[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5679) Translucent search
This is a cryptographically signed message in MIME format.
--------------ms090100030100000501010002
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Pierangelo Masarati a écrit :
<blockquote cite="mid:48C2B56D.6000703@sys-net.it"; type="cite"><a
class="moz-txt-link-abbreviated"
href="mailto:julien@famille-garnier.com";>julien@famille-garnier.com</a>
wrote: <br>
<br>
<blockquote type="cite">It seems to be impossible to search local and
remote together : <br>
a search request against one local attribute work correctly and return
result 1 <br>
(ldapsearch "(local=*)") <br>
a search on a remote atttribute works fine and return result 2
(ldapsearch <br>
"(remote=*)") <br>
<br>
Finaly, a search with the local and remote attribute (ldapsearch <br>
"($(local=*)(remote=*))") <br>
</blockquote>
<br>
I assume "$" is a typo, while you meant "&" in the above filter. <br>
</blockquote>
Hi Pierangelo,<br>
yes, it is a typo <br>
<blockquote cite="mid:48C2B56D.6000703@sys-net.it"; type="cite"><br>
<blockquote type="cite">only return results as the search on the
local <br>
attribute and doesn't take the remote attribute. The respons is the
same as <br>
result 1 <br>
<br>
<br>
In slapd.conf : translucent_local local <br>
translucent_remote remote <br>
</blockquote>
<br>
I've checked the current code, and it appears to work as intended. Can
you confirm the fact that the local and remote attributes are contained
only in the local and the remote database, respectively? You can
easily check by directly searching the remote database. Otherwise, you
don't provide enough information about configuration and database
contents to reproduce the issue. <br>
</blockquote>
my config : <br>
<br>
ldap_relay (remote in the translucent config) is synchronize with a
master via syncrepl. :<br>
<br>
#######################################################################<br>
# Global Directives:<br>
<br>
# Features to permit<br>
allow bind_v2<br>
<br>
# Schema and objectClass definitions<br>
include /etc/openldap/schema/core.schema<br>
include /etc/openldap/schema/cosine.schema<br>
include /etc/openldap/schema/nis.schema<br>
include /etc/openldap/schema/inetorgperson.schema<br>
include /etc/openldap/schema/cnrs.schema<br>
<br>
# Where the pid file is put. The init.d script<br>
# will not stop the server if you change this.<br>
pidfile /var/run/slapd/slapd.pid<br>
<br>
# List of arguments that were passed to the server<br>
argsfile /var/run/slapd/slapd.args<br>
<br>
# Read slapd.conf(5) for possible values<br>
loglevel 0<br>
<br>
# Where the dynamically loaded modules are stored<br>
<br>
# The maximum number of entries that is returned for a search operation<br>
sizelimit 500000<br>
<br>
# The tool-threads parameter sets the actual amount of cpu's that is
used<br>
# for indexing.<br>
tool-threads 2<br>
<br>
#######################################################################<br>
# Specific Backend Directives for bdb:<br>
# Backend specific directives apply to this backend until another<br>
# 'backend' directive occurs<br>
backend bdb<br>
#checkpoint 512 30<br>
<br>
database bdb<br>
<br>
# The base of your directory in database #1<br>
suffix "ou=People,dc=cnrs,dc=fr"<br>
<br>
# rootdn directive for specifying a superuser on the database. This is
needed<br>
# for syncrepl.<br>
rootdn "cn=admin,ou=People,dc=cnrs,dc=fr"<br>
rootpw "password"<br>
<br>
# Where the database file are physically stored for database #1<br>
directory "/var/lib/ldap-people"<br>
<br>
# For the Debian package we use 2MB as default but be sure to update
this<br>
# value if you have plenty of RAM<br>
#dbconfig set_cachesize 0 2097152 0<br>
dbconfig set_cachesize 0 536870912 0<br>
dbconfig set_flags DB_LOG_AUTOREMOVE<br>
<br>
# Sven Hartge reported that he had to set this value incredibly high<br>
# to get slapd running at all. See <a class="moz-txt-link-freetext"
href="http://bugs.debian.org/303057";>http://bugs.debian.org/303057</a><br>
# for more information.<br>
<br>
# Number of objects that can be locked at the same time.<br>
dbconfig set_lk_max_objects 1500<br>
# Number of locks (both requestd and granted)<br>
dbconfig set_lk_max_locks 1500<br>
# Number of lockers<br>
dbconfig set_lk_max_lockers 1500<br>
dbconfig set_flags DB_LOG_AUTOREMOVE<br>
<br>
<br>
# Indexing options for database #1<br>
index objectClass eq<br>
index ou,cn,mail,surname,givenname eq,pres,sub<br>
index uid eq,pres,sub<br>
index entryUUID,entryCSN eq,pres<br>
index cnrsRole,cnrsDepartement eq,pres,sub<br>
index cnrsDelegation eq,pres,sub<br>
index departmentNumber eq,pres,sub<br>
<br>
# Save the time that the entry gets modified, for database #1<br>
lastmod on<br>
<br>
#id du client (numero DR)<br>
syncrepl rid=013<br>
provider=<a class="moz-txt-link-freetext"
href="ldap://sagan.dr15.cnrs.fr:389";>ldap://sagan.dr15.cnrs.fr:389</a><br>
searchbase="ou=People,dc=cnrs,dc=fr"<br>
type=refreshAndPersist<br>
scope=sub<br>
interval=00:00:00:10<br>
retry="60 10 300 +"<br>
attrs="*"<br>
schemachecking=off<br>
bindmethod=simple<br>
binddn="cn=sync-dr13,ou=people,dc=cnrs,dc=fr"<br>
credentials="password"<br>
<br>
access to dn.base="" by * read<br>
<br>
# The admin dn has full write access, everyone else<br>
# can read everything.<br>
access to *<br>
by dn="cn=admin,ou=People,dc=cnrs,dc=fr" write<br>
by * read<br>
<br>
<br>
*******************************************************************<br>
*******************************************************************<br>
<br>
My ldap server user translucent to add attributes to ldap_relay :<br>
<br>
# Schema and objectClass definitions<br>
include /etc/openldap/schema/core.schema<br>
include /etc/openldap/schema/cosine.schema<br>
include /etc/openldap/schema/nis.schema<br>
include /etc/openldap/schema/inetorgperson.schema<br>
include /etc/openldap/schema/DR13.schema<br>
include /etc/openldap/schema/cnrs.schema<br>
include /etc/openldap/schema/dyngroup.schema<br>
#include /etc/openldap/schema/calendar.schema<br>
#include /etc/openldap/schema/julien.schema<br>
<br>
pidfile /var/run/slapd/slapd.pid<br>
argsfile /var/run/slapd/slapd.args<br>
loglevel 0<br>
<br>
allow bind_v2<br>
<br>
# The maximum number of entries that is returned for a search operation<br>
sizelimit 50000<br>
<br>
# The tool-threads parameter sets the actual amount of cpu's that is
used<br>
# for indexing.<br>
tool-threads 1<br>
<br>
#######################################################################<br>
# Specific Backend Directives for bdb:<br>
# Backend specific directives apply to this backend until another<br>
# 'backend' directive occurs<br>
backend bdb<br>
<br>
#######################################################################<br>
# Specific Directives for database #1, of type bdb:<br>
# Database specific directives apply to this databasse until another<br>
# 'database' directive occurs<br>
database bdb<br>
<br>
# The base of your directory in database #1<br>
suffix "ou=People,dc=cnrs,dc=fr"<br>
<br>
# rootdn directive for specifying a superuser on the database. This is
needed<br>
# for syncrepl.<br>
rootdn "cn=admin,ou=People,dc=cnrs,dc=fr"<br>
rootpw "password"<br>
<br>
# Where the database file are physically stored for database #1<br>
directory "/var/lib/ldap-people"<br>
<br>
dbconfig set_cachesize 0 536870912 0<br>
dbconfig set_flags DB_LOG_AUTOREMOVE<br>
dbconfig set_lk_max_objects 1500<br>
dbconfig set_lk_max_locks 1500<br>
dbconfig set_lk_max_lockers 1500<br>
<br>
# Indexing options for database #1<br>
index objectClass eq,pres<br>
index ou,cn,mail,surname,givenname eq,pres,sub<br>
index uid eq,pres<br>
index entryCSN,entryUUID eq,pres<br>
index cnrsDelegation eq,pres,sub<br>
index
Service,ACMO,corinfo,corcom,corform,corvalo,gxlab,corsecu,authtest,GLabintel
eq,pres,sub<br>
<br>
overlay translucent<br>
translucent_no_glue off<br>
translucent_strict off<br>
<br>
translucent_local
ACMO,Service,corinfo,corcom,corform,corvalo,gxlab,corsecu,userPassword,shadowLastChange,authtest,GLabintel,Poste<br>
translucent_remote
sn,GivenName,mail,street,Postalcode,l,cnrsDelegation,uid<br>
<br>
uri <a class="moz-txt-link-freetext"
href="ldap://ldap_relay.dr13.cnrs.fr";>ldap://ldap_relay.dr13.cnrs.fr</a><br>
lastmod off<br>
<br>
acl-bind binddn="cn=admin,ou=People,dc=cnrs,dc=fr"
credentials="password"<br>
<br>
access to attrs=userPassword,shadowLastChange<br>
by dn="cn=admin,ou=People,dc=cnrs,dc=fr" write<br>
by anonymous auth<br>
by self write<br>
by * none<br>
<br>
access to dn.base=""<br>
by * read<br>
<br>
# acces de l'IBMM (UMR5247)<br>
access to dn.sub="ou=people,dc=cnrs,dc=fr"<br>
filter=(ou=UMR5247*)<br>
by peername.regex="IP=193\.49\.133\..+" read<br>
by peername.regex="IP=127\.0\.0\.1" read<br>
by peername.regex="IP=194\.214\.161\.70" read<br>
<br>
# acces de la delegation : lecture pour tout<br>
access to *<br>
by peername.regex="IP=193\.49\.133\..+" read<br>
by peername.regex="IP=127\.0\.0\.1" read<br>
by dn="cn=admin,ou=People,dc=cnrs,dc=fr" write<br>
by * none<br>
***********************************************************<br>
***********************************************************<br>
<br>
the searches : <br>
<b>ou</b> is in remote (it's ou derivated from inetorgperson)<br>
<b>corsecu </b>is in local : attribute is add to inetorgperson : <br>
attributetype ( 1.3.6.1.4.1.10813.13.2.9<br>
NAME 'CorSecu'<br>
DESC 'Correspondant Securité'<br>
EQUALITY caseIgnoreMatch<br>
SUBSTR caseIgnoreSubstringsMatch<br>
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br>
<br>
<br>
if I search who is corsecu : <br>
<br>
ldapsearch -x -b "ou=People,dc=cnrs,dc=fr" "(corsecu=*)" ou corsecu<br>
# extended LDIF<br>
#<br>
# LDAPv3<br>
# base <ou=People,dc=cnrs,dc=fr> with scope subtree<br>
# filter: (corsecu=*)<br>
# requesting: ou corsecu<br>
#<br>
<br>
# martine.costanzo, cnrs, People, cnrs.fr<br>
dn: uid=martine.costanzo,ou=cnrs,ou=People,dc=cnrs,dc=fr<br>
ou::
TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg==<br>
CorSecu: MOY1300<br>
<br>
# vincent.chicot, cnrs, People, cnrs.fr<br>
dn: uid=vincent.chicot,ou=cnrs,ou=People,dc=cnrs,dc=fr<br>
ou::
TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg==<br>
CorSecu: MOY1300<br>
<br>
# josiane.tack.1, cnrs, People, cnrs.fr<br>
dn: uid=josiane.tack.1,ou=cnrs,ou=People,dc=cnrs,dc=fr<br>
ou:: VU1SNTI0MyAtICgxKSAtIEfDqW9zY2llbmNlcyBNb250cGVsbGllcg==<br>
CorSecu: UMR5243<br>
<br>
# search result<br>
search: 2<br>
result: 0 Success<br>
<br>
# numResponses: 4<br>
# numEntries: 3<br>
<br>
Josian Tack is in OU = UMR5243 - (1) - Géosciences Montpellier<br>
other are in OU = MOY1300 - (1) - Délégation Languedoc-Roussillon<br>
<br>
If I only want corsecu in ou MOY1300 : <br>
<br>
ldapsearch -x -b "ou=People,dc=cnrs,dc=fr"
"(&(ou=MOY1300*)(corsecu=*))" ou corsecu<br>
<br>
# extended LDIF<br>
#<br>
# LDAPv3<br>
# base <ou=People,dc=cnrs,dc=fr> with scope subtree<br>
# filter: (&(ou=MOY1300*)(corsecu=*))<br>
# requesting: ou corsecu<br>
#<br>
<br>
# martine.costanzo, cnrs, People, cnrs.fr<br>
dn: uid=martine.costanzo,ou=cnrs,ou=People,dc=cnrs,dc=fr<br>
ou::
TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg==<br>
CorSecu: MOY1300<br>
<br>
# vincent.chicot, cnrs, People, cnrs.fr<br>
dn: uid=vincent.chicot,ou=cnrs,ou=People,dc=cnrs,dc=fr<br>
ou::
TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg==<br>
CorSecu: MOY1300<br>
<br>
# josiane.tack.1, cnrs, People, cnrs.fr<br>
dn: uid=josiane.tack.1,ou=cnrs,ou=People,dc=cnrs,dc=fr<br>
ou:: VU1SNTI0MyAtICgxKSAtIEfDqW9zY2llbmNlcyBNb250cGVsbGllcg==<br>
CorSecu: UMR5243<br>
<br>
# search result<br>
search: 2<br>
result: 0 Success<br>
<br>
# numResponses: 4<br>
# numEntries: 3<br>
<br>
Josiane Tack is always here<br>
<br>
<br>
Thanks<br>
<br>
Julien<br>
<br>
<br>
</body>
</html>
--------------ms090100030100000501010002
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMxTCC
A2kwggJRoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwKzELMAkGA1UEBhMCRlIxDTALBgNVBAoT
BENOUlMxDTALBgNVBAMTBENOUlMwHhcNMDEwNDI3MDU0NTI4WhcNMTEwNDI1MDU0NTI4WjAw
MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQlSTUNpNZM31NKiH++/aLeFo2lCbD/EdAsq
k8Vzl0yoN+BS3qY5EbkZbUwU3x/o0XsfvqsfOqTz4MxEavsJmlRetHAfYUPmXCiwwnxCmFS/
+N2NmN2bnWIY0Vzk6qZkgTdYZqj1eiXNyn1q1E/IpPEp7hA+KdulYJ706Xj99ih8kVFa/a8y
45ub5FOWpK4DJPBoNxS7LPsZyGtfehmcCRtj2JF7BcxJMTH6GPwZ1j/Y4DdBcxmzIfLOjQly
ROrlDF5iiscuxzZOPOKUcbnjU5fgFxTE8YQ9jyqL5X6xeWaNABwPR6O+Kln/eDowWrJXnjke
VBbfBKm6xYvLyzlQUQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFd9dKaS
m4hc/uQEKfTsOmcnVOD4MFMGA1UdIwRMMEqAFFbraLnSXH6YtaVTw5FvY1jE+Wu3oS+kLTAr
MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzENMAsGA1UEAxMEQ05SU4IBADALBgNVHQ8E
BAMCAQYwDQYJKoZIhvcNAQEEBQADggEBAEc8oDJIziXlPHqdm+CF/44HRs8MOif5Un3d8x7y
vgBqvLt2WV6xoI4h4Y+54Z7Aog3H65z/qtiZdxb3CehCzhltPGHZ/oNHZJa74xqUXJgXeKUk
V/JQw0a/z4VLRjnhU0mzbvghbOAJsA6QqsKWC2ZiWhHZaLScVt3zrJ9F8mWX3DAf4HRN+0iY
U438vLKSBM6KJhb7Mn1tXk36IcskrwAnozVizkwLendcMYpKuKyu7DofQXUouGwJF+YE6u3B
L72QvPko9jHauBqNWpRm2n1ETnjw2VXs7RKfy8q8no78VLT8+x7fPCBcZMx69Ytyouj+TThX
KVNQ4bxYoJEggZUwggSoMIIDkKADAgECAgIOdzANBgkqhkiG9w0BAQUFADAwMQswCQYDVQQG
EwJGUjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzMB4XDTA3MTEwODEyMDAw
NFoXDTA4MTEwNzEyMDAwNFowczELMAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxEDAOBgNV
BAsTB01PWTEzMDAxFzAVBgNVBAMTDkp1bGllbiBHYXJuaWVyMSowKAYJKoZIhvcNAQkBFhtK
dWxpZW4uR2FybmllckBkcjEzLmNucnMuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDnOJa63KmBNrk1iWwIoBfaNRIoB5R+4X+aCOXHD9jXaq5WUV42JEFHvgA87t6esw5U
lKgjjyDa8IEW6YQX/WQ9EuHVq4zAvYFQ37bv+obvf1icCyOxDCqqozcIaP8vawVhD244p3bx
nVP18QlmlS6MAoqD2NSOgdXjrqQb2uJSE+KLwGMnjjs4zb8lRt2dYp67z7SBLYTnTq04o0Yr
fOtYt+rnlleDlWKdJGgNqryiHO20tKlOAUHE4ahZHjsKhEZGdJ4KCoEuDNQtyRLznRGuuH+b
2QjecVL2DmF26hNYlgM4c4TNWETGEBSgdBnlntcEQH443LN2qEx+lRA5dIr/AgMBAAGjggGH
MIIBgzAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDAOBgNVHQ8BAf8EBAMCBeAw
cAYJYIZIAYb4QgENBGMWYUNlcnRpZmljYXQgQ05SUy1QbHVzLiBQb3VyIHRvdXRlIGluZm9y
bWF0aW9uIHNlIHJlcG9ydGVyIOAgaHR0cDovL2lnYy5zZXJ2aWNlcy5jbnJzLmZyL0NOUlMt
UGx1cy8wHQYDVR0OBBYEFECFdlYtLkLUfoSH/7VfvQ4hYG60MFMGA1UdIwRMMEqAFFd9dKaS
m4hc/uQEKfTsOmcnVOD4oS+kLTArMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzENMAsG
A1UEAxMEQ05SU4IBATAmBgNVHREEHzAdgRtKdWxpZW4uR2FybmllckBkcjEzLmNucnMuZnIw
QgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybHMuc2VydmljZXMuY25ycy5mci9DTlJTLVBs
dXMvZ2V0ZGVyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAuz1KzmYgAcfVPB1mE8GBR0Yzz/td
ij3IttaeiCmpDfArhOwdolUiLV1MF/oJGDHX+yxpcHNu6wH3E6eEVoYycPwCcN5P9mTaxrTG
KYXIj6RoDPIiCQpE9zjKV+c0jJr0bwBZIIJfCIpOpmcHHW+3BbtqjuboydwOqh5ICesPnMRr
BA6WEEnB7pv1sp0vAoK0O7/ctJS6C/X37LsTBYcHVkKoyjGYUYdBjWUgmPs+jsArqe+QKSRA
zl/3Xc83ZZ681aKApq9hrlmDYpP50E87uK+c2ul/fm4iwvJdb3WkyQaCfc4Epot5GMusb5/C
j8JLmtpc7mv+DIrhbz3jbmZ0HTCCBKgwggOQoAMCAQICAg53MA0GCSqGSIb3DQEBBQUAMDAx
CzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRIwEAYDVQQDEwlDTlJTLVBsdXMwHhcNMDcx
MTA4MTIwMDA0WhcNMDgxMTA3MTIwMDA0WjBzMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05S
UzEQMA4GA1UECxMHTU9ZMTMwMDEXMBUGA1UEAxMOSnVsaWVuIEdhcm5pZXIxKjAoBgkqhkiG
9w0BCQEWG0p1bGllbi5HYXJuaWVyQGRyMTMuY25ycy5mcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOc4lrrcqYE2uTWJbAigF9o1EigHlH7hf5oI5ccP2NdqrlZRXjYkQUe+
ADzu3p6zDlSUqCOPINrwgRbphBf9ZD0S4dWrjMC9gVDftu/6hu9/WJwLI7EMKqqjNwho/y9r
BWEPbjindvGdU/XxCWaVLowCioPY1I6B1eOupBva4lIT4ovAYyeOOzjNvyVG3Z1inrvPtIEt
hOdOrTijRit861i36ueWV4OVYp0kaA2qvKIc7bS0qU4BQcThqFkeOwqERkZ0ngoKgS4M1C3J
EvOdEa64f5vZCN5xUvYOYXbqE1iWAzhzhM1YRMYQFKB0GeWe1wRAfjjcs3aoTH6VEDl0iv8C
AwEAAaOCAYcwggGDMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB
/wQEAwIF4DBwBglghkgBhvhCAQ0EYxZhQ2VydGlmaWNhdCBDTlJTLVBsdXMuIFBvdXIgdG91
dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8vaWdjLnNlcnZpY2VzLmNucnMu
ZnIvQ05SUy1QbHVzLzAdBgNVHQ4EFgQUQIV2Vi0uQtR+hIf/tV+9DiFgbrQwUwYDVR0jBEww
SoAUV310ppKbiFz+5AQp9Ow6ZydU4PihL6QtMCsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRD
TlJTMQ0wCwYDVQQDEwRDTlJTggEBMCYGA1UdEQQfMB2BG0p1bGllbi5HYXJuaWVyQGRyMTMu
Y25ycy5mcjBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3Jscy5zZXJ2aWNlcy5jbnJzLmZy
L0NOUlMtUGx1cy9nZXRkZXIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7PUrOZiABx9U8HWYT
wYFHRjPP+12KPci21p6IKakN8CuE7B2iVSItXUwX+gkYMdf7LGlwc27rAfcTp4RWhjJw/AJw
3k/2ZNrGtMYphciPpGgM8iIJCkT3OMpX5zSMmvRvAFkggl8Iik6mZwcdb7cFu2qO5ujJ3A6q
HkgJ6w+cxGsEDpYQScHum/WynS8CgrQ7v9y0lLoL9ffsuxMFhwdWQqjKMZhRh0GNZSCY+z6O
wCup75ApJEDOX/ddzzdlnrzVooCmr2GuWYNik/nQTzu4r5za6X9+biLC8l1vdaTJBoJ9zgSm
i3kYy6xvn8KPwkua2lzua/4MiuFvPeNuZnQdMYICojCCAp4CAQEwNjAwMQswCQYDVQQGEwJG
UjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzAgIOdzAJBgUrDgMCGgUAoIIB
QTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODA5MDgwODU1
MDBaMCMGCSqGSIb3DQEJBDEWBBSid4zDaEYBT67+19UaSp/1nXMUWDBFBgkrBgEEAYI3EAQx
ODA2MDAxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRIwEAYDVQQDEwlDTlJTLVBsdXMC
Ag53MEcGCyqGSIb3DQEJEAILMTigNjAwMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzES
MBAGA1UEAxMJQ05SUy1QbHVzAgIOdzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAN
BgkqhkiG9w0BAQEFAASCAQA04y3ZTPTP04e07uaMNwF5+4i+329g+KgAd+lmUvfaGJsOyGjw
pCsZQIqeBzZFAfCNtmp8VyU2TCVcF6A5odWabasUltXe8HfLN64njJ/50iUQfDRFZEcZfh9b
nYSTsHiuCyua78Iim18gNflXQReHWdreoSkg0MDaq0MTd98tNxZsOFPa4l9e7Xj29F4HHgck
pD/0XXmP6/ZtFOxZUojL92H31RS6MlPeLC0EX5RjkLQ4maXlMvjX1MQUpv6uwOG1rkSaTDKW
zEcUcKP/gYFHL7LDUZC8GlhLGvuzxrSamS2RRJE+mAzc/U+aOf6O7qeFyje8PM6r57qc0iQQ
XCDeAAAAAAAA
--------------ms090100030100000501010002--