Cy(~crD+lyqJ)b<jSkEUrgYEzsLd&#PS?T3lx&BN`tFnq}O%o$x
zpBPa!k)>6q%l2-svb|bXEJZ_X%)ELvb2(;SnfWe7_a7`nXS<~emhNC9CO61cH)@do
E4Xs{5umAu6
diff --git a/ldap/data/ldap_db/lock.mdb b/ldap/data/ldap_db/lock.mdb
index 0041bebf53c2b3ef4ea4534278728f0633f1346b..629f661090f66d6e909bb038253a434885d6ee7c 100644
GIT binary patch
delta 45
xcmZp0XmFTdz!}c~0ZbDE#U}<hGjA`gpBSh$u|bgadi}Q2`i&3e<tHX^0{|U&4s`$k
delta 45
xcmZp0XmFTdz-hz)0gMv^#U}<hGq3KgpBSh$u|bgacy#HE`i&3e<tHX^0{|2N4gmlF
diff --git a/web/warpzone/settings.py b/web/warpzone/settings.py
index 8bb9f17..d22dd45 100644
--- a/web/warpzone/settings.py
+++ b/web/warpzone/settings.py
@@ -103,8 +103,8 @@ DATABASES = {
},
'ldap': {
'ENGINE': 'ldapdb.backends.ldap',
- 'NAME': 'ldap://s1.dyhost.de/',
- #'NAME': 'ldap://ldap/',
+ #'NAME': 'ldap://s1.dyhost.de/',
+ 'NAME': 'ldap://ldap/',
'USER': 'cn=admin,dc=warpzone,dc=ms',
'PASSWORD': '12345',
}
@@ -139,14 +139,14 @@ AUTHENTICATION_BACKENDS = (
# AUTH LDAP SETTINGS
#
-AUTH_LDAP_SERVER_URI = "ldap://s1.dyhost.de"
-#AUTH_LDAP_SERVER_URI = "ldap://ldap"
+#AUTH_LDAP_SERVER_URI = "ldap://s1.dyhost.de"
+AUTH_LDAP_SERVER_URI = "ldap://ldap"
AUTH_LDAP_BIND_DN = "cn=admin,dc=warpzone,dc=ms"
AUTH_LDAP_BIND_PASSWORD = "12345"
-AUTH_LDAP_USER_SEARCH_PATH = "ou=User,dc=warpzone,dc=ms"
+AUTH_LDAP_USER_SEARCH_PATH = "ou=people,dc=warpzone,dc=ms"
AUTH_LDAP_USER_SEARCH_FILTER = "(uid=%(user)s)"
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_PATH,
@@ -163,10 +163,10 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_PATH,
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
- "is_active": "cn=active,ou=Groups,dc=warpzone,dc=ms",
- "is_staff": ["cn=superuser,ou=Groups,dc=warpzone,dc=ms",
- "cn=superuser,ou=Groups,dc=warpzone,dc=ms"],
- "is_superuser": "cn=superuser,ou=Groups,dc=warpzone,dc=ms"
+ "is_active": "cn=active,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms",
+ "is_staff": ["cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms",
+ "cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms"],
+ "is_superuser": "cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms"
}
AUTH_LDAP_FIND_GROUP_PERMS = True
--
GitLab