From 0e066a1f85d869e0eb6cc238ef42f2f4876862cc Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Sat, 30 Aug 2008 07:59:02 +0000 Subject: [PATCH] LEMONLDAP::NG : documentation update (issued from "make documentation") --- .../doc/advanced-access-rules.html | 55 ++++- build/lemonldap-ng/doc/advanced-install.html | 44 ++++ build/lemonldap-ng/doc/contacts.html | 144 ++++++++++++ .../doc/debian-packages-install.html | 153 +++++++++++++ build/lemonldap-ng/doc/dokuwiki.html | 140 ++++++++++++ build/lemonldap-ng/doc/errors-fr.html | 44 ++++ build/lemonldap-ng/doc/errors.html | 44 ++++ build/lemonldap-ng/doc/faq-fr.html | 49 +++- build/lemonldap-ng/doc/faq.html | 44 ++++ build/lemonldap-ng/doc/index.html | 77 +++++++ build/lemonldap-ng/doc/install-fr.html | 48 +++- build/lemonldap-ng/doc/install.html | 44 ++++ .../lemonldap-ng/doc/liberty-alliance-fr.html | 44 ++++ build/lemonldap-ng/doc/logo_bpi.png | Bin 0 -> 3719 bytes .../doc/logo_gendarmerie_nationale.png | Bin 0 -> 19601 bytes .../doc/logo_lemonldap-ng_400px.png | Bin 0 -> 10695 bytes build/lemonldap-ng/doc/overview-fr.html | 59 ++++- build/lemonldap-ng/doc/overview.html | 59 ++++- build/lemonldap-ng/doc/password-policy.html | 44 ++++ build/lemonldap-ng/doc/phpldapadmin.html | 195 ++++++++++++++++ build/lemonldap-ng/doc/references.html | 97 ++++++++ build/lemonldap-ng/doc/roadmap.html | 126 +++++++++++ build/lemonldap-ng/doc/soap-fr.html | 44 ++++ build/lemonldap-ng/doc/sympa.html | 212 ++++++++++++++++++ build/lemonldap-ng/doc/tomcat-valve.html | 170 ++++++++++++++ 25 files changed, 1921 insertions(+), 15 deletions(-) create mode 100644 build/lemonldap-ng/doc/contacts.html create mode 100644 build/lemonldap-ng/doc/debian-packages-install.html create mode 100644 build/lemonldap-ng/doc/dokuwiki.html create mode 100644 build/lemonldap-ng/doc/index.html create mode 100644 build/lemonldap-ng/doc/logo_bpi.png create mode 100644 build/lemonldap-ng/doc/logo_gendarmerie_nationale.png create mode 100644 build/lemonldap-ng/doc/logo_lemonldap-ng_400px.png create mode 100644 build/lemonldap-ng/doc/phpldapadmin.html create mode 100644 build/lemonldap-ng/doc/references.html create mode 100644 build/lemonldap-ng/doc/roadmap.html create mode 100644 build/lemonldap-ng/doc/sympa.html create mode 100644 build/lemonldap-ng/doc/tomcat-valve.html diff --git a/build/lemonldap-ng/doc/advanced-access-rules.html b/build/lemonldap-ng/doc/advanced-access-rules.html index 57e9ee458..bcb35e5d1 100644 --- a/build/lemonldap-ng/doc/advanced-access-rules.html +++ b/build/lemonldap-ng/doc/advanced-access-rules.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: advanced-access-rules.html + @@ -216,10 +258,17 @@ objectClass ( SSOOID:2:1 a value inside the entry of the users.

Habilitation based on a date

+ "HHabilitationbasedonadate">Habilitation based on a date
+
+ If the user has got ssoStartDate and/or ssoEndDate, you can configure + rules to compare the current date to the start/end dates.

Habilitation based on a period

+ "HHabilitationbasedonaperiod">Habilitation based on a + period
+
+ If the user has got ssoTimeProfile, you can configure rules to compare the + current time and compare it to the time profile.

Send a role to a protected @@ -365,5 +414,7 @@ Auth-Roles => $bbbRoles Now the protected application can read in the header HTTP_AUTH_ROLES the role of the user. + +

Index

diff --git a/build/lemonldap-ng/doc/advanced-install.html b/build/lemonldap-ng/doc/advanced-install.html index f7d73cbd0..4f743b0c1 100644 --- a/build/lemonldap-ng/doc/advanced-install.html +++ b/build/lemonldap-ng/doc/advanced-install.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: advanced-install.html + @@ -369,5 +411,7 @@ SSLEngine On + +

Index

diff --git a/build/lemonldap-ng/doc/contacts.html b/build/lemonldap-ng/doc/contacts.html new file mode 100644 index 000000000..9665b827e --- /dev/null +++ b/build/lemonldap-ng/doc/contacts.html @@ -0,0 +1,144 @@ + + + + + + + + Lemonldap::NG documentation: contacts.html + + + + + +
+

Contacts

+ +

LemonLDAP

+ +

Mailing + lists

+ +
    +
  • Devel: lemonldap-dev AT ow2.org (Archives)
    • +
+ +

Core team

+ +
    +
  • Eric German, germanlinux AT yahoo.com: Leader
    • + +
  • Habib ZITOUNI zitouni.habib AT gmail.com (version 3)
    • + +
  • Hamza AISSAT asthamza AT hotmail.fr (version 3)
    • + +
  • Casimir ANTUNES (webmin)
    • +
+ +

Contributors

+ +
    +
  • Sebastien DIAZ: sebastien.diaz AT gmail.com module pour sympa + pluglemonsympa (liste de discussion)
    • + +
  • Apache::Authenlemonldap: module CPAN à installer sur un + serveur apache qui permet de décoder les en-têtes + envoyées par lemonldap.
    • + +
  • Lemonldap::Cluster::Status: module CPAN qui permet de superviser un + cluster de serveurs lemonldap de la même manière qu'un + server-status individuel.
    • + +
  • Valve lemonldap pour Tomcat: valve java a installer sur un serveur + Tomcat qui permet de décoder les entetes envoyées par + lemonldap. Auteurs : Itin avec : BOIREAU Oliver CHECCO Jean-Thomas GZADY + Mounir RIVIERE Daniel
    • +
+ +

LemonLDAP::NG

+ +

Mailing + lists

+ +
    +
  • Devel: lemonldap-ng-dev AT ow2.org (Archives)
    • + +
  • Users: lemonldap-ng-users AT ow2.org (Archives)
    • +
+ +

Core team

+ +
    +
  • Xavier Guimard, x.guimard AT free.fr: Leader
    • + +
  • Thomas Chemineau: Developer
    • + +
  • Clément Oudot: Graphics, documentation, tests
    • +
+ +

Contributors

+ + +
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/debian-packages-install.html b/build/lemonldap-ng/doc/debian-packages-install.html new file mode 100644 index 000000000..451a330a9 --- /dev/null +++ b/build/lemonldap-ng/doc/debian-packages-install.html @@ -0,0 +1,153 @@ + + + + + + + + Lemonldap::NG documentation: debian-packages-install.html + + + + + +
+

Installation on Debian/Ubuntu + with packages

+ +

+ + + +

Get the + packages

+ +

If you run Debian lenny (testing) or sid + (unstable), the LemonLDAP::NG packages are directly installable: + +
+ 
+# apt-cache search lemonldap-ng
+
+

+
+ Else you will have to download them first, from this location: + http://packages.debian.org/search?keywords=lemonldap-ng.
+ +
+ For example: + +
+ 
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/lemonldap-ng_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-conf-perl_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-portal-perl_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-handler-perl_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-manager-perl_0.9.2-1_all.deb
+
+
+ +

Install packages (Debian + testing/unstable)


+
+ +
+ 
+# apt-get install apache2 lemonldap-ng
+
+
+ +

Install + packages (Other)


+
+ Before installing the packages, install dependencies: + +
+ 
+# apt-get install apache2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl  libsoap-lite-perl libhtml-template-perl
+
+

+
+ Then: + +
+ 
+# dpkg -i liblemonldap-ng-* lemonldap-ng*
+
+
+ +

File location

+ +
    +
  • All configuration is in /etc/lemonldap-ng
    • + +
  • All Perl modules are in /usr/share/perl5/Lemonldap/NG/
    • + +
  • All Perl scripts/pages are in /var/lib/lemonldap-ng/
    • +
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/dokuwiki.html b/build/lemonldap-ng/doc/dokuwiki.html new file mode 100644 index 000000000..26dc08723 --- /dev/null +++ b/build/lemonldap-ng/doc/dokuwiki.html @@ -0,0 +1,140 @@ + + + + + + + + Lemonldap::NG documentation: dokuwiki.html + + + + + +
+

LemonLDAP SSO + with Dokuwiki

+ +

+ + This plugin was provided by Erwan Legall (LINAGORA). See the + original + article. + +

Installation

+ +

Simply unpack the LemonLDAP::NG Dokuwiki plugin + (see download section) and copy the lemonldap.class.php and + lemonldapuserdatabackend.class.php in your inc/auth/ directory. + +

Note: The Dokuwiki must be provided by the http + server wheris the lemonLDAP handler. + +

Configuration


+
+ Very simple too, the only thing you have to change is the conf/local.php + to add this line:
+
+ +
+ 
+$conf[authtype]    = lemonldap;
+
+

+
+ That's it! + +

LemonLDAP / dokuwiki / Apache2 + VHost example


+
+ There is an example of an apache2 vhost which prvide an LemonLDAP + authentified dokuwiki:
+
+ For information, this can be an Apache2 lemon/doku config file:
+
+ +
+ 
+PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm

<VirtualHost *>
+    ServerName dokuwiki.sso-lemonldap.com
+    PerlOptions +GlobalRequest
+    PerlHeaderParserHandler MyHandler

    <Files *.pl>
+        SetHandler perl-script
+        PerlResponseHandler ModPerl::Registry
+        PerlSendHeader  On
+    </Files>

    # DocumentRoot
+    DocumentRoot /var/www/dokuwiki.sso-lemonldap.com

    <Directory /var/www/dokuwiki.sso-lemonldap.com>
+        Order deny,allow
+        #Deny from all
+        Allow from all
+        Options -Indexes +FollowSymLinks +MultiViews
+    </Directory>

        <IfModule mod_dir.c>
+            DirectoryIndex index.pl index.php index.html
+        </IfModule>

    # Logs
+    LogLevel warn
+    ErrorLog /var/log/apache2/dokuwikisso-lemonldap.com-error.log
+    CustomLog /var/log/apache2/dokuwikisso-lemonldap.com-access.log combined

</VirtualHost>
+
+
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/errors-fr.html b/build/lemonldap-ng/doc/errors-fr.html index 73f9fc900..53c2024d4 100644 --- a/build/lemonldap-ng/doc/errors-fr.html +++ b/build/lemonldap-ng/doc/errors-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: errors-fr.html + @@ -196,5 +238,7 @@

+ +

Index

diff --git a/build/lemonldap-ng/doc/errors.html b/build/lemonldap-ng/doc/errors.html index d25310ea1..1d857b09b 100644 --- a/build/lemonldap-ng/doc/errors.html +++ b/build/lemonldap-ng/doc/errors.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: errors.html + @@ -183,5 +225,7 @@

This message appears when an handler can not access to session database. The real error is reported. + +

Index

diff --git a/build/lemonldap-ng/doc/faq-fr.html b/build/lemonldap-ng/doc/faq-fr.html index b44e24cde..26f9aa45c 100644 --- a/build/lemonldap-ng/doc/faq-fr.html +++ b/build/lemonldap-ng/doc/faq-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: faq-fr.html + @@ -209,9 +251,8 @@ par une simple connexion HTTP(S). Le serveur SOAP accède lui à la configuration par un des systèmes précédents (File ou DBI). Pour plus d'informations, voir - la page Utilisation des Web - Services. + la page Utilisation des + Web Services.

Erreurs référence ces messages d'erreur et de débogage. + +

Index

diff --git a/build/lemonldap-ng/doc/faq.html b/build/lemonldap-ng/doc/faq.html index 5ef2e7d82..6dba50ba0 100644 --- a/build/lemonldap-ng/doc/faq.html +++ b/build/lemonldap-ng/doc/faq.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: faq.html + @@ -410,5 +452,7 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(

Those messages are described here. + +

Index

diff --git a/build/lemonldap-ng/doc/index.html b/build/lemonldap-ng/doc/index.html new file mode 100644 index 000000000..6eaf5d032 --- /dev/null +++ b/build/lemonldap-ng/doc/index.html @@ -0,0 +1,77 @@ + + + +Lemonldap::NG documentation: index + + + + +
+

LemonLDAP::NG documentation

+ +
+

Find the latest version of the documentation on LemonLDAP::NG Wiki !

+ + diff --git a/build/lemonldap-ng/doc/install-fr.html b/build/lemonldap-ng/doc/install-fr.html index 2e39313a9..8e6149bb5 100644 --- a/build/lemonldap-ng/doc/install-fr.html +++ b/build/lemonldap-ng/doc/install-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: install-fr.html + @@ -76,8 +118,8 @@ #apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl Et si vous souhaitez utiliser les fonctionnalités SOAP du - manager (cf. Utilisation des modules SOAP) : + manager (cf. Utilisation des + modules SOAP) : 
@@ -205,5 +247,7 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
     redirigés vers auth.example.com. Connectez-vous avec un compte
     valide et la page protégée apparaîtra.
+ +

Index

diff --git a/build/lemonldap-ng/doc/install.html b/build/lemonldap-ng/doc/install.html index 15372d3cc..2e74178eb 100644 --- a/build/lemonldap-ng/doc/install.html +++ b/build/lemonldap-ng/doc/install.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: install.html + @@ -188,5 +230,7 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable redirect to auth.example.com. Try to authenticate yourself with a valid account and the protected page will appear. + +

Index

diff --git a/build/lemonldap-ng/doc/liberty-alliance-fr.html b/build/lemonldap-ng/doc/liberty-alliance-fr.html index 45bb2fe35..df361cbbd 100644 --- a/build/lemonldap-ng/doc/liberty-alliance-fr.html +++ b/build/lemonldap-ng/doc/liberty-alliance-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: liberty-alliance-fr.html + @@ -533,5 +575,7 @@ my $var_dir = "/http://federid.objectweb.org/xwiki/bin/view/Main/Demonstration + +

Index

diff --git a/build/lemonldap-ng/doc/logo_bpi.png b/build/lemonldap-ng/doc/logo_bpi.png new file mode 100644 index 0000000000000000000000000000000000000000..2935cd0c94f4c2ffa8100171aa2d4500623e0ed8 GIT binary patch literal 3719 zcmV;24tVj2P)1^@s6*)K|k00006VoOIv0RI60 z0RN!9r;`8x00(qQO+^RT1QrWA1f1G$-~a#)DM>^@RCt{2oq4p?RTalS%=7d>l0js6 z2#S!iW~88r15%drv?5Cl)U?z@ZK-LBl|x!NloJ|=ic4H*kS1aXVo;K%q9KE#ASwbP zGw=1scb|Ueo_DAB?t5H#_k7p-t#f~8{{8OR=j^@D-scAq5fKp)5fKp)5fKsF4~>f5 zf$fMUKs%s?T@}E#AWuu6HP8Uq3N#1Wp!c*TO`Xkvwm@TGv&D6=`ZoiWHRxw!>t{1y zQ-(ad0iCRmn=|Bzh^Q8ZqXFx#t-y3(fS2bkOB-wVW9)u>hB`-C`ZHdftG`DL`#IRk zFU^wYbkzT8HEbgyPc$rc2a14gz-qKA3(}MF^!xAa5Zy zs4K7lu`A!Tw99}p;Q9jUFSBb|0d?eqdr*JRMC@2Z9iS8m#9=w`xc%;D;d^U6H~oD|e`D)0_47x=mtzbh~fSOm;LvQPsr{TJ5OY~XBbXNIL6WB2!Y zb-6w}lmkxyOMscykBE8>C#1h__dO7cRSBGCahZhlO{5C=Zso~GNS_>(tppxG+OhY% zxTT0)azgq>B#8UzAVPR8O`Sis^n-(VSI25gKf~^4dhfyI1!!e$h4ni&w4_jqE685J zS~Ljyp_%fD9A!QSMtJ%9=h;@7l>;~rxYT~1fz-2oyu9BaRa@2!I3Kvm?t1{c0Q=ar z39UH4vGj{9+}px6zzM*lJp1Y})Y|$CI39S&;=@(7Bv6V30?Dij`3bnw(JJBCl6X;920o zp#G9VDH6zAXlCz(*sX5?-^o$N5z~4L^VJ$Txxkh81@~N=v~B}%YY^Yk!ZNffIr$*0 zuObMmi`}gL>=Qhon zYsbX!Fy^-pA2wF)NTbv`51A(KE>ez=P zutC7Lky_b@vjEr+_@Ki;=_HAp272M@P30xHM8iPr8jOQUs z*h@)O*@ipmBklgzNS(S2c%D?1=jli#I@#{So%FWAAJDG!BH$JhRt=y%+G(GS_BHmg z^8V&ySZ6oj&(@!R0vD5N6>uXO3MsHbo% z(&}6pBdVe#b=wgU`63cXL_`)u0*Q#IN9d1)>o0(n!0(XOB_cDLBlU03BKKpbM7qtX zPE_B(tu`iMGwg3a2{OYu2JO60u3Ds8I0>nnUq%z;tB7Dij-ff?5^g~50fnL^+IJd_d}H1R zo~up;=?KKRVAch;06#&j%-z8Ey|gPyHI5763<}qJaifvx$eVWG#Nv)b*1F@-#vbU8 zxeyW3OTZ<-r^r2Z8F0Df0XZ}^0)B7t<;XXqGg`SWLaW{dz!Au~Xgu(@TrZ#q*blwu zu4rOfhz85e$h2i7dT$RP)0m&9sbdec`S>x~(EJq5$S(swL@ep$$h_rt;1w&^6ZjQ! zFJ21FNAJHG8oa~MgxMAO*O#IH^Ap7Cjs|8SKbl(*0j&l8fy`(+BMXKh$U0#f@}KDr z+=<4_nWPd$cYBuA_N*h&#N7osr~NnU+eB_dCZ0n31&rl2uN2~3L$mVP? z$+Nl5!%E;VG{cr#d^_~6#~@|MO=wmhi%eq1q6uXta`T;QZM@^PeKWEWxPw%=c9d7o zR5WothpY&eqxZWI*}uJsIE2>`p_f~q9tEzoXF36`dLY8O0IgExUVV32d-o#37>C@H z$6DO2Bo1x=N4gcHjKYNU7Qk`9FVRwY8Jfi$1|w=+Kw>`x61MLzpxxb&oC5kY`ygkc zYe^NjJD``+2N?(sMlbhz8b8Kwqot8nP=IiiO3HMIjLqa4sERbF2GkTu9;Uy7o<%*5P3QJ<>sUJPT|XMlLi)gxcNi*CCGRTrbZQ zw4${@EB*+wARU2hAU`2}DDVTcG+lvAzFXPV67h-MkwM_XJnCDLN1kl(XTJRrI|m{f z-$nLI3#)sUls}*x!8HilYG`fkXaw>Xw3@$%X4L-ZzjyDY98HYt>>7e*?Tr?{8qLzf z(JC?r*w@k}wL1Z^UTaA`2YI}e+iKxDH2JJVhgX1PqjDr4u171pb1%5Z z!p+E7^9#hDEddU;NE~%m<8643i1@-2a?__JiOK+6>Cc*Amvjg z+m%hWfZQ@jCUf>m#1e(a{d%KJev>e^f}R^&)`Lj194*6vGk@Y>r* zI|XuP>Wfs5kDygB-`!wmDKG%Bj+qWBaPG3ZBR=_1M69bwG$Rr90GW2u{SB{fNWIw{ ztt21RQD2tiNS}mGUGEpVyVnH{_}IIEii5D75J~ z5fNKAWX`=1nf-SM{)(J`K#o`YA_KqX$b@{p)me!QEe}V=p;N5PG02VJ4bp!Zsx9)6 z?1en{CX$%%pMy-%Cn3`yzx|i0)D#gBAl(Xbg~i=~?5aK@RX&+X;tTJ-{5s!DUyb}; ze79TYOy$h;-?4a?=SP+v${QR#;~CRZT`s#AjeJ(1C*`$$hFe~MvNejT!G4$uE` za?@w%(2FmSY0X)=9x|flC`AJ4f!Lh6=-c0$k&m+beDZaOU2#T^1B3FHph4+``nwQ| z<O7Eq72fGdx14-ysao$Eq#{ zS$%ujePxDxZlDja@PHuQ$t13xy@PmHexSA2zb2iHNJS)&1TR{6EmHM5b?l4+>pc#s zc(1bixr&EnIBjjg~&N=3S0(hy;@0PUPR-5FOyX6&-9n ztH64vkQ`*Ti9|gcVj{_E(4MNk^yATi8I{(*3UnNka}B-?Y2X?n)%DZ@`yEkYXo-%- z?4BcEIWhs+HHhzF<()dXv)wy2Yg@Z_<@}xOc2=jqN7CN%clP31qZ3lP*zexxuPx#24YJ`L;(K){{a7>y{D4^000SaNLh0L01FcU01FcV0GgZ_00007bV*G`2iOQ5 z2st_bD5Pru03ZNKL_t(|+U&h~m|azw@BdkA?Y+-jbEPU(sicxr1}X^<5{57a1T+XZ zCTh1LT)UyQ#cu4r*KY5%DSEP7ZT($Q`-0t0$RMRCf`EdgKqesrkfahaR+36;p3Z#E z-fOMjAG0o&03kZ8SW~@D zPUj|NS*a|jwKtp(oohn7HsuPZ>VNe_b#`>GF9p|sMd}AQOf#xLR`4edCJ@@{1_ct$ZyF+pi zd*>q5>Nmc@ngZ7A$I%gVAUY=9+NMpYe}4!;eMgK9-&)GPwTs9lqh$76!T!hI#mw!E zH{T4sTTqvD;fh1V{talYrhxUjSt$f`sg>s;uLpT2$cHY*>#X~`1hKv|2uA+~IksX! ze`PPKIz=h-e#W+3e$DD#@!)IN#E%b~Eb&Iw(G;*=k8lD2+eIdYfMwz#*2y2QeX^D< z74Ig~`B&s8R$y(sj`_m`4bS158D#fg$=07;a8lO;alW+T5YKwU`ot+SVF?mMSHf&WNvaZC$^H-+Z(d4hBQV~KkUyfzq50vtZ2#G%8v@WDO#&;A{)xT6qN0=kHk z&*GL#WYn_+@t+XMp4mHX+lo$>$v3iooGB0H$9p{^5C??>-7$PTxY* z(CP1e%W&~S7cpz=5cPN^(9+QLn9W2laG_2SY@J}Z_I?&b&!uAQRO;UMGrE_JuzE}g zkQQMPp<|q~Sbq%rKZLyVPGoyKqP-nKJA%G3aq%tivs6bl&E`^KyOV$MXUu47q&hAz zM5Rkw=z6rEA=QXgf*Ix9J5dKnBp$%=77?v(=fwAT?Q|+wuWq;j!Rj}TzNUb6oMm+< ztnK)m^uO?gA(}h^v3dDfC-ufpoKLNY;7Nso66A!f=Q@vsGYd(YWFgbWE}zQ!UlNqk zn9*gpn_`b$P3%6F%Z~Otg;>;Kr-1cGB;DPJhaN&c^bqo#Mx4~L+48^msU<&r7WBp6 zb~>WUqf$$vsVYF{0*Ym+sIJ2G7oqKb)b8=qnClay_halHg3&Y4$!a@*)qN}hUA_N7lc0iht`N_0&H8k6@?I=YD+ zO$eGv+ehnm-!-v@YYk6)BZr%sK$V*D5{vxOw?Sc(Z37m**q(@AOvmmn&V448fYauNEP z%T`8OztE$58aHRi1(HZ{G5OL0?u|Xsdefipe&SLhO&t`cT;ZD;Q8x&A3Ak$n;KM}ig8kS`T z5JCvHAPOL^yAE%Fd4fWFibtE4GcouVl=Z1@eomfLQMOd$#lf=%UrU4&Bei%Q0y6PL zu5uKii_|8oKMAbmTaweGicGnTawO%PL?vq(?Z0HSCb!~$PP^4>AH%sUzzyRXhpncZ z0@fQGRFjGnbgt$L;%dF(eYg*Qo(jHm;8b=#^OtyqX;_rpPC zq%0T$B!xf{2#s(wkuw)lLwReEjrJwUsa{NaCcDn77+Hhhvp+M$qZLRkC?_%)?Gv5; z2=Qc&?3VZMoc)!?uYCZEqfaqqC?EyNYpQ>kK z^qpj%nf~z)_GCW&F;2p)FS!g$M03zTOtu_Q)L`%t%HXumqNbv9P*XE9n~7i><&iqJ zRo1_C{Mw+V=PZvZQ;R8&U}8m->odJ_8#U8@h>Yd ic_-fss--TWTmX+<6&Mhy} z!zJ-0sHH3u=CB`k+E{^Mx&Y4OP99NtT$dSL zr{Qln>-=-}jC|yBnlh4_l;|A|7>eLeH`}+N(iu!u1y&dg7TH`!a?V`jvj@i886N!s zQ5j)m{6w~Wbn9sR+ewnynPi=vq&$HWD=H6{6+&=4swoZw z%UWv>gR2A99Yo!GGooYupVkwtZXvxDvYx?-0RgxGK3FX{@l9^71`9TPRP$gy;11aC z+#K0GvCpM0bFn-6X!hFoQ!{Hi75$@-%2GVo;>}|;kh`-p)XtIK{DNsD5qR1~#0~LF zSJ3?Iow*3J&t8hz+=$tI-d}#L??+#ClhYBI7OGk{U~;VtkMyx)+18t;j|SK1(QXRq z9!&lMM&_2+&)>2Szd>-%2oy?|`M}_zn+~8o4~~4X6-t){*^FWONd}X0IoTEKpY0th z^0EEZ2Rln^_n>aLL6kc>u+}001Fs%vFO6e`AJ75ISZnX#1dq&jmf&yxC|W3FL|_~V z2FeC70t;A2fO-=n%YqChAFi+zrABH=!nYJA7M^<|yG~n3)Qytz;$&hGBszaF1>xW> zDD2wT8;BEdi~_5$(Fm%2HZg*p0J-xrFm*)Y&Lh}q#LOaebOz-@6=J-ADRq5hV)r-P*M)AJo4~M;?R8x>@ivtr4Z<%!Od%OB^N26as0V0 zW3ij97IHdl2~mKRv=9Hi>+&U zQ*$j11a|UaTZFJ+z|jGII)C0m+`2j{gD5eTpgdzPsa-FaCY%ZfF)O?Nd3Kq%p#%sa zK`Ns2T5(#Z?;7nH>RF6vh#_icY_8dJF$r}Fexv~#Z9&mPW!2USwiL1??Hq0h)_Y&? z0jbdLQe0Qy_!8krtgw?Nlgtp~q zTJ+k0b%?xKi|Xzo^7#8(4Ur%Mu8WPi1j^tG3j(aMA)xK#L&v`9tkmHZE5NFw7LS#n zKt^3md2~@LuH#Va3rIRdPCtpNM_%a7p_VnE8r;X$k0_{I?1(d#Iw*Dl7&Q zXyjNnRe`b&R!RI6IA^pI$3D6rdrBRVh||+wEi>t{{%C}l(MTk*WR%pZ^T>Vn?%d-H zn<|W#B%)^`d`l@PA%=>0atj%8kX9V~9?brISSAvNhOz`B(MSR;fwkyExUxs8PDKF1 zzWDnZYq8d1u;5v&v>0pfe8{h&e(=WQQnh+aV6DMgF6%6v$g=43iKjp-FxDWXz?C7# z5(1C{A;CEIP0+miGKNbEthESZKv|3xSYKj%13@h7BYY@f@I8Td%0krJ&mPVG7AM;Gl_|V&N zrX`V||I5~ZSaY1}166=RI|f{XFcMFQaDB_rT_XVRSZhfleLz{1D{-{NcNI=Vcw{Xr zk7FF`SK?6uOUD}fPdqM(2}L{>!I26SXk{^zh&PTQPzGZxM!&f(tqsN)tcCzXU^OOZ zDH}^MQleBYp*%^&+{Rr46qP0~4Z=F4nwx0&^cBQWKiP{HSk$umA3jb#F2_&0K+glrQfCqCga(bj}II>z_1#-K4+ZLnp7E*nhI5R~jRy3Mq1WCtDg6}W-lEe0j)n=sUMRz}T}rWCBY>`Z%gYT6^SIz4h@diT3*t(R(Qz9K#ya<- zCtdN{aQns%wIBYwG7?8fv={Ob$^zv%SOwWiI)9uhJ-dsn4sfi4F%jH~3TFPxM~Pj$ z@aLN-?i(mMZ$J5a50M?uQ9z) zUGd_UT^!Jcf)S)tk$7_ps^g+}l<02lX5f>bqwiDy!M0O3T*IBgs#W*XG6Oz+Bf)1_ zCO60T&A?$X%JV{C`4(%-1i=J4C?XL^M}Z?=Q3y&P!UZG*zOh|&v12L;{W}Ae#R!A1 zHFhwM+O-q8a}bl&NJk>el4NVcckULM{$BdEq>QF)EP3lv)3$(?_rH%yWKmeG%W}pGx=flj2Q0Y#!#@=CRWdpG#soS6g*|dv}85rc+T) zBf<@dy44oxWKhYih;k9E2&W`D0{i<7SieeO*&}bWVlv9`W=<1Maw@A0%C|WCv$Lx2 z+R&1`do$jI#`P4+Q`n?O^wRlvKfw-d$%-Jg2IHQ-K+&I<`gVH7* zpiBJ()9*s+eJE|vlNm`R6iUb=E&neKvDnGLuMI;fE^xfIgs&c0CUlENgx4XG`=)k- z!eER*7#Hur=%=q_`oCUH5_Mo4RT9X!r5IS$+}3~i_Uzh?o7iW4MqP`bNZ?rFr!OEm zukN{RD6Ix^Z$0}vcTmnxFm4>?I&n@ocQFaR`8hX#DyH{ch>n}SAo%ck&Ussq*Rxut zde$cicCEsRpN5JG@I~mJT|;SX=d`|wF5>k+M%r-#9iWZHu@WUDVV$WsOx_KXp$Ibx zEHeqVn1wBNRvX8qaZ$b~l`|#3>IN+qs|>pAV_rBgcOEq-pG1`WV|yqMmB4~4Ei&rj zpW6P}FEY5hmtO7TD@9bfMCz)DzvChda$hfAbKSpwGm?LFJtM-WR^(YYt3)jgAG3pt zFvS4FHM`B#v-@;g8u1A>ip=62^D*vOh*TvuYOzva3KpFkM^$W`MqNLC)p|_OgDr(4 zCIexxuhyM(;)TJcDUS6zyF!6L0+ygun$uLEzJc227MlO`f{`NWZ9VwDLAYVu-ILx5&}OwjWARrfpRcc3Rq z80fY)@d5S2FRd~+p7r;&_}kuva8E*2I#^d>q`_taC~ic}c=Swe%P`0u%6ccNWRM5~ zp^p&sL)j@|vEpT6Q$9}IW(rupiDQKs9f|T~!UHFYipH6C-3RgJ)Ze=my=$C6O3Erg zBps?&Ecmx?F}`yTV^&kpnm{O`OXf23Ggp!#{lrdWbLB5KpVV;A!({w2(^SB$b0Nyw zwd&pvU^~`!$X>oCK2h`C2z?{g#)B&zDI4{vsYhzFSE0=N72p! zBE}Mt5-SPa-mAlj$8n5f{jpSm{ub#R3s#`4LRwYK5d;Ax>EOtY zzZwQG#j%dR7;BHDM9|@nu-Js?*+(g#p{T&R5mIkE3+KXR+tb*C0jWp~&${G{hPlmO z`4JNXMGBtANJ|-oH@$&|tFI)*`189cRk-W+t(>`bJ^A7U)hFzwX4#tc_B?QwWRaha zU~zidD3#AZ#655{Mo7#=3HqMG=5FWSd-~=NWA?lg{REi+-v-!-B`^>a0s^hW^bPh% zp77;iQ|8q(v)5*^EPou}3o|3(dY6;q{H-#WsPX-V83X-jEWT7!&zw%{UtL8t;=#>` z0Us|Xkb@Fi72C9RdDE`F3=18;-h%JOh@N>K6X^Xr(HP|Xmb-q6-QQ26c3JdKZOdit zChY8boUUL=jG*@Rvv)@?OBL` zl@=>>sJTOdE&H2Y;qkIqukeBYakxt%#Nl*~6bfM#+FAl(P)+sSyD1clOt>zQh@|F> zrPTk$2X~H8esU{8z7SRn#3jK=HJi3DVO@-sI0(u@AdG_{ZmLkiMOS(cK7`&sO0Az{ z(OF+1vH26r%(#P~aA^Z(^klGcMAE}dgR)%{l$Jx6FYXotaV6=i5SMF zC=~>5JWnL)Af-I2KFc2det&oY(mw)`2$YaGQXvUrL0AwGL1cdI-Cd0AKS-}N6r^Rm zB7*zT)y%l)q+j%s-rY~JA}lYG^|9@H3Gy0@OVkP?8vK2I7-a2qoP>j|R3*7=TJJbm zL0v@y6-}h<-3^o}FKNJ!&LW6NN;-=#HX&R7n-Q_$i&tD#`tY**%@S7W#Vwe=TkxqV z)Iqs{z@I>+w&O}Unbr}9Lnpu4U>$R%O#$n*yTK#YO4uU`5mw?vT@s6{e!2P7*6-iL zSbl=hBKSt(Eoh|mA3sjRqQ=f=DeV|T`rs+=g&w@&aVAVyqv`o&vQIvSgI!RKsC5x> zh&I-4-Gk1IQN|-NYi*bF$tUkrP+owdmcXCDxA&2+{w&_YA6$3eRi(;HaQ-%h-43Gq zF~kjBUv&^WPQ%H~$0mP{p4f>@n-EL(HCm|Oj(<-9>(^N=AwfzI#v%-$B{u2eESUS< zyYcq-bI^B*T9Y;;%H*GW4vB4uU}Ira zJd#Lk+et7sMiGZZ>ogoPO#;(Xg&iNmiTs4b(i__b_x${eZ$CfR+XB}o2)aJ}P3Icc zlk2`xb~U!wVft1goD!zxL4v+Kq5$a07QR;wuBkZI>k|*P_*SEh3G<;Yn36_hiufZ% z3OOGymD)ajaod+}XGdm~eKKIedPpZp!+B@X@|C|YCDrg(yATf#H_Rdyi&7yiajWt3 zCGs!qqkv~z1Qv;cI`^qxk{&LQ)Dh}=I{{mF8^(sWQ|P?|<9vmsr#<(H`)(}#$)}K= z_Yw3y`2<{epWxc}%dhbFN$L+=gw38xIriMVz6Bd7mcd4B*t&5vP<}JOj#nIOYK+l~ zt-hU%U4a!MoDX9xGIJ1{Qxr~Y!kg)lOg8`5-8~B$8n=&qbTzq#Br#W@s$DAI_a0`S zxPZR<);*V7JddX4DiU4*fuWSkAqIvq;lXj*gjEQMNG4M^t$$>Az@J6sv{P{yz9OJ~ z*II&o8hQeTT7ouEkNTJ^FGijBtuyVs4DQ+YcZl^Z>z0v!{whr1BWs^(q;7bJUy2iW z7Hh)$|2@bQuzo$?ve-kwIxv8Jwx4oM4Z6uAQtc2scj3Q$b#Pr>&G^XGmywSNQbG|+ zCa6926sqR6Gb$nOMW_Lcf*@Z&=1VC>(p6Yrpt0DfgQ%+-8yg<>Ey537HS@V&RAqfIDazIy zsiU*vC0!L$yTacu*AfPSpxm2ZbLsvG%#SzY?=52jP%SZ>cc1tVU&5~2#b`QU+*rz< zgRdOo6)|cmQY3X0$9IuNqKbJewmypR6vDRzfks9ZvNAqAhU+U5PAjoo8GHTeZh7DJ zh`%};QM(C64oL@e{_tA!KmPJ+^HKh09{$tUAtv66!yszm9j${4_HtUvLy1~+aHv4j zzVZ#;>M3Bo?om=ZNqQ}i%f~J`gXC2o*ps2SWe-JD!uJfaIhHA0bXR(37HvvL`jCx}eB&;M7bx@x?lkyFMa_j~) zozMzUhx|?_mjAsxdGGuaSLB+xj!5i%c+mvab>DB_b;{G<#0$s{G!c!}Ap(JT$&Suq zUmjeYzhm+)j%wT#LLjXOcTQrmV)0Ewvcf-%vLQF|Ey7i(>2>@2seaGJC^!4abL8{m zhyp0%5SgDWxYwTjssEVmeB~B~cI~C#FObFH3WHGwqkKS9C>9Bbs0dbu98PM9uomOE zL76xK;7-z$bvLP@c4Yem>i#>i;=MZbF>_T%@@u>?o@*4`}O zvWEhTp*wWi=RNWSv`!szvphz(J zi3-Q}3BstW0cpZXFhUBH6jq{5=mbS)H++uIxwAiWr+D&bpPxr=_caLnR#bfzBC04C zvXp}^N@v~vowNRKi*3kvwsnSHXJV;S|Tu^Yx#Y|n2(DVY`FSfQ-afqKPX&< z|CuE4LLggezJ5FX{k;sd)l&17&rqYhZ$62;IfqjUAyL*EKL+aTg2n@k^p7O*7itgR3 zN1hvPpMzcZB!*!f$Cx=dUJc5T2>s#$nL~@-{tkil%ImSjOINj>tP2-MYvVPO=ie7^ z6Nd|VkNzeGKNaB5adwQHH2>)>lpG&-^_jFj@SjwjH0%2tu=}$la7c*=o>kZxmCtQi z+5S{F8DC=p*fWrhJQ1*EEpp|d`oaB&<322>d+`ZX04 zT}760^6FHa=U3Y*BH1NKw;m$|elCxn`z5L7+qm#uFFd~TOND9<+Eq7#&w?nW@zX)I zV;zMt_NeJr;>A1rS7|?vzbotj>L!Ep;wT*P)S1FS3U6B~MR;j9p2IqlY3?hnUMmvAc$3^?q5e~ zut3p|;Ns#&qd4et5$Om}lh&~SB9pJJpb&{LOqu+|FoqY3Gsx^)jz1xSjXnMV03ZNK zL_t*00??d(1m_KI|r#x9$_JuBSA!FtOQqCiEwW4!xgV;2*04uSMM-Zkx4#%_%1e1C^25yBpYNmh*Tfwbkagz>YEv5j0F{sH^ z7jm4Jy5L_AxMPYs$|IO#e1;9pnpFzp3Pc{z0_#asM4*jNL2FX6D2aET`ROly=gAdk zGu%`~vNA^XkO>F5oqXuVb^JCAuRoe%Azp;jl3J9W60{n6w zB?;5L68zCJx@Ry|Nm&MrGDxZWldCn3FNqhok*wH6wDu7Od)BYYZyGIhO8v1F9d6_R z-j`N(7P>ZFP=)IG6QnvDA`yHvfgj*$b!375b{pf@46IiiZa5qRF&3i@TBp%L5n%+< zOJLjtxSx>Ogj3kE(gHlRg!&RzS&zd=8z}=x7WXaYKuEtd(abaiLy@98B)$ zteAYAJ!0X0l~RVlGFE|K#%2c4R-$DCcrH>)g0jVTz+F(?lf8KUgOC4g=X+M-RHkT5 zC~9Wcz=z*O`m7a19(d@fzHfd1skQT3nU~b0l#f;x5)lODTmjb)C)P;?ex}$oZB$oR zV4XbU!+A^%jiNCyJNxb2|3`d9wsq&q;a~7cF@rX`=wRhM#Ler_UG?h{)IYYAtT-1{ z5eEfE`)I4tLZHN}?6Y4@nNE8=T;Z!rLMy2-!eIOWTNs7JPmpyRv3UobI}@_!BNLSf zM~3})`cM+|$WReEIjjvt2q*wQzy>c6t?t4`H2(N1aOWaD8S<{fxG^uv036wLh$EYc zLmqh2bqguN+HW1!Ssiwthtf8O2$&TJ0^G#&q-J~@Q%X?iy9R4#;~9stA5fx%m-L9X zxBTrt|7?3@gnef_{fgDF{j$ z88|2;{&;CgJJIS|M5#<}yaBajf4-*^G0vDYbxbLQ52wK4`d&{PJ6g{W2ig zDu~o>Wcc9cU?0`3^&*t&IauUxQE= zftw2PGdY0Qbrgraj%vE2>t^r% zQxZZ@+j2MKx`?9;y1bK|{|j=-=a^~Vf?GU`@xl|hb$f`E7BM>VEYYS~;^oUJPGpHR z{D6UxhuO4gfU5jbVqOhK3=qWbCgKfK6RV_@pU&u>MYs*mV^l8*X-K6!_HKO}cG^}d z5(mf+H(?^ZxD^hu(hQXBVK~-KEOS1t9idoS%Xst=YErEf4_=H-_TYHCsTFbd202JU1|t=95lB`ALfTJy82JxyomV`!g`P_fm?@BHC6-?G+b%72rbZ)+Z)f=uqW9O=$K35{IjUseQSS)c)SuP;t?@HYZGpDnTfQfboX31Z63h4 zP4X%P4d8$|{rl)Y`zh*^Pp(j$fBH-YpMO8bUxo215m7_0uh4hw+vXn-W0yE=McG>1)K*eF(rXYc2TqJE3nz; zym>LY9zGl0H^j7Mx3XMLoR-5{yr~Yu3;c2luwmh}CVL7agw2CGqBMVqo5S zVoocgy#wScZX=lgSaf9HaIt-11N%2FM*B^uh>JI?g5bR?|L${lZu-=pGk(!hnrbVU zV>~KV=vZ@BBBevj@ewKTE?$oN-#7P+Xd%yfmZ(`@IsUp*_YC+{r#8cBVHPx}LR3sT3J)w$KG4eJA zQA4?UZ2I%NV+awUF$qRnaQ2am?4~(a!AY%(1@jCQ6;)K#)HBU>pQsNii5*yteBoo% z%Y_5;3rXgV)m0ZtGh6njVr<=6#m?<5+yi861U>ipw{E)Rz&WhqpnG{8x%|mQ#X{oLNOWy_CRh!X_2Q1zA)$(nT(; zM7(F|e|4VT^oi>kxbH#s_YN}XOE3;`!a4@2BSb1|sb6~T*f?I=M`w!XoT!6_S_W;5 z{=pI&Iy4>7^G)2`7G%dSR|zhEPxT8+Hk?D<)7Rn1i;165LJ9SIlgP6 zhUUr~o*ANkcAm^wC8m@tvZP2wp+sb&Ob{^(I5F4PTyv17i!_zH`@treHVfu`WRw$@ zP2iNWY_A=Hd>XPDf=msO*g~Ab9AbVyZEk^Q$E#;h!CdO}{)rbNL`}Z+=iQ|PoSXKY zTC)Opn5HPRYiHq9Y21AU63);qGrWMRy4iT+b13P4Wb;IZlLfW$3A{wJ80Ut<(>mf*z%=kV`tA|RL4o{Gf{{&{>rt;{P`W`Ax?`DwbisfeLk4? z;khf&kr>9cXlW2ZSTHE0Jd~aLLn&i&ULL)l0%tOyX)PFKuri5EU-C@j`hG?(e1`G* zLRX^q9MWU|3#V>2mEOpj*!K?-onIhxa2i9q7LlluWHWP#(nJuQ(>pDH8pSaaote&zt zpP`XO1TsPzh4N?6^!SCO$KFC&^Y2yrMp$r8npAN*y_+sW+UXDx*uY{H7~fzfG$aIG zwTp9B6NzQhe$X{q_`yBfhbedMzWg0&d*%DlXSGpNo22scQ<>iP-ffvEl;8VS%5_zY z=hBSryBA4otJih=my?UC^b88WI2UL1QpRf*5v#673J=O*ExQg3Mu)9who;cHX6k+X zT%oYm9)rAFR^KV)U#)p8e)f`QufR_HUkcU|xE6~>lnjyyROMczbtsKZL&q>mr zplt$Ui(p3~Rf!N)DBnR93rL1B#RvrzpxgjyYKTM)C;N3Yw;>$ z$mjq;MnkaC8wp1th(lBH4hMq;QV1Nv z@Q79hf5OLX&(E&w+;G#sP_<$?vs@q3-%pw(PIZiRkrLnd_6K?Fn)RnU%s+7f-U;Ut z6yHiAvzWk5LTqwitrnBVn7o*uEAh&!RHTyVK%)ag)bo(OB|q{E`BOi}_=h&{usCgE zvO?Jk5td=RF0Sy5I7M;Fe7Y% zKQv)X7y`n?qljBX0uU`&+k%N}L|kHBfi5>AK^xjYSqX%z z2xkO^CB=tRNK#DB!L#VeX*J47l%tTfF7|}vp3I5S2fLpipFW?|+fpA1v385!P8VYwZQ7%yKkyEgY4afH=0ZJ&01#6BpaB6E%$|9lyVHH+|)9yS^ z;>a)`3IZd9mlp{f=mY8ug6f)Gfn5M_%DLNpoYSaGN076d&!#^`sFD>UYa z{}%QT+$1Q2z~Gc6Zpp#1p%t-Mgj6U;A*4o_P&vZr&|(!WLE0jeMK}&P3aP^axNyH9 z!t-imI7C+%jWl6I2o;v>SZ$BGr*J&ADFxwf+p%HwfU*c9ktVb#)@p>cXcJDwGct@) z6Xu*TJ}4u?hEl?Nl}3UR7#UVP9Ih-q`qVXhyLNaj%jCEV~dJ}a@ppeZAjLEVcxGp&zGu5J3{kEg&PH zWSHN?gnwEv0*uxu<04czl_k(R{9M34RAwz~SpNw~Uxrp&9aXC%ezo#dN`aen!MFJN z62XovrhC^pXFk32ipyv|aUs<$b!4Q^CLEp=%?!*snIaR5_SH=UKOAm|?je<*AT2Jy zII*zJUrIy-&_@#T;zgy1_7Bn(zI=E;I8==w@J)ah^YBX+Qw&H(9STYlL`y^i4`U2P z=@aNOPFdh;@S=*6$dT2LAiQ4U<10zJ0e11fG2FJ7iswF!Q*I$}0?N8fH0K~vE;?qB z1%nb2YYocRV4)PT2x&3W50{v)5P5@fdWbFfGREJIXD=k1{wPAYNMkAL(&Uz0fwWj_ zaI8ako~6cUOJFrt*zk4YXbT_?@8ShE z;%%2xIQt9^wj|k+lwdOqs3<#3J^dR!viGLYD;ISHOS;aDF&~qMxN)-bJ0QBv$|``mpJCw637+ zjG{yjqM%X6BPtun$^)3%uQP4>K1xrf@ZSRILk9CH z7Lr6VLwM0NxpWLqOb|(V=*(>Vq6h9CM0^A?RZ!Lh;5W8Bmm%wj1Zupymuq>C~E#GZlX+o;P`F_E_< zn)lU|3WIlYK3u=*nu*t^bFOFKO!Tykw~;t?70H#pBfe`9wPYG5)R#dbhElX3|o(`7 zqW9vxabB4HVct3LuX`WJGFOifZ~g&oi|?UyTMZkR_Yq+UwQdF>N3%?eAo`~fms^R} ze~XFj&t5ucOZTSU1!7&E_~!r3x-CRI$#% zGUcch#R4B}Rw%eKdrDbeYy5Y-_`v!tyWiNHo9^kj!*bVgvvU2$k^N8H`3SvDnu+qi z!j{&7Qc2y)*=qEWcx!P~@WGbYJ11Z@qQFE#VbWjCwBor(S8;g91w8qtX7uPnY|zK_ z@&WJY&LxYmizT;lMn%J|ulr3>~JsH#6k{mKEV zE2nQDQo-)Y0>#qwBFY8!JZGs$9lVixkKKD3m>#d%!1BTneHkvU(J$ZXyJC7UglLd3 zKSDOlQ&D&D(_B#wDCMav4`CNhO{UXDvg$CEQzN`NI@!Pi^#uJ($>bN~MH!^zkUY3B znG);VZ2=IU%Gb-jmv7NPdQdcY5rJhxFgV9l~ODap9Kh7IZ6VN z61+fI;%hE6ma9vSPh?he(cpc#Y*WxL)h}S${yT>0^M+Ym^Aw(WE2-g(3sCqiS{x)$ z%P9pYE*{c!_C%fXo-QUgbV@hy2>UFB$Wn?TjEV4#!WJW{10HYms+nxaP_@RZV`32z zmateub$xC5+JEB?E!(J>+`EX1iGXtCt~k1D0TmY-n4TuDqHZ3{TB>R&j8~kvcIEY4 zySa*=*Sye0dJPliQylg6Q+zynhPuTZxk%$(ndRb-E@aYEjAj<_%e5Jbmlm#D+m{_& zu{h0S#WZ$tC08!5p}-hNrfO+uJpZBey}@AJeG0WIO_Wxc83)a1~Thi@WP zwH{UB&@V6NL@GmNN$`!ucpsxCbLf%q7aw7|d;$5=T1xsj_0RrkWXG4_sxM(^|M@&O zas|QkiTu)NEvW@pp!JC->Yn(wr0rr157i=L1t>1WJ~>W0TuE3} z&D5Lq931kI@S{YjfauMo)a)O^vyGIc8PZFTK(G#Uq|RK`^PVgKP&Sx@hc3SeKM1Hy z!ZlwBp12rsOV9({Ou^$!9?D?=Ukg>ru`()ise@-WEoA@E)mWN<7P0iNKaM)`GZ?uI zWh>*fN5q^0TlcOl77j#IoRcK33rH(rZFX+fmmJV>cB8`fcESPM;sT3v!)>RXfRzjuV0+=q(50n_I8;_q3T@oH%maVwJX}%ZWql+gQ2q!M zELwR;#>1t+ibX|9Zt8vZJa^*oM5Cu7-@JZw*( zX^~=gAmFP6h;~Q_zV+fB=s`Re*=mb%5msWn&1g-iL6pKpLK%x#g(qnu&)_0RDUJ41 zNy0CpY(k0(Y^8@2O<~d?QG^6OR)h0nD`TQ$61x^uCI);39T!(AN2W4^D2>vw-=kFp z;)8MyBMw`N)9%{ELyS&6LT2ary-Q1Fjf)33O_y7nNH40O#;F8PN)j4zl^Z%yE;Hxf zw=;$!j#n-9S_Jl_K=cv>OG66MR7D6T}F*-}=;-HdH1#vVnf7zkIf1Mb4aG8jWx zvY2ubl4~#?gcw2-GX=EP@zjQ2TX1=Idwiz0-zEoJxqN;-RQd$YQAU#1xQ-AAaYQq2 z^QrG>rYpj0ikI zN)9}Wo}*nesDb13RXQ#y-c?rOejB9#&uY9W4;uBY<3zo=yM<;H>21x|igH zwhrrrGr~!yI|^kNJ#g6%r0wpls^|5u{fhC_w>UObB8WVsBH?7Ez$E5Zn*`n0;AQ5_ zY|-F3hj_6vrsg#3@G9a228yI?KM8{s`1=<}fVXWXPbQl9g&yrqp9`fqiDUCO+$!8$zz*w+O zNQuHvtW`8eZQYz`UwI)#Wf9|{Eto(dg$np~ElzGhI%@m<^^dJI+Zfg~93Nx2@jEmI zc`6H*DHWl8MX79)7B6wT0~POqUx(=YctK1AswAkgM!Z8zjUVOdMW%Ph^U#X03ZZ9% z%MBy613gIdF4Q%LaXhdLdQi~qkj*pbg_>&-PwQiKkd>>pZ{@O^$t=r$;{|T$+kNxj zHRPwt*rA8I>}46JMt?4YpZm~iX~M;(wF zcVFuH-f4Hwz-eB)irY_l-!tFK_n348H#R}jcDQz{YhRBZd>Wqq(sxzGTZfwSmsWh^ z+5P10G$n~J)+Zz2iN)!NA`asOZS`!n$Psf!oEVJ6qc#Hk`3K@7h0dyetw1jWve z++|u1Z=>T<)UG%78#bk~JYAfuI9&1V{DA6TN2vaiFM50VruA?Y000a5Nkl#In`->T#d#z#D<6p^7W`W=s{TzcJ66imPiN6OK zC2kZ+dI+mg&z;+u0T-$`9`ZDvnp1YVCipE*zMH1 zw=eUV;QlE`_W|3Ld(bUmSlA8O9k^cL`eScu!#_;@xoVx*GqgZYO^xY#McO(LjaKnU zIRp3-qltFbsd34%Whn{hWd8T0vg{MbVDXofSalb@w{3I7{kVs`FF8u8j*=@haG>!0 zKie8)Hlk~9_?EYdsq?C92rBaX#Si!6Q>!6#jYM&S-dPDDgCc{XfDQNi4r&R3D05U7 z5+5+i$3H#6uB+{hJw%{eBmZWp7_dS)-O||Q~1YKLacKqryji5a94O&kd!2`l{krqtxL>VafOI*dWwq1 z9i5l%d!Y01W7BNeVrcIb=uM*9ws)|EyMeak`Lnf&EOElL6~?TvKxs6FXy%|!?#vk>a$v+V?LuA+9KY~V zyf*%GLY7QA+HgHT!Lag$q%U+vwJ?p&I>}wNn>W?cuYoK*My>2E;eV z5#%%-K?KT9;n0K_h^%8&1Z_>hbJ3y5h9sRe5VSb)6v{J*LZmFtl>=-(26}68F-WofUlMbVI4iGQGyf9$tpl>!?T@f=nuI)L}u*6cQv9h;!A7X{MEt7MHlB z3RP*a-ZUxM%Zimgmj=4451|i6cf>c=dbsB|U$+&Y=iPmVRY-4Z^1QbvR^8Sfwz16! z?UM}gH0i1}KYfXbtFEJ=!e?R9Q~Hpy>@FCpw4)^j3neBui*re8HJ(pV@(gdOGLL&6 zKL_@Cmm_4qD$uMp|5d+X)&4rt2QIHD)c+{W&C}Z+-(z0>*=le36qiIEH>4Cx)yedQ zB4e=uNyK6@CTWc_vz=ol5oKeKRGcFjp6-lL(s=*4?}A8ZjQKBdEvn4U zpgwI>*a33YH#fR}|0MR6rmq>CCGK<=#{8@}DwNp{eb{ru?zf!GD@o#*I%n~NIDs8T zP&*!d^SnD{Bczrzx94f^Iv46~XZB4eowA8$X{X(7qFWwn-5gQ6dJiYE1K<8TKJw{X zIC{kzDz%W-VBIu(0~j=l!BEjGj#^Z54qGOTVpt1Dl~2ECc#0wic$os<0Y39_MZ;Fj zA1v1Fdhv29CYR@%EDM78l3Yagxk|(GYovS3p%!5!Cfez*PV}(zXHVIcaH5Z?Obyt`_r3Tbs{e zA57>-IUh=M^KfqVhn-uoayG4%awu_c15U*WQE0K#1|=cSSbI?!yLgz$t?#y+EB0G* z)tuyJyatD$xAkJ0zxm5!{a?T5$-;Pa_x%s<9RIKPaip;pqeAMf$7(O&bzQ^vZJt^? zO|9~2aB;*81_r$xq+~BMj|3 z@Pmmzt!zynYdKovb6JzRN)rm!mR)S2w1Aa_Sp6ObSw^P;7Tnyx(#2hta(L}RboYG^=C^QO?;8uNp7_xtqknjQ zORiKm^ z#Qo=;=$E$rq9(;pKTU0MAs=h%-uvcP{ji@k2aj|00wh(5dwp7475Pb**m&lbk~qVK zdY}7DlGb$=q^wbq#ug~QI?nXSb1g))1Gz`cU6ZK0-Wk&Ar0eTByQ7=Zw(I`aQ=EUn zF(#%h6E1Ey4J1PrA<~Y#*mE*SENz5pqvLkiVq;vaBse3eG0S2z!nK==xzBVfhH<|= zWcuFMyRR8J4zz%4W0P#+zl^_e(Z{wkJbKw*{qTrayW*I=`_qh61yrRRACJbdw!qHN zXOExe1dCyLk<8DQ<4gtVu_-D?4`G%GCqDX*oEZP|=gjZ_Ybv>L$2Gh){s~;|)BOH| z7l)rGI{$T!q%=LXRqmN|sw~B-xTXn>%w)?{6vNc-r{B6~;ygbQL@AW-Av(gAV633> zZ#}dILo-0mu?tJv$%L%TP0l7hmgIJ#I(i7`#BRM2_vPPfR5$+ZpuKaT*+B~cqwM`a ztV8b{Uwa{ODk0b0O@9kCU5kAAMrdk+72uj7JZGHUQ_+cBPS~(P_0?@uLoGQwd~eSG z`t1b0|Dod(9DnXl7=C`ifBeEwx&0>2Te%p?`0Oo*3>L~93o0o30VxlhF_azTOGU=Q z0tX7mIsEcpGV+z5{NI{^YhL|5q7$EDn1kf&9_04X*J&9s?RP$Fo5`!r&+mtu+PyDr zelfhCTNI3*)q5Y{m|NYt-E#ZA9*s4c;*{gzN5i}J_PbVKM=!S9#Z)7AiVGsAX8lD( z=xSGVgX{h?wXy9A$4 z|8gU5H7sT{Qk0!XP2i{rLIleRrx+B&z>7!ObKTdPOALK-6@}oBaefP4?Q`g*4>9rP z5h_|N{j1#UPAlvcXo3DA+e%h?dE~6$e;XUl8NhC^oiP$U#?oykq-Y=J0lM=j4ma<=(~(l9_kuqDx|O zPrH3Pf$f79kpT!+_p}*0J7}HUD7W-BOO9(iuKLVsCU)DKOcwc_Y$lbN9Y!`xKK z`b!R6#~GtZ_s@Am+y`#CV#C$dt#)3y*b)}({uC%j(uszo|MA{$s^-%X@^U9(HB6MX6H_?&k=NWC7dCL zbUCzh=--+3m{*Fku2@1>S2Cq4?v2#$(70T{^Ui1IPLCX_s~z3do+wT(r`o&F4?K_m z=pIt{J5snd54Y39IS=Q={f;Tt{84yry{;HGpY;lpF)RqVgqk@M`Q~y+N5>pgbk31? zGTJ(awe@HF*5?)L!}iI3JvjO2AZq?Ao|k!xH81lPYhLCRYhLDMUa{t7Ua{t7Ua{t7 zUgi~RUgi~RUgi~RUgl+9vF2r7vF2r7vF2r7<`rvR<`rvR{{NHz2dIWZi&*ypG&-?v;J`p-vY80d_qzD9p04#3W_rMzL~iKYD56Q?i$s#w zyiDq95eQBMT18RMV|v@?^fBw&+}guX<$c=Ax&=E)&4Poe)^}rHoL3b}Lv(nKqVO0*i~n!T3(FnjIv+q_7~;b*)_l2;cyZXj3?Ul7iS&;HoQ zf<7Uc8BGU0g2~?xv5xbZj5B#tRiO77x&KAPIYS2qp-+#p!|~5Uim&3sW1e$QR^*J8 zKooC*#Xkpc9gli2*k2F#M9kk0N2g@m-duvkTr$&Klvzhd2N9#HOiY4^a zN}VUrOq4ihI81@l-&TSY;frX;-+PR(8Ka>lRk-T^k6__qjB37+fPj*n-Q`2Cn-VN} zHC&vWoF{xi*2cj~mm24sJX-Hp3$pe$n{2h?FcWrMp^0}yoOAe726g&xZrU3OGU{j9 zORzAL6Rsb5!PB37JnoB2#VRA|m895IMVVE2XlcgvH>#VPBR4ke@PiZ)9=Hqg zxXj7ioU4d)D*u0Gl9`x0ckqHbUrmalFrv)l)g~1sRaI*G`YFglQF6SDqW(;7SeQpY zwVqy$5ji{u2M3usIQnL1OGB zqgZIi3n#(1V)ADt?>2g=Rh%~+Y0muR%NMixHXm4@8FOe00WL0Xpds_4M~|3US-bPq z;uenoF!(jVeb&^7^;p#CBf@ZG3#-}J_ID9-Z)UdPp3+*4^GC2>Vf*NjvZ5kRx;yqe z9#h*qd^j>U7ZVaf&^sR;7iVc_M}jyP@&BiUvyQ*_u)<)=!QMV_#P(Kmzk}p*{lxvC zu??P0f&YG&(<56=l)2|`pRuQ&(b2wA0e)qxJzNigttJC!kE-e zy`*336eX9Dkoh8pucj`!31KmqbED#om+l zz?YxL3{z!*|q@}yN{@}scWx}nd3ai#ifh$)=Mn}04WNk@HgbupxW52JO=ZTTF z=A($!!aK8JWt<#HK|vKYHKOKs?`R@ac;BwS_ zJz26nhi^R8sg|8CJ-?J-W8+1z+hlJ~YH4YSeiM*~+>?FKZFaM)QpE>_p|^kZ2r4GY zfn9>Yf34%dvo>T;!XuXZEfY4FviXID1Y=`kiDunWCW~g(>?%lfbP43nWapXW{Qu)mq@=QnmJ@PWyPg9h8V6}Xp*I+ z&L$Y7WnhHjRFqT1(6dnz@$vClZ3GD7ye=uBb~8oKyRcC?v-x|!u0~`p>+%1?79!_| zi$9*;aFe-+8=&BYt28FTMj4hj5T56;=lLdJ?@VTdOF$62>a%V$QHXLGHzxrBff=)^ zfvGXSsEA@nFU|k2`1X|@3wbwSirCf1eDQ-idFl$uUkp2%C8~veRxr4W4Y8z}W#e5N zZjnb?TnWUgs;c3U+d0gzmG18Dc`hT%`(`#aHr?AM6$W|+21Vs(m)QuFTEhTebdbrI zp|D#zy1Id*qoa)n{@s(4%u2aB?;XX+gQlmalhfOAI9X!2=t(azlVg8U6C=eNMaZnJ zt(~RV5{J)x<%^1o_2W|Vka~K09X5412#Xr#qM{-zX}@bkZR7T++qWq+G&Rj@jCxiY zWQVyKqdIqwmroDYUSwtl^(_YsuiY`d>eYJxA`XoVS}4GItA^7vQNbg2Mx5-ut;ABy z^>6-D4upvE@^UjPE2}{v+rYC<`}(D!>+|$;tVD!_qSDgoNy?Yo=G?+n^Y{Mz-Sdz& zGBN2|Uq>=BGP=H%4Eac3QBi@$|1nkf@IpiJ*v99nsfgNI@$uoceGk#=*Tc@weH-U? zgt{BAUAtyJoP9HK*jtX{{QS7R_?8wkRg7xT_wP24t$0SmH{8$9JaZ|->Ib z#l^+wnKf~@*b)1BPnyNs%rtCM!(@>6Dz?Wf{A7rT z6=EdfYFK#UZbsdb5r1s3B3XE^p1M|3PhY=t(b>$*3~~MOHx((iZ}GoNOG?xYbj8ze z8Qs7CO%Ip$p97%Oy?ghi78OmuRc$1Q6cC{G)5g$4JNvae9|tM={CKA@O~YDWRYdqS zO}Ie3znE2|-C9MzDXpL8x+Pb@hab77bn)5Q?6MwvoM_z78*ZPsj^M_TLP8-BCJZLw z!?jH}88@`ykND&dHO%C6ZEg48q}xicxVgJ`LJ>JTI}eJ{bTs=otbNLA^!fADM2YiRY>Bbv>guY;@!T`> zdXwH^$p7zaYy0aX+_!Guj*t|{6^hJL7?UVBxRQ~XIr90l|IeSUI`jmQd9TLpdH)K; z+_WTFDQw*Tc~=b=qiaY_60FYIl&Vfg6<1$>4Kg$N7_JXJuN#(AR;GEFO*2Y&QPzW+ zN!awmBw3$Dje7K&a2gpDx&=x2`}eAchldWfBE1%3f-JT{ul$4e#VK5j~`|?}Iw1c%=2{P`R$w-{>@$pWJ8Z!VPP3m}O zsp$0d3lb6%2qUVVM~;rY+cOPyT$~yQ0MpR&7TjcdhXXq~+s=M!9v&T8^AJ>(moNN2 z+FIYku$Wf>+ubi z8@*^ik5bGZ@h{ql-noMpYTom7c};2}*u=w0agO^iq5sdvGzy+O{Wj+2I1jw{2}sGv zP|FPq=<$h(u<>zy{q1!(nF#Zz*46|NPV(+o6%`cZ-Qn%Vrlub=6iVkb0e-r%&3tLe zV!v)+U?5uGHq%r1@Yk=rmKM`w#LV>c-pT%Q^0mIz==Im%nuctY@7~Q^Y0%D*Lp^x# z;OieN7Z)1H%%Bn5s_%W48jo-60)_m^`CPJ>on__o@Pl+ zO%)XtMWhY#mhE8Mys|Q$iHV7ho*sTuf3OZRcx^am8Q|8r$<)}h4~uQ%4w1qYS#M_!eelLKPI&IbbU-ySo%d$;@W zP(oErO-xd&=@t zJk5To$;tla%#ai z1fUMBZ|`X0!IjF(O&%PDr>~HtF)=X!Dzu@CzqV&se`(w`G11_9f1#{ew|W2jRoblX z)Z?y!)e}-u(rQ3gEM7P@@SnQeg^sJIhu!G9y1GW+zcTOp`tJN17A2=-mqq@bIX*tN zw6ekn_>g+~;{}hX?s|S{De2JA5H>ket{AFtv!O7^D_6QV#)=o6rFhO4Q79C=R(|s2 zs+X6S^Xbpk0t*R^&-V4Uc6OZ!+-f?erY{d?B{M0YM6kvB@gup@Tr)x1V9L{PnHd?* zCwu1myM1vSQST={ebO?jFzA0Dv%3Z*ee!#&YK%QR(;Baz!JIbSNlh*6#8^|4Y-hf` zYJgGq-aVmdHhdC)YhytX5lbg0N?u-Gt{Ta7(0xJ1nw<7IVk0yPRTG2X40UukNdlvK zE$r|PY%^5N&CO{QKUh(Knt?|9W3mPh*2WS;=;-L^@%!*K*H{`dpg<<-La5@MJ4r|e zS2k=vKKXloTl&fq8OHZvsUn>7XP>ByR8K!Gd+Kr zo13fOz71u)?o_}~Y?tvKwtpXDph=uQ`eb5aBEPnl7D`DO>dM~kG(_yG@ACG1J4YB5 zht`EfNAYxQBmtOB+q|W(Xn9>x=j=LRm-7z)_3J4{|6$z}?1SLlW10QAo-#CWr1$UN z_gu|uZ-4M6h&WM0M%k~lwIKC^CXcskAwR;bFZQC8=g)!<@rTF9%Rp2v^J-=eg;L3% z=^XxwRLwux(DuvNf0vP!)%*D~HFQOh(kT`e7AzD{lvTUQWT^;{EwoNHuaS*va1zL7}<YFe7u&6^eW`5CwP*lv2!Q-b*8F-At=zkhqVm?E$rsi~Ix-CXSS zv?;4lkX(;YH|Lz&p#fuk# zM?m2N|LE=L@GnnJMRS@P8>a_PnE)is&dwHPB}pH2Ep0GK#>>90?r;htRoqh8; zA7+=HfnhQ0**6;Ldr`fC_uf4`CvlmXwz2WX{QAd|X`}9sj(%yyURUD2%gA){^-Wyo`4TW7k71q zCgp4U)!t$l7_%ZRQ(C2VP}JtW!tAD-`zxoqqcct`;w&*92Se9UIlos|t{Op}*}RFbKW*{8z!td6jF69UX{IFQtQCzkXdHmo4uXd$2aF`4a~S zdY45_$qskgmXP7LYCa~y9?jYDdU|}r&DOyo+2aB4Cu0eglmaoa^jmp%H*9WN`uO-H zZn|4oD7pXH_>|=Et8sLfJAoLG23bTv^V5$cz$@bK01a2ud2n#lKJ9m#9G_AWb=efH zW{-2!(^>C(4%m1lW`2x$yWu9o%Z7UP?0RTe7-}YRmVunmW%)hD$cvJ(jcTB>7$(8% zJ08H0a@*TEYK(6EIxZ_K1L~OGm@dIW@y0|5D>ecGaC&PzW!d3l=r7j2y}h;VLO=k3 zE}YB&57SH&?p!;#EO-3#r+DT4RsnV+dQ>hDZHc_1=T32bK_E^d1*n=HLH__#hc>IR z-%6v2Pj5Gee8Qx1+S*tWEyF;*tZ_`w$e34Isde@jFb4oB$@jXn^ku?+I|&w06iQ{| zr7VU;!-jf#!La2T9=;)T70h~Y+ES-*Ly)t}&R`u=l zXiHzauPPvj!sE{Qr^k19C_Gz}mAG3JT13^!@zN3(gtbINAB#)hzTIb&cE#^#?n`(n zCbqu|R2-`=3d53}MIm`cUVLz2+nH@j`dVl2;lZpH%SJPy1JF=T0Xzq@5{R<^-2`h% zZOPn_l_gIb3~`)!i(_nu=PcRx`mqSzHP#8jR4`-o0BWiZ-6y|O_oR4Lb69s`Z`kC(tCia?TI=_m3f2?I?!W&@Zw!(w@J4-csu++G5> zwOX=2*FuhN^Km|XcaL6;;0Vok;Z9m=Do?~V7)4P3*{&Z06cE^5kp2s~)E^*s<3`zl zwKPkN2Bn>1RzhPuM5ovNZF4he!%T%2JAt9@C9k%kBEsX{d2LOFQ8dTCK!69R2kVJn zh8<*@I|~tp%6xf6MXIhJfHYV-I^M4Nx43BTAd2p^4qKgqq7pq=Ju6Yw1H! z+8`1APP#en+mj}pJfo9uh&W&&#&`bn%Mn{qRTJINWj^OB!!FSJ6@MkubfOX`&$o9Z zmYneDe_%)TNP?wiD0*2TnV496-+5@gdSyu4hccE(!x1NW64!G>gr!hS?xBikd4Ck? zpsj?)7yK?<&6Tf7>nBmewC=gCME92Fq1!SPbHu3fl9`m?r^W8^6kUyY5Wc@0_pFzk zFeq&q)9sh*2Bo`zdE865D^C1ifsASorkW|}?gvq2o5(IImw zmAlQc-pf=mhG9NTm&bLwyS}$EXYU(e!-ohAoQ%}qBApOIC`f(j)VZh!EH3wh8<;SGh*?yd#iXh`4GG4SsBNw7yFA1_5U^%1519wYI7uQAe#|>`Q z4+aA9J^NddX=fL&|AedkuF5$7E+Vg6yr7fIuO6xH$udK|2a!dTAg0`Rt>qa7x2oz?r z&FA@mn`FfB(vjExMEkkEMO}ED=F9*u-Iq!xKuBO{Kt`i<)%EomfG#JNo)^kQ(bci1 zB`23;@7{o0iF@L?GT~c^a`y_c3^Wl=%cvPZZisST!!h-ZuJ#$_SS61VPN)mo& z-a^8{13O1OdNQ|f-#+Qr_Dyujffn-g-9@laO26NB)}FT?MOE@pD`vd&`6CG=m^n0H z$fg_ML`+7ebefDzVe}>G?o;k9;S~OKdlIX%@wZ0vDxT$?l)~136HL|e$N~cCQ32M* zv#rk!^)L6|if=fUJZ*>H2dzJ@B>iOosM(&rwtouasu#0&woNoX`oK

`qu)*Q#?`v zMXdFWMr@(XKbZ^21f+2{&OIm|ifJ6YIYRA|4zf{RzDfs%e!5YV9<* ziJ$m5ds>La1eGWYv$M0`NHT&Y2izgz5sVJ55USd2i8U~^RJ$&27mwTTgO)`XM1rw| z%_zw(Pq2@;4v;)UA0?Y` zJ~n>r_K@$g6s2~yY$qs_9#dC{%4F;F>y;1Mv&W876Y#m5!#0%W4j$w6bK{`(sd!PJ zG96$}wtup3Ir1mBv5}dGlC1-Xwd?x`$6)`J0Ya{4aXJV!^&H>51x4@uUM9PklKT33 zt}wE4A|ipp+D}9{Q@6N(t4`NXIY{~ZeiMuYbD*m2H|fE_0osxGyA>-32UF6abs*@< z@`{QG#SqX3-QXuBeLb*AQ4LqKP<(AGk&!B$Z)aj*x$G&|?ATeKY*P?c9kopX4d~w6s}^vQ%^s7;9IB=HKK0#xAXQoKhCEm~;B8q5SC5YBvfX$} z4(@}FDU1{ui?y=Au1pA~CPAOO@?LaM!NuHYZ{ifF&CD?W40h-7ydMXImo}~xgs*9{ z+vWaxgA#q3_O+0o?NcSz#YIIbxVjijz~<&=f!@{EKOCBr?%rjM<&YQt)Cr10?(gB) z8-l{Ne}8wQg83Pv79Yz0G1mI(Eo)$Ch~@Gx<$PE=yrhFqmhRazr-`(k;DU&?_=+{0 zy-yayPCz6@BqSt6M}*JbkE{BZ7wKOucx8Xh_cbl?aK*!aD7n_^#^g@z2qF`Gef{?- z9ZI?JMuxv(R@3Obi2Kd&pASqcz%n{pAd>Ik&+!iA*Um<6O4wzD&N-?1_}tXWk_m~3 zAUT8CN!q=S8g%5H5uQk*n^aXE;8_*3cd%s+;`7*8RhR98`G5W zmadYI%Rc9Ok}9PQHX%^=3spCBh6MvYpy9~C4eVI}{)lodhY2%Lo>fs=T=9AnA?T5t zTU#R|BLR@i=xCbZgBLGebo6ofz0})fG13m8%lTsu%@XQja1*iQ$^L9-w)0cgjoyQ0 z@b&v!@zBc8y{MhD#Ev^2J}iF0DK18a zYCeUrRX6tDSgqJ`Crt$ z<-wXe8Hw{v-p^=sStk6HeY1?Yr5=XPz^Zx0Xkb7IiUX#j=zc;1AYe<-%IhtZdSF5S z`M7a0G3K70(vPl{4z31HY%vtZ7Zvegl(gKXzE6i|53zi*X}9{r1`}G3vy&PgRkiJA zI+zvV!GL4=`TU=3btD-XnakOU3yf>bKqdmu0b*g{_zZ#y)s~!=mS0&(Ng1YWaU2Wt zKCf2duefDd9wJ=2Zi%s)K%?UDWPPElN%rbTMZOuq9v$u?-#vn8hX4s0xa z{``u#Tz*4Fruxx@@YJStM9)1V2Uo@CQPSvz@}(qgIqU=ui~*3pFv6we zkc(ChqePby@bTfwKK~^sY}y!)ac}aTR5bC8#kf` z(?pg5mo7VMR<-`hkg~}YC~%&%3W8w>IR!<;YS7l^rjDT@e}eB%b36Odz{($=$`7nHT7TfSa(siz{+nPM5Nzxip z8avcH`mpq%r0Qo;*OK&}slCs$N|hfyy)|#%1josrGedZ#ybeojKO}K8MnpN-*bu^4 zr#6#2Z9~>IeLzKllez;ga|46~o4l{-N?vk!!TfF?*rzU_ci&jc*3C__-nLE@YAELm z$kP4S^%uA)XbY&4o`r>11rAk-1AO;|m?^_XW@g^y26;O=Qh?N-Yoc2%r?7gN?tJL zdy$@=aQjCC-2435_vS*o z!trN90?l~D1SkmJX?`%-iZpQdPrVyG5BNZ!l*pkca%Q&QSNR@Y0e6TsjPjxqG;;?@ zRJm@{rf3eU+yWDYJ3 zrC>!&JMkPz-vyknM=B{LB_ysUF&rC?<)Iy$=GUN<;h4}6YNdcw1vZoy{2Qp91( z0f&0FGwm<*KUw<(vwe*p1_273`A_jv_V)Hfq0`)H`8E9rP$KBR87d993(TQ3H%DM} z0{j68`scARZkg?p8lP|#5`^}c#PrMz15>F%nU9@QtLn|D-Ii-%%|Fjp`u2aH_Ts#(0|1kvVlrvl`bMv$eKhzvNdo%I$S7RF;2eMs@qAmADWZ8$W zT(DJD*b~<=G9s>H{j64AsjcdvoxaBH;!=k zuQf2|Ww((XUYolbwL0l8Qr<#9J6h!+^WO=f7}4_dX3W)eH%{gge6B<)rLHGzjovoP zt5ZjfNkW_f)bMbST)LBLMaq{+8G>{V@OR+5WGsU0T@$0t(l*wK#GV_=^w*mTzMkUW z^Q`Uki`aZWeFSL~yl-}gME(53O0!<|dCr+SC-%%3{)S@GW$f`0&JU^nJzp<8?((F= zUZX&jts;B`!H7ehB@YKta1>2?Mj}xx9rWODy{^L^-ytTZrAhnd8%el;8$U){D$S6F z*n7q4b>Q?Xq$Pa|`-%I~JtL%WFbIwTwQnDszM%}W>?T=sjj@gH3hLx)w21*RPhYfn z*YbnFC0KwuVz5>TQ;GB!VMb`<+#OeR+dGO>v1gh=6Jc;D9PNd zi{Q8v&LK`C(5uC#@A}DUu*?3?wf&TgfwT%|Js&3+amLnR@7=Eq$6nxp10ExQIHLM@ zpiMA-P#-OVwa=xB02e1_%E8y}NdCWDddmpoTkKRJLM0DzezAiC#~BxA5pjr^WQ^)H zQO>1?qPxU}ja#q>oEp-o_VFfM@N0=zqTY2~CE6qISXAfH-8udP<~9%Sf2W*?&pok+ z*noKti-EVaHyBJj+J{QU@==@l5@%oZZp8T)JAcqIK%e)$NS z>YdU*Ps+o*dRBHY$|Q$~r?|F6dzAi!h-(Nob%TKa;@o0lR+FvwjCAXD#d&~xaq0c? eFi+&tKRk&=KRgRxSxY!&i9n;YR4SFs0{;g9I1?NI literal 0 HcmV?d00001 diff --git a/build/lemonldap-ng/doc/overview-fr.html b/build/lemonldap-ng/doc/overview-fr.html index 0f76e49fb..7f8fb6a05 100644 --- a/build/lemonldap-ng/doc/overview-fr.html +++ b/build/lemonldap-ng/doc/overview-fr.html @@ -1,6 +1,6 @@ - + @@ -9,6 +9,53 @@ Lemonldap::NG documentation: overview-fr.html + + @@ -16,8 +63,10 @@

LemonLDAP::NG

-

- +

+ +
+

Lemonldap::NG est un + +

Index

diff --git a/build/lemonldap-ng/doc/overview.html b/build/lemonldap-ng/doc/overview.html index e0528d47e..a7cf71001 100644 --- a/build/lemonldap-ng/doc/overview.html +++ b/build/lemonldap-ng/doc/overview.html @@ -1,6 +1,6 @@ - + @@ -9,6 +9,53 @@ Lemonldap::NG documentation: overview.html + + @@ -16,8 +63,10 @@

LemonLDAP::NG

-

- +

+ +
+

Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with @@ -421,5 +470,7 @@ Remote-IP => $ip either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available. + +

Index

diff --git a/build/lemonldap-ng/doc/password-policy.html b/build/lemonldap-ng/doc/password-policy.html index 137b9f4f6..8e6885513 100644 --- a/build/lemonldap-ng/doc/password-policy.html +++ b/build/lemonldap-ng/doc/password-policy.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: password-policy.html + @@ -102,5 +144,7 @@ + +

Index

diff --git a/build/lemonldap-ng/doc/phpldapadmin.html b/build/lemonldap-ng/doc/phpldapadmin.html new file mode 100644 index 000000000..bdeb9dcda --- /dev/null +++ b/build/lemonldap-ng/doc/phpldapadmin.html @@ -0,0 +1,195 @@ + + + + + + + + Lemonldap::NG documentation: phpldapadmin.html + + + + + +
+

phpLDAPadmin

+ +

+ + + +

Presentation

+ +

phpLDAPadmin is an LDAP administration tool + written in PHP. See http://phpldapadmin.sourceforge.net/ + for more informations. + +

Simple + integration

+ +

This integration is easy: phpLDAPadmin will + connect to the directory with a static DN and password, and so will not + request authentication anymore. The access to phpLDAPadmin will be + protected by LemonLDAP::NG with specific access rules. + +

Warning: phpLDAPadmin will have no idea of the + user connected to the WebSSO. So a simple user can have admin rights on + the LDAP directory if your access rules are too lazy. + +

phpLDAPadmin configuration

+ +

Just set the authentication type to 'config' and + indicate DN and password inside the file config.php: + +

+ +
+ 
+$ldapservers->SetValue($i,'server','auth_type','config');
+$ldapservers->SetValue($i,'login','dn','cn=Manager,dc=example,dc=com');
+$ldapservers->SetValue($i,'login','pass','secret');
+
+
+ +

Save and close. + +

Apache + configuration

+ +

We recommend to create a virtualhost for + phpLDAPadmin (eg. http://pla.example.com). Then + configure this virtualhost in your existing Apache configuration: + +

+ +
+ 
+# The following lines must be set once for all virtualhosts 
+NameVirtualHost *

PerlRequire /opt/lemonldap-ng/handler/Handler.pm
+PerlOptions +GlobalRequest
+<Files ~ ".(pl)$">
+        SetHandler      perl-script
+        PerlHandler     ModPerl::Registry
+        PerlSendHeader  On
+</Files>

# Define here all protected virtualhosts

<VirtualHost *>
+        ServerName pla.example.com
+        ServerSignature Off

        DocumentRoot /opt/phpldapadmin
+        DirectoryIndex index.php

        PerlHeaderParserHandler Handler

        <Location /refresh>
+                PerlHeaderParserHandler Handler->refresh
+        </Location>

        LogLevel warn
+        ErrorLog /var/log/httpd/phpldapadmin-error.log
+        CustomLog /var/log/httpd/phphldapadmin-access.log combined
+</VirtualHost>
+
+
+ +

LemonLDAP::NG + configuration


+
+ Go to the manager and create a new virtual host:
+
+ +
+ 
+pla.example.com
+
+

+
+ Then create the access rule. Some examples:
+
+ +
+ 
+default => accept
+
+

+
+ +
+ 
+default => $groups ~= \badmin\b
+
+

+
+ Remove all HTTP_HEADERS, because they are not used! + +

Complex + integration


+
+ This is a feature request: + https://sourceforge.net/tracker/index.php?func=detail&aid=2073323&group_id=61828&atid=498549 +
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/references.html b/build/lemonldap-ng/doc/references.html new file mode 100644 index 000000000..e4fc15a15 --- /dev/null +++ b/build/lemonldap-ng/doc/references.html @@ -0,0 +1,97 @@ + + + + + + + + Lemonldap::NG documentation: references.html + + + + + +
+

References

+ +

+ + They use LemonLDAP::NG: + +

Gendarmerie + Nationale

+ +

+ + +
    +
  • Nb users:
    • + +
  • Nb protected applications:
    • +
+ +

Bibliothèque Publique + d'Information

+ +

logo_bpi.png + +
    +
  • Nb users: ~500
    • + +
  • Nb protected applications: ~10
    • +
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/roadmap.html b/build/lemonldap-ng/doc/roadmap.html new file mode 100644 index 000000000..af2c734c1 --- /dev/null +++ b/build/lemonldap-ng/doc/roadmap.html @@ -0,0 +1,126 @@ + + + + + + + + Lemonldap::NG documentation: roadmap.html + + + + + +
+

Roadmap for + LemonLDAP::NG

+ +

+ + + +

Version 0.9 + (2008)

+ +
    +
  • Liberty Alliance authentication module
    • + +
  • Skins for Manager and Portal
    • + +
  • SOAP access to configuration and sessions
    • +
+ +

Version 1.0 (end + 2008)

+ +
    +
  • Dissociate authentication and user backend capabilities (for + example, to choose LDAP for authentication, and MySQL for reading user's + information).
    • + +
  • Add a Menu.pm to portal modules, to provide an enhanced application + menu and password modification form
    • + +
  • i18n (internationalization) for modules, scripts and HTML + templates
    • + +
  • Production installation script
    • + +
  • Packages for Debian/Ubuntu, RedHat/CentOS
    • + +
  • Date and time parameters in access rules
    • + +
  • Monitoring scripts (MRTG, Cacti, Nagios)
    • + +
  • Sessions explorer
    • + +
  • Handler POST functionnalities, to fill authentication forms with + login/password
    • +
+ +

Version 2.0 + (2010)

+ +
    +
  • Manage Apache virtualhost configuration through LDAP backend
    • + +
  • SAML2 authentication and user backend
    • + +
  • SNMP extensions for monitoring
    • + +
  • Local password policy
    • +
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/soap-fr.html b/build/lemonldap-ng/doc/soap-fr.html index ba96ea83f..bdd810bff 100644 --- a/build/lemonldap-ng/doc/soap-fr.html +++ b/build/lemonldap-ng/doc/soap-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: soap-fr.html + @@ -492,5 +534,7 @@ configStorage => {

+ +

Index

diff --git a/build/lemonldap-ng/doc/sympa.html b/build/lemonldap-ng/doc/sympa.html new file mode 100644 index 000000000..abe9136f9 --- /dev/null +++ b/build/lemonldap-ng/doc/sympa.html @@ -0,0 +1,212 @@ + + + + + + + + Lemonldap::NG documentation: sympa.html + + + + + +
+

Sympa

+ +

+ + + +

Presentation

+ +

Sympa is a mailing list manager. See http://www.sympa.org for more + informations. + +

Integration with + LemonLDAP::NG

+ +

Presentation

+ +

Sympa provide a magic authentication mecanism, + which display a special button on the interface. When the user click on + it, if he has already an SSO session, he is directly authenticated. + +

This works for CAS, Shibboleth and LemonLDAP::NG. + +

Sympa + configuration


+
+ Edit the file "auth.conf", for example:
+
+ +
+ 
+# vi /etc/sympa/auth.conf
+
+

+
+ And fill it (replace all "example" elements): + +
+ 
+generic_sso
+        service_name                    LemonLDAP::NG
+        service_id                      lemonldapng
+        http_header_prefix              HTTP
+        email_http_header               HTTP_EMAIL
+        netid_http_header               HTTP_AUTH-USER
+        internal_email_by_netid         1
+        logout_url                      http://sympa.example.com/wws/logout

ldap
+        host                            localhost:389
+        timeout                         20
+        bind_dn                         cn=admin,dc=example,dc=com
+        bind_password                   secret
+        suffix                          dc=example,dc=com
+        get_dn_by_uid_filter            (uid=[sender])
+        get_dn_by_email_filter          (|(mail=[sender])(n2atraliasmail=[sender]))
+        alternative_email_attribute     n2atrmaildrop
+        email_attribute                 mail
+        scope                           sub
+        authentication_info_url         http://sympa.example.com
+
+
+ +

Apache + configuration

+ +

We recommend to create a virtualhost for + Sympa(eg. http://sympa.example.com). Then + configure this virtualhost in your existing Apache configuration: + +

+ +
+ 
+# The following lines must be set once for all virtualhosts 
+NameVirtualHost *

PerlRequire /opt/lemonldap-ng/handler/Handler.pm
+PerlOptions +GlobalRequest
+<Files ~ ".(pl)$">
+        SetHandler      perl-script
+        PerlHandler     ModPerl::Registry
+        PerlSendHeader  On
+</Files>

# Define here all protected virtualhosts
+<VirtualHost *>
+    ServerName sympa.example.com

    # WebSSO protection
+    <Location /wws/sso_login/lemonldapng>
+    PerlHeaderParserHandler Handler
+    </Location>

    <Location /reload>
+    PerlHeaderParserHandler Handler->reload
+    </Location>

    RedirectMatch ^/$ /wws
+    Alias /wwsicons /usr/share/sympa/icons
+    ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi

    LogLevel warn
+    ErrorLog /var/log/apache2/sympa-error.log
+    CustomLog /var/log/apache2/sympa-access.log combined
+</VirtualHost>
+
+
+ +

LemonLDAP::NG configuration

+ +

Go to the manager and create a new virtual host: + +
+ 
+pla.example.com
+
+

+
+ Then create the access rule: + +
+ 
+default => accept
+
+

+
+ And set the correct HTTP headers: + +
+ 
+Auth-User => $uid
+email => $email
+
+
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/tomcat-valve.html b/build/lemonldap-ng/doc/tomcat-valve.html new file mode 100644 index 000000000..607d330cc --- /dev/null +++ b/build/lemonldap-ng/doc/tomcat-valve.html @@ -0,0 +1,170 @@ + + + + + + + + Lemonldap::NG documentation: tomcat-valve.html + + + + + +
+

Tomcat valve

+ +

+ + The Tomcat valve was provided by Pascal Pejac. + +

This valve is only available for tomcat 5.5 or + greater. + +

Compilation

+ +

Note: source and compiled valve can be found in + the download area. + +

Required : + +
    +
  • ant
    • + +
  • jre > 1.4
    • + +
  • tomcat >= 5.5
    • +
Configure your tomcat home in build.properties files.
+
+ Note: be crareful for windosw user, path must contains "/".
+
+ Exemple: + +
+ 
+c:/my hardisk/tomcat/
+
+

+
+ Next run ant command: + +
+ 
+ant
+
+

+
+ ValveLemonLDAPNG.jar is created under /dist directory. + +

Installation


+
+ Copy ValveLemonLDAPNG.jar on <TOMCAT_HOME>/server/lib
+
+ Add on your server.xml file a new valve entry like this (in host + section):
+
+ +
+ 
+<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1"/>
+
+

+
+ Configure attributes: + +
    +
  • userKey: key in the http header send by lemonLDAP in order to store + user login.
    • + +
  • roleKey: key in the http header send by lemonLDAP in order to store + roles. If lemonLDAP send some roles split by some commas, use + roleSeparator.
    • + +
  • roleSeparator (optional): see above.
    • + +
  • allows (optional): filter remote IP. IP defined in this attribute + are allowed (use "," separator for multiple IP). Just set the + LemonLDAP::NG handler IP on this attribute in order to add more + security. If this attribute is missed all hosts are allowed.
    • +
+ +

Quick test + and debugging tips


+
+ Download for exemple probe application (great administration tool for + tomcat): http://www.lambdaprobe.org.
+
+ Install valve and configure it.
+
+ Send via LemonLDAP::NG user with role = probeuser or other user with role + = manager.
+
+ Probe doesn't ask authentification, you're logged...
+
+ For debugging, this valve can print some helpfull information in debug + level. Configure logging in tomcat (see http://tomcat.apache.org/tomcat-5.5-doc/logging.html) + . +
+ +

Index

+ +