From dcfd87cd174bac559a31a83300f7159626b4e836 Mon Sep 17 00:00:00 2001 From: Martin Weise <martin.weise@tuwien.ac.at> Date: Tue, 30 Jul 2024 15:39:40 +0200 Subject: [PATCH] Hotfix password change and LDAP --- .docker/dist.tar.gz | Bin 9911 -> 9884 bytes .docker/docker-compose.yml | 1 - .docs/api/auth-service.md | 35 ++++++++++++++++-- .../at/tuwien/endpoints/UserEndpoint.java | 2 +- .../gateway/KeycloakGatewayUnitTest.java | 3 +- .../tuwien/service/UserServiceUnitTest.java | 2 +- .../at/tuwien/gateway/KeycloakGateway.java | 2 +- .../gateway/impl/KeycloakGatewayImpl.java | 5 ++- docker-compose.yml | 1 - helm/dbrepo/values.yaml | 2 +- 10 files changed, 41 insertions(+), 12 deletions(-) diff --git a/.docker/dist.tar.gz b/.docker/dist.tar.gz index 8de17c93ea61448bb57c66d16d836b7340fa000b..13e91ed189c2425dbb2d2493cc6fd4fa9d949b3e 100644 GIT binary patch literal 9884 zcmb2|=3oE=<~K3f#j{UbI+y;R>s0lsIXOM+_Px>#-y3m=Yh#|<B-!-WBHalpg31$i zp7=J;_W$262MXj<RBq4q&Gk4cWPI7yx%|BGUE5}_)T<%yCLGmzmXvvG#g{D??(h8+ z+W7j#1BUvretzwb{yX?yv0r_)`_;jViEFC@EZ4~HT^+)owY9n2=jm2<r`<8PC+fCU zZm)2d)%)qTZTSD@IPKta@e_G(49+lFZql+gTJ0C{r}Ols@0(tqdHh}Y^pRu9%Gpab zHFV0R@6ud7GfDd7v`GuL%U+(8u5mdic;ds1bHS^U+V5074pkS6nw67tW5<+4otDs7 zCNp9W-}&k#a=9Soti!aF6Wmu81XP`Uw(RW>-b<#pnAkW=?uBS(rd2L_I4!DDF?tq{ zZ20P>Su4-2%2;%gEqd*yYZKiig!T8`STo`BnnTl;8u3)GI(sVgq+8$al-$%lv7(dv zu1g<W!m1eQ?;UI`6J~7UK6grp*Jqv6Qkl)}A9N0vB=_IFv}MkX<hR#ePhHIR@3FUx zr1n{(Ue*uXQl*xG52Bt2bxRjMzcYdT@1NK9v2{ltGOaAVmr%R)Pr13P!nfbbnFn~= z&1*MKUDl;F=}EE5>vJ+L3+}Ko7aY)Y*y{g*W7Dn+JZUQ>joVUV4OSVSHj(|YZ%Xd( zgIlg_POok}wr$zr&w}q1j5hd2<{Mn?lKrwmcfw1j<?W80tuo%s)d{Oi*Snaf8%wwv zxLmyyb|TB*e$M5D<p=82H+_DaGbitUe)8?3Z=_VL{~YP8@!s{W{8;S1gVW|7{j{I= zPr3Q|ZGGK0!>)zgyXW)IP0i^-rL(YNh^BDo^nLR>Rj%=`>I|4tzln82!Q+eSYo^Mz z>%QT$)!d+TSM<QNh7WIf)b_WVvK9X*V{^WCC3j8RgiAi^ajtKUI~kvC`?|Dc>-y7^ zCq1^yIH7UU%d_m1-Tk5@kE@p)Ul#1WBYORk<Tbgn8GCm=){%Z%wDif}>^UKRTB+PG z#LN=+9shIk%mePtukXJ%s{eO#f&1CSRr-@Gj%svHdaUMZc=)uMS<A->;<nbQ8@8&f zGBfmD@GyV&T)T43!nNxzbZ0dD-+JN6-$yH~uNhyL$@04HX?9WLQBKGfm$oeLWrDZn z=j&(o>#g|4<8xJpS3@F5{pYPZuOg2H(Ts<9pE<smnrkk8=}G0iC)<jZjQ3>3r3ifc z`E+X9+Ien2_0&shN{_#bJlx{=!vFvJ*<EWMFXz&2dtEs9wxYZg+x=|bUrzZ?KA%{f za?)lhZ)E)@=ll0(uNQpXbI?>`mL%J?>E2?SA3LS_Bwu;MVN<tCggMA3O>y;$1s3VN z%sX<sYUJiGnD(|$-sS0!%wMTLem*?SxxDMH^v_k1?-!<i{dN2B8sE2yLbY9$VQ&f> zzNYy7c(^rKs(T-6i#cOt*ze~_|0jv7{`3AUd_DW~zaZ|r!Kay5cwLI?{aM&%5azM` z*A@9+YGPkR?2?RReEUuEIA1PW@~!#SK8r5%W82?6yjZAvwQpI=o>dO>PA)WCC9>_} zE`d$n$>ozCL<zVjubVv0e~-o96qBR>3N${6pWHcHm$&ULYhzdHt!=H#R4>nJonvD^ zLyfb_b&ldyndq8!dB&d38sm~@lU?5kMVc*8pI3TN<CfBO>GA`+rSDd$e60Q^rnl{O zYV_KRHTNQPq_+JvUGk@fdESE`GGUJW24$zqSRcmxIQI2idinRy)@y5j1z0{`_k+9d zwfWA~!hF}w)2Dx!`~2PeUjOi|pJ&gWeK~aXb-~%El3zbQetf;aarv3wV>hn}`P#p$ z=wSWtW1RE%*Tzk=zZ>0ryRfq6R@~j)x&JZ@cJ3>1tG^SXKh^u^!uro29~G}Ze|2{5 z=O?SIc0E{LFLUL*|C;ruy?-Zt`dL(ZbzfZQez}@S`s}OERTQo%6<41hwmfv{;$7=1 zKUb85=JN*Rny$Wfd;0W0;UzZvW}MZx3v*lkj<fzJd-%Vi`p}ozPQ{7(dF+$huYTDQ zKHo(D?dMOqTMymW+t)Q&IPspzdVlfme-B?2mKk5ZBbU`TC$2cux%u{Qzsi`Mk+xg) z^Rylm-aPb_bJkUT-Ml|<mu#(hb)N0->*B@h=5Jpv|9ZOk;pn%?sh>WSe){?P?B6Ak z{}$c9s+GIB%Gz~4`=SRj+}+2+-bU!W-kZNUZ2z5Ffv7v8<#Ml9UC#HG{Wt4<!tbuU zh_f@=5(NEqZDwaJX#K@%%xn0n;E}5Lqt0bI7oT6N6h2U-QY56lt=;oiiR$d7-yOC5 zo;()mo4IN2%6-dD@c(j7yds{@DaO3LMDlhM`-~H2NiG#-(ZxQmHB<Dz9aU*i;o7q@ z@A1;~l~Z*tdmT77;rS7@T-n2YK7O$cvMTdEN)_5lJG0GxJ`8Bm)ZyG`W!&nZZLhGz z@9h$O9^UiE&wAI1OqjTP%d3TImXEAbr<{~Yf4n8gljm~$_he>ni&X8RcIyX6R`*?b z^S!F3SmjIgC65=M{u)Y#<mpDQRbeZ(mic&hMsLESkVvfzg{z&Oll8nOh;Te{3O~&M zFy&}r>V(9b>bkEV9G5<^tvMkt-{wZN_=(&J*(ZDBHZ>aU>vGduxwS6&S5C$z&QdkU zxQ2?!GES#@?;G?^SmKv1q_I_6RX8ZQ`_ZyJ6aMO#{@g!*{r}51e-_S}TYt^#o4Af+ zc9EL6Q~USK&6ShShU?9L#CvTe?}M4!zKOU!S1IJ0qd9e_H0v~*#`WF5-S&p8ZT-z+ z8g)#b{Sfb;_I0ZZ_>B`H4}I@7Dw?uEBXYXx)T>i-G(2>Fe%E{yk~>XC@{^1Esx4Py zFEq_n^1qsPGSuW~_391ZZmF)>$oAvtX`f6F_uEP5Pi)=8(C;z%z6R^;?4OR`*Q`2e z%&g-aoYS^9-6VQb%;5vS6&gQgn;Dmu{_ULUaHlaO;#O$emYcs<KXa=1mvA^!;L_4G zhfOuY$5o_Gx<$(f?wfN>YidzKa_UL93mhTRj_0;lFJtL{zGLBh8@W9m=S2ED<-O+b z%=UZ5?`Dygx?kr_vm~>8Kl^5exf`n(xJ$M;U3mD8SN+?exlDI!vRd}uT$ZhQ(TCkD zccJCR>Kdn1#=!Ju%Z$qn$>OJv2>bAzS>88)O6+Z|+r>AXQkR^b_qK|6&y*|EmTi?i zqt^M-ZQEMzIZ`+7pJD#@&hvfR{>vYmlg_A=9sjp&`J|rX_x{amHk7p!%?W0!`M9xU zl_Gau3`5>}p=rIU|Jt_KJxpG@uzhcRx=_%ThtI>=`X}6E>9TjLKk(gS+Yx`Kzpw3I zF5)<<;o`W=I`+t;moAy|{=SnJ{cuY&vX)Jk@;>NZVj214YvevzwbEm)TOBpKa&pU^ z)E4-iwTpVIc3Izc+t$zTkAM8KaXwF$bS;;K3+ul7e`W<9v_BPJzLodw^{YW@-dtuI zgI<^zor(EBaoe$pjZ62s=fCmry|}#R)zNp)5A#?)$oqD4hSKYVl@AU1z0Os=o!P%V z@TE`Lh2}q7mKIM~<fl11Y<A}%9*LLA89T~iR&Cg{uf<P+&pI`?VB?B;S2*o#H%s4@ zm$@SS!9Lx}ZDOzaqX>s*rEjiI3z2zvV%<9z!^paAQ>O*#Bxux6F46sKa#BqusPUBA z62>}_1vd}0yj+-^DD5|SdC!a}-!&E;CB7R(W2a8<je5DFL};l%#Ohhw=afa=QK)^! zxn9<Z+r~e!B>F>4NRO}5@hOMf<`paD6v!V|^3+{ldLZjZjbC@bmZSeF1gsA|zQ6g~ z<hKi4H)-1a@~G!q-xfO6IKKM#2j8-cM;TwQaWZ8^9<})Fw$uOlv__#{JO3Bm;<%>I zy?e*W!*^J?+WsD?2ottGaB0Oge?Q4>M{~@J+G<ZM_t935%3=DLyYJQ$)|vM>|BAcL zl55}kFzrgx?-`fnpGO`4o}RHKFyqUd_HSm=wIScv?s%%Y@^YB_%CkERPu;ncb9d|V zrv^S5SG?PoFS&ix$?OW-XX(w|I~B6a=if{XJ!|#3$>9CDb(8yrzEzwn2oV<fp?7BH z^zN;%C)K}BP1-BQZKEh!{b2Iku=1Jp_K$f~XPRjAEIuOgR(FL4@6?mUp#}3+3q9Fc zR4AZXJo#p*LlT3f>UzeC{XElTlFv_E*Iu_NynXXl?wi@aS66<Q{qtmt#I}RxT-{%n zZBspTv2B;wqr3`^@Y!<>*F0QgvS;EhnSamp-z?sDV(a3`o9aS&o*7-N*c*4>;LZ8= z9^K|mzD~D}+-{iNww?1)$%@%)&n#$re9QavpEeQp`cUcBQY%(YI?$7mwNcpQI?q(r zuH(xi7>?*Yaldx$pF{dquY#ki3n!e^OHJ=%bkY9(SS#7`#?uPx-RGL5_K3eZr*t%b zTAgBznx4%<=bFiXCf_x8j`Hg)ky-0yX{qWnZ}NUcokgr!yxbG>t0k{V%#9b3`TW)S z@b*ntdxbdS)H)8-a!j~Uw2xV7--Ed=rtg*ayohbtUd#VbzWmjHYq{_LC-%R8e&mp5 zlex{l`KNYI-TUw4!hfd6e-tnJr*hEj_zz8W`;TQ|-;O+=SpI18gw!ef!(Qi0E`3=1 zOL^td_=3mhIK<f3iOSvg7v1bE_x_@)-ye71JeR~H!5)8$oOYi-(DTHt=EKPt?mxa2 z%1v`x;zBsNm@hv(5}kHrZuyUgc9&n8>mQb0c>U4-H^$0=8QUub?>Dn7=>E9iY3alL zTRwa?ZI=J=BzEC-o&?jz%4;&+N^I3XtXi(}ssBvydvbN-)d_QcPx7A^eq4_2i6_gs z_PB}PU%UJ>zG449F=JWJ+*7-HorLnGwm7%z*ZJ?5UiXucUo&r0spf;3_FlcZktft1 zO_Bd#@}$2~;r~_sE%oo^AN}+TUm3$>|0nl%#Q)#^Q?s6)`2TnLtHQN$_6?u1w$?@b z|M}a${^(b3<K~^&Cx7{UIQBmBSL^+`H*P;j-?sb6%M&kBKg^Av@!+`bjFp*&=VV%U zTO9OB`E&p1f#r+J=H0aTXdav4Q>fsayhCl*X@kwSdH3>*5~7aHsan(A9QTdyZLR&J zq?;$T{r~GY2h8(*)c#m8JLH3f^%mEMIy==Erm`<=TXTF~oxH&3dslT*jExqbNoAff zshw#}>0W6a3(owesUgmnd_SLy^%6cC;JvV;aVFQq`d2qfvaTvL|G&rf`*YP*?K|r# z4%-==ke8Qx_RxMG$3OWi+B;&mhOLy}o6L8=z~|vt{^S1x{x6;R?2h7=nr6Fsk^hr_ zt-qRmJmUY?=EINYzy2Rzxc2ANgW<1}_x|I5eSE9(r{DA4-5VGd{6E}$%Kz_w)$5k` z#j5^q-z@xOS3yv>px%tQ`Xe9WTOMYd__HrSU8v0L&HeIwzkjo8P2O|h^9BVimi{c& zXn%q9z3b&`6KvG>7B1iXJ}^<Nf;ovd^zDZa&RtonBLD3>TBWt$u&#HpgLqxCL9uWA ze~~F4XH1(^^QScSL~w_$sbu@o^X6*%o77wLA{TyaSS?<C@A>>D#p>KMzine@pPjom zpyb$@qjoQ)<~Dg{)=UsIknC_0SNA$tn|d!>OH=lH%WA{(d-!=2Lf^c6c=#OqGdGD^ zrJvl-W{I~u?N|SDi?!$S?fs`Vp6g^Q+<$n<`VWQ&s^5D%@$Y)!l(5O)?B<`|4M|L@ znrUhJcZ%<QzNw<KafVs=5Aj^4WKB1xFA5Jgoblg$ra|F(A!n!BYmY*+S4X{PcyOID z*sXBVymXNV_meZeTQl^#T2uZMEvSF^MPR|_q?wC%Ieggr@9b|01`qDwqxsKP2sSHS z>)g6kUgLr2nZTwMLQfT+nT4%fI>Y90^NZe=Z9**jxNmAMW4nGqj=AZOSd*ONg<owi z?55{(W^2}{UA{6g$6#f5ma35CU9&PL^VaTtC%E6rX|^W0J<+e2_}<ayoXf1G68>Ii zeisV9V_#G`F|hUapP#EgY%6oU#1+J|o=a1|Gk<o*-7Ut+Ixa7gV?I@}eLPgk^<PfN zFyHr7&w>}LIys&7W<C^=<yPa_d1BT49c;WlrIl&Md{ru2pRC<@q~Q8a0mt7z4xE_r zZSiEeOK#dKyfgp4KKf%$l5+`<cJH#o6GAn=NOViOyX=_B9m>Mfap#)iA@4NvWBmzn z+-uhqUGsa;cw_&wYMCBRZ)1~r+yZR*8VWhd)3oGlbp!hhL$yVf8eZ?v7rMxQQ7E$F zw|e9pfkhXpCYqG^I=0Dvf6+8Om-|smcIL#XhXjm|&5cx>xHjU}rQ$2xf=hDLB;s#9 z-n!+xslbcw+{35+o-_P6o3TEJkx_Gp{*sO>w}LKA{2+XD_Jt!~ryF>;#5+d6p2G5M z-OWpv<~F<(oVez@i&KGgXR=+}+CcBSCTYTV=cv?9I~jb=LLoto@maIr*67=piaA9- z{7GDNsCa$$Oqci5nadT=TQx4=Vzp78e{6Bmsr`?9)4A0q|2tx%aLnYv<Tn-vd6Q%( zxAH%`ZnU;J;LyyvJx^Tk9bl@=cbhupuhgyZnLj7J_4~m2On~VM=gb4oouXg#&YQWD z@vGQr#djI@DIXRs|5)dIaM`*dA32t_tcJ@={i3z6cO81E8u&)){l&sZzZW<2?=;C| z-^p=yZ+DEy=M~IS{`V|RroFUUApDZgHZ`M3-S1J%jYUNTPO~K5Ic++_ZvEnr`2-D# zDJ2aq>GM`bpXd+TV;85sK5a(2ht&Gtcip^ierB)xUQzXUWgW+o1gpYKb*+hgA8y8< zEGV`8XVA{5bi4ePPz@vV&71C=9kQogLmn+?EML}nP2u6a1E!Dm_pHd6$vpk_g-I!b zPI6z49x;$TR{cXk=K#NRtX`4Onw4i#iXLjXO#XKK`a>&=QqT9tX4n5d`O@*Q*ZNpC zCFg?Etv9waf0@qu=!bejQK3%biPsOceZ3Z|2$#>wlAh1y#dYb?k14_rj|=MD6#jRV zMZJUX!_n`@VxRq$%iFhozdOgn+dD5XpZ?H&=)Lm7^6Gmp=TBZ=;q`F+KlYU`KItaj zQBD2FyYl6i>fE5d{gZ-h7=B26lH*TwsW|-j@$b6*&Dy(TmOq~UL+0=MCB5p}KZ-8C zEdH_is(f?aNAZ1}-+Cn<EZ+5mdH$4dzg~PgEO=dZ!ut<}rw>nN{}<4*NaX3!GH!)m zOb4s?+cjQfyY(SAZpn)X<B%^iT%Vg9pR(LLmia@s*Uo2?PD-gxxL4|P(q8b1vVxew z`LB~i7#~&Mkg7T_aY`lf`dM}#N%b=hsVpVh0(^F7gyL*#j)Z0`n|CW)&ED>M&P2AG zd(u`-%kaogvtG4iQRtePyB)+h1+Fb|d-VFK+sO$cztkM3FfH8Y{#4QU^81OCpZQFd zHrpxo|5u`=qa9~szayvH_AY1JX%>p18Z2MWn>^&6ZF61bpbyh;c7u$|HaDjn_uI9o zMe$y-==8_0*C<pR{<~ZvUeE1t3`<an#z%&U0eQR!ym(4D?Zj{Rp1Qp{%KY(V<0|=n z?f40C-51_^ozPRM<K@)a^jV1W(FA8sv*bxaDUtmlWhyr}rQA0?>isAG|G(uPH#W$6 zvjyI)Fz3iLW^ONU+_Jp<;2!@YA79@+CZM&#L}g0JH6uUuFG3eHwN@FZly`17dMqe1 zIcI^>hN<@zzSPceS*E1^u))>osw!(?(^vlRrwo2g?O%B&U%&L_(j_s0qNApJkIYir zRbi*)VcPRFXQe48quyth9mg6qv>d90`p>9pO*WrlGpTji38%J6cVhLG?r6GlpXa=8 z{r>Zw8^+OxcC4>GQ+_|$F}O4R^^_$VZ&x;7Q%L-O_K^6BPBYVaiz{_qceRzhZ<|$Y zetf^c)@u!6f?vAZQ_e4%^xJE}me2dY^=(<1tNQcqekaz29FftRcq|(pF>^k77}cjU zp*%-x=_FmrEfZDU+56%X>VKD=SL|IfQKwn4^0!I6!K`=lX3l##Z*g^%*}J3b{w!=x z+2B<v8qWKj^;pTWiy!AWdasT-wOM|-^9kAQf4Zt4c5YAdxX84MEsgivy=0%Mo0s#| z8>DT#vTepq?~wk@M%CK(k9490jD5Tuk38m$(O5P`NT4ushUKi-I}g)WmPPe2-Tm<K zVU16js;aYbYP#RA8*EEW=5O78&rRuifYD^{tC3f~C3*ffetF_oV2($bxBoFVp2hn* ziu0Ft+*Mh2`6r8n+q0V5!sbNTp8BI@6D0CBF-13h6gBM0Hr^wa9hw^VN1?)eip-m5 z2ETqNbiVw@^=Ex&;PJ-q_x|mUTpS_$Ijr~Pw4Qc%BR|`e3;aI($ySWahg#>}PCYYi zU51M@|Mo93^XAW=yMFuB(wbGwue$7iFMogjn(Dm?Ce8AzCeJcT`lJ|RR}gdj_oQc6 z51dPoI+>y=&SJUjX^ZgnITsV2rurF9ow04Y;jC*1VxBRsc<;LJb-d-$d5MpHtdQXl zz7b^IRN7kn(RXUHtlGlGTn)#L^aSv$HJn*xWZ1lZ-NC~TQazT;&dY9jaeY(KE2;I` zXMTigb*xX-@INJHar(XQoTn+j_xP;JjZwSe@}*j8I=9_DenUOu+m5Tsq#kd&vSUxf z)gSsPuhtq%UJi_&5%lqQGpo+mOKW#H1wQgu_n#^>BQpKoe6#4cQ!|+K-h}Q9Ox62X z$-BPQoBQ+f3zxFQ^aPh3F>86$_QY+8;pUIe)>>>6*YQ&^YrFZuD!WE#vu;w&sg&i9 z8?#lG^%-1XcXK{C_59J}+g&U*UP~zR{h#!4>%8#XH!DpQ3zMGze$V-j{Q~#j?!||j zOF6^2lRn3^h==`=TvHOXbT=dad+D7E1lJ_V-PcU9Qr*k_`>fotz+<v~t2N9NZ!5+b ziL4OmG?37j<G)dGN<-Oxcgci6jeAC(s{+lGw03IvysqruwWXpcbf;eC&r^#JtZQ25 zeE(UYjN7RLVLlgb-J9B7STrT@LBD8;QrRJnw#5}!8|T(*=x<rH=#QtlZj;B;_XR#) zHZq@XGc>hoPv5nCg|N+3kB=#D=bg}dw`8-U<ZhNll{xozow?huTBui~6uxW8`eN}F zC!Xy|Re4lya&w;NB>%69!3n>QPnXDix9R`ug@rfw+dRuM{8?MMufD2~XRWoz=kt2~ zeCJiePk+Ab*lX%I_gu8lbN7wuXLlw<n$<inJr=`s#=$cy;Ys*i(M<;oj%WwX2>Ke& zaN^6m-Jdsib3a)3@!#W@2OsXdXn)|{@27MAy^Wvq?W4Z6;E69<oFYlmKV=iEz8;%1 zt5NkF+tF<u4Tnyg3D(ln_R{zpbJ)|OSzkVwn`^7c%8DoR4K^4YVp*|f#{RuKT*3|B zJfD2{^y1CU+)6LnpZ`6~&3wM{oc}k&DFvI@jLzLl_POM}LXB~+O-*^pt@`ctITwN# z7U@oSy>I^V&rG*fg;TDEJ(PPCulS);`yTJUJ4tLo*=G0k!w*cDm3%(@fX%l>Oa7V6 zp0n}69p8uzIy05MW$M@Q>7Tl!^mnI(ZdXmKV^C)jzxRaTT63f0eb(A%n1Uj%J>YuK zb&`2v&l}AGJ;S#j7<WB>BjRuDu<CsMP5Zb1XKOJ3*fen-+wuU-uYZn&T<Vco<Cre) z>3bt&%KU}r&fWhydG4e+Gb}<mH;34{_^bZsvQT|H`I3HSyz61D)55bui}-&Z&j@^_ zKV!#_nwGV${}((vnp?Isf8h)k{@(uwvu-R~>Kz-Gbtj>U<M^3}7x;wdrW*BKO`dr& z-_dB^)f*zS1iN=my1g~(-<87}*Z#QZZ`Z8XnD2WoJ?JUB;hS4~HWtSmmesNUsMqOk zmTsf!7!zdw%j%5E))Q-%ewfRY<apSfy=U`%zsvRC`un-l-Iw-Bh_3wiU|CLP_u9#P zg<R$Ln;SPzp8W4=UU&QC#r+BoDsM;XEot77oVR%93SB)<^Qisr<m+1&C8mE`cl+X1 zy-j?|LhaVG+$2~(YwWwtlAU#xf1OFyiS(bzmp^W?e|z9MgJ<zu?aQ*irk!1;<l_-I zb5?`=A)_=SZi7FPrtu7?4LR1W^!fXs+vxM-uV1CDUy5Jeyr54^PL*kuu;xU6r8i6) zvP+j;kSn{g;zHI6E}jxrZ)OL1G4DE=M1^}>0#X>(+(>IN`Jl>|qhq?@Y5Z)(rTkMC zCIxgq+<NLclgEkK=Wg3uMStFT_~ts^v|C}4@p=o_l=DPZx^JBNSA%N~qpfgCh)B^R zd8bw@2|bIG$J`E>OK7UxF<{@Gk!`SuO=QB6^!EQ}I_egAiy!3_EjHr(<H=AgQ^ab- zaBbUyi<>qcIkflVgjk!XXrVo;=XQ2pd-m|$t(gjGxrTN#4c<hE*rluyIPV*Iy)-o3 z{GoWK@{%>o<yW)Q8<wp<5f&-<iZe-mkL`m0>x?bjf{zMaWe(z;_<zrdu49)Hl2kN8 zt>rI!%jK+^d*qsz^m6CgYyV!X;kC}5wyA8(=4Wr##IDFzUh|wM==qZ+$&sfnUOZQ^ zN4V`3tLKc{ufJ8zU3c&18!an4*1eajSLWsBJB!^aZ&|3RyQrm(^I_Ja$f!u65Aqv> zp9Z#Ob)-J$p0Y81!^Yyt2A89nT6fPi&)P1`yv<<KAH(Tk0@q%atTMW_xzGNUfVlo2 z!)?AH>@HP~`i(&nw`SSD`(jdf;?Df8Urbq!a~P(Uu2A{8qAc{s%!>xW+Tk}>em;7z z(cL5L>BS50x6E-d7nF7p>)Yg$Arj`b=FkoCu9-&~y)RT0Z{4{5>}l~^v()o=Q%_tA zNG@b{n&DQW+Z?CzNmr*JbMl3krMq{1`+f2wE9bJ^R_#7dPQ5Css#wXpea*%;qn<#4 zkos5WlubXKo#^o9_Kns~1~nF5<1O$0s9pT9pNUh9f5z7;Q7t}2P4h2r-{!8pec8c> zahdSBJtzKL`*^6bm+`@dDf?r2BYaL=ePsAy-INgj*ZZzz8Hg`iA#EwBf5o6!j?rqZ zK}oj3!R!+q`u}I~Jq?*wBoNb<;ko;y(VDtH_f`IFe!H-LXR6N~iLiYSjgooJcmH3T z|MKUL^Htwdh5!H5yrll`Su-QEgt&8=%(lt-PhNI3a-LQ=ujKFXWYaOTwpT@mHVU@o z%`!K$jo7k4>hGF=FWAgh8mWHDk1}6o-ePM0w|-{onaTgxuFdoNw>@ru)|3C9m(*v> z-51R5wDZE`KmIv#zvt=PQ2Ko8K&z}y-)+w_F&5!UbGGt~9XGSJ@5`Rw!S$yisba(K zt%>%VjlO(4B>6{f``?Ow8H+7z6|3FY>t_n?J7~A<;-no#>H_<-r%#*pN<m}N9VX+C z>Uv*{MJC;!AN@%D&--;>|F7RC^fO)m*TeeLdW)m}ef6F3?(?Vh`)jVA_#dqDtH$uy zHAA+2rp6uinf(1<3U0r+ccXF9_qfAsg5UV8X1$Wh&fhHkPHXj>&eEfw4uxsYYpA*X zY{tGzuBw9a+nfFzVm`8atu<q#-OSmpC-*V$S^RkR-bfvRymGNyJ14z3-gT(p^UR}~ zHXgHGALL(4o47>(W}2Y0^xF-QCcoA)X_jr`*tmH!r_dy3C4S#$3@5iMrB3@h_h;Bb z)9}j6zJ13tzO8fUoF&+MSM2DAmEV_4s=OBwuw_HqAG5<2W<RbinmX%1pF!ML<DRI! z*5cp3pWB(cYwkbxr;!Q$e@`51xZx<f=X+hlJmqbz`=_Lf2u$EDl5pGn;d;^*JC?d9 z+UHjk>h@bHo|o_Fe0xeG`_qF9iPH|o?Obwy`)-kE>kd5ZT%5}0dpLgL{wb#XPx2H0 zuzfQrP>Mctb>3=yvrWwNp4eS>)V=v^`p@3Kze~>rvDGiS9wz+h$UTP7=cPmMACX+K z`sMnv)|%7b(m1}Dznh$O<x|@9Z>n$Ge${qnhFTUl+1M$q4_tJ%YgWsl&i=H;jy6&U z^$zaV5>P$hHfjBj#ew^tm`qmZ6u5Tx#Gbi}S63a4IISoDZyNLR5(a~NHUYC*OBI&& zEIMklEKPcC)J4Gq%YJ`9RIj;y=h}eke=Bd_{P(AyxA%yU=YLiI>v!U;f2h2DbM0T7 z+U4jyXPM&XJaki5nl#UGnyu6M2fEw8*eBk;Sn$7d$Ndk{hw}H`u4S3m{*fW;PC@LU zuS*MTDyP4h_A~dsnt$G%WqA?Xj~st8jkRD$>O1T0`(EBD5`LmvC3ff0#T;Yh6II!o zMn;8eTuf53)hGFvFTb!o^S|lp74B~(*GhgA+IQ@nlFZ)d1F8!>{bvOI?zb(nd9*-s z)ql>~{La)f8~?vrzdO3}fB(H}Y03X9yINM|raq|n;gPUo)8R8aVjixYaWK^9&O?RQ z)k(Rrj{8%NE58yn3S05Ez;&AMpGSgiHXT!%IPzteid?xW((p^?)QbBHW{Dcj=n51O z3a)9jmk-}>sv^YIo5(Bav_v?^OXfkH<i6#NJ`ap%d8U*;UfcVp(|AqnQ|;^W2|L7% z88%Inov`Y%&P#J^32Vi9rJeG%5!)@deP}JHkrNk^-S=s&vw&4*`%g!kxI~8jQ@UXx zv1Nh&tabO=3udpn7h0_!-ty+-^&o~zmTgnIkNi~lJ3YkZkkfTZ>p(8|eIHxhrma47 zmu<~)#@$-wk68k9c0IAYIrU0sqN>qKkvhE%w#N@oQC+*c{Y3qu|A&2>|3z*4w*KM& z&#NB%|GesU?w9|;DvSQV3{xsfxz*Hfoh0DxDzZL9L8zm?N%>J=sN*`fzmr$}xL~$? zTW;?m9aScYTMqh@nAHmIgsO{L7E2U<^mXMByFN`LX#c}!o_`A7q@=#Pv}ae-N{>HV z^r!u)jNJ6ic$v$;>K)!4>avgK%h#1ok2q%Yv;JoF-1z^c@n)a?tE~KTXx@i=Hv2QC zc7D0;cTXt)virrCi=X`|{AyM&zjtoskv(%O7sXs*+@w;;wMV!5S@e#S!+HstCrfqf zcAvUX>TLdjJC0N7p7jyg`LWLr-QCx1>SJ#>gKxEA%7Xab0#5Z0wM9p}{Z2mlb?p(~ z4|@yMPv^sZ`yVh`<p2M^>cRj0UpIaHUq5S$*E`?sJKQBAKWJ5R$zD2{USuh8eOcDA znc@s5f9<~-75d_@V3AeJ_t?OUDK0Cbu6*a2(kaEOzKXBo$b9Fw?-u0CKU)58myOih z;<`#6{aYM|i`OjO@T%0LEd1l5*!H8@xtue9+)cRhZIhj?l7y9w#G#+;jdOjt+?67H zud8>riv4l*<gCs3EO+y5$NZ4%`!>d&m@%ud{lSstQnf1=ZqV*ycyf--yidOUT~FM9 zSA&?)jg#G<?K3yA?fGB-`1s-M)E4oy#TUxl7kJkeh2Ja{J+JnC%3ls<OQZX_sjpnF zcS&ll%WZq|H|Nsz1;-X9s0U58{}aKv{_l;gA6W7k{+c^;6q!$d{p-o5Oz#qIe#f1U z{>z!LMysCv6Fl!`^Z7Yen;!f~_}_d${?@YzJ%Zcx<`y1zW9+fv+_(J2?EG!5>r>`L z#R*kb_*Z_LdtRoTNv2`PzW=K8ByO0<ypJp|)?9Hi&qcZBO+-;qU;4)=h8q`dD>v)C vKNr_`dbx>%+Kl?SGnaV!W(7^2b!CZ~=}J%EtV`$T{bM(H8f?Sxfq?-4Yn_?y literal 9911 zcmb2|=3oE=<~KH(#kb8a|9umGu+aMP62sD8SFGn%W_E^2yf#w3S!i{Bg9xW*Pvr@l znk}{ees6x@D{v*%I(J#3npoi*rW>(3W#SCpsaJ#EO*pGHZQ}-+kSen;^W%Q5JWyOx z&``hnc>B~Z`Znxe7oWQ5f3<n>;a7!gqgIF1uL|MM+S)vS#;NS`mTwh(+P8T=PyX0p z!Y+C}I`rRMJN^@8CZ}@@c7MHe@!h#|%}cA<ilnT0k`=<kQp3}(a(34j%FUc+TRzXv zKZl!pa`PK@U&q32+b`%wo=vs(*fy1C&*P|VHqJX|&Fb<AFP`7oG}qwe_wczlG7>kg z%zGTuwox!`Be%23+E{z{jXvSmd{VrZ<t$)hy|mtJyNvk?hiMsXB|;DWtPH-i=99}| z)2*8nZ_nc44PU)9Yvs9B8H-M;MX%lTZ6f~+CH=Y^HWNKV3eN^f?y|j__H@+~h3nB9 z`i$J$Vv62<bu;N~^!WDq&?TSgSAEWgs;f>7vhCj_cI}{TMCXJxZx%;KY@020EpKm} zW!3|G#-kH|F1R@@lVRVApy|S_>q_;u?hq_L$6NW}yncPzPr-KMCD$sOd2f8WAIs$M z=DYi)25G+hUrF69UR;|V6sx>`C*!f;j;m~eqh7<-^9C%DrY4gkGoJM%M)J43I<rkj z{GRxx$2L*hs<v$sUGXNvsz?6_p9=HMDPP%w*IER2&uY}+m$L0C%6W22>I8G}+MkxY zOlLdlFVb7JjZJvV!J1N?$#a>0&2>4qeRAQhn*F^w>(#G2+<fTn_aypK>3-vPpLn;u zk?Q_$_Tm0rrJGi9{@Xq+`t&X76Ti^J0PB1WB}EZMrI&ZE3r{@r%TZL2>$Cs10G&G( zUj&Pn9#7=l?R=hVjYoO*i)kDm-m)y)(W=T+{G*IXc-_j|9=;r2!gEUkHSEo1W%8}j zS3Of3J8w$N`#|S3&oHk|(R?4K8ON@g#^=?3`sKQcZRa+e+i>{J+1T=n8q>8^|HnUG zQWT_ln<3po@ssT{{WLcHGkFv4rT+WX?dU)2bV$5QVOKz#k6*WlE06x{2!UhHabKQJ zIe2N3<}DW!#<u;rWxwt$J+gI|lYS%PpX*MO`8Q2|77-uAy+G49{i4cVkHvu(nP#q1 zZtRpi8Lyzf#8q7MH`B7Lb@@};QiBe>eXi5iQx?r!&|E1HoqGE$tI(bkv+k7nJ=rz= zO!u6&*u8r$ExGz!<NnhYzXR_=W|``~X!-Z&|E{GctmHy<3}gCV-{JciVelg^`+|7Y zVg~m>Md@>wXTDkFZYkEmlI?d*ipQ5p`Jgt7cjt#FAs^=}Z#Zn^1R532@Tn`TesRFK zoRi7J%yl1!f5@q_<Nb?@{@DDr`Saz+&z9h$?|N&luK9jpQPtnCh1ZsCn-DP9VPDsy z)XIfFf0;RThx=#huo(%cE4{G!fBxt{Rei5N&!4%kyZ)^Cs92Tb+5Rb^V&AgP^cOd* z^s%~f{GWlqrWH#omPEEsd6OBXaAM6G0hgt<g;Un`On&q5VqxzJ_s6b*fr{n@zn>;B zu>4AC?YKB8%7(i@w_~y4b;Xxc&Z&v_FS{Yn=lV~{y8H9a!0)x?0ULFXZ@joA<>qFI z$@zkpHJtQ4lzU8N;`S^y-1>vho~c#s)7cwq&ZlkUmbq3CW5c;PZj0+W^LGt%&3Aou zyp;J(Om5rl)abPrYwj8Jv^}orRJ6a_;A>&m{`CU8kLt~J3Uj#Qci#K?=3QOg@~!^z z+RyKZ)*meVt5#lm=;5blZ-nkuzWaCYPerKp{+&B5YcsxDB?VVz)&BVKh1KSl^6P!s zQ>U)_=NPW{V|~2k!^_wGyFVSTt}d|F>-WFS|2=NDy_C;7{W}-s&98bt4XS%{zh=je zE3b>crroyMxvEd^$4hzkub+i~pMG>{=Zu<NH9NB6?L+p<)J)N5=byW=a7}6N<bM9; zp-UH6%`5#}QWBca8}K$UZ0&Y^{h#_TDryX8$Jear@!Ko>?-T#JKR^Gix^%r|*+Yr# z%_kop{<0-}zKQ<a&!2L)9=b0Tf8=DRL4MTr<!u-3Wo*yprOmqTe0JjPY`ZHL9(>yu zEEk?9H}AH%x#)(yG7mqooP9Oj%=}-~r6`;4>COMX?u@*C{`O`5ucx~ouKl*qsPd1| z&o57()m_r5zxF<B>bB6ma~JtD2Nv|RK3*AWEq1!<{p&SX^~>d3#mbM)J-+AFm)k+@ z`=41y?3={0dgkSb%q7h{+Rc1{kv659EMG1NlzS2UdJkt-zDkjh`nLASicJ&F9uC%Z z%#ukuYrt`sr)8Q*h3o!5lKY>BR8=lq`LrWW$^Hd@Yhe5yUQy#MuFp2=E;#5?CZOz; z-S;f&Tk)M`H^etbsZ4%o{?6g`hCfqsPM>?xr+B{8_tvepx3iiyg|Z#ppjUWS&0faK zpj}l_Ax=;Dz!UeDD=R0Pb}xMNb4TULex(ftu0m2?oA$1KUhUChExmlImuj!V2Ie5y zZiA=XT)V9w99i9W<<0l1nqrkN)t5Y8eEM5>W96ZsZBZvno|RcV+O64m<baFZL;IGa zl7gzAjTEwflx%EZyEkXej(I#LI_wKlWqqoIE&ZNcf7{DmeY$2B?;*X`KA(H($IkEa z^SNesQ^xN7(j2C_-BZ^y?(wuZIOS_Pd#-fg38%@9tX?nO3RxHBcXEe5*;^kh{@`rx z|DGGm)~+@)f0Vx?TI<xIO-fULA8z{fPG?2^^;bW5r)^bLoXNfLF#Cp|8_qmioyhQ! zE&D#3*8FYr)~@}y`9RB|<sxG5oNs($iR=CCwl`$$(c1#1x7wJ>?n(dPpBw&BEVE@( z%jI69qNx_z(bL$cUS+=-G9ilV5{p6LEOz&0HWw#q>6Y;Ccp&h=B~vcOHF!@c_v@X( zhh(xF=I%Z5^jN_b**`L|r`aMRXZ>*#yytYXe^z>^@4T4`lCvHeys=$uIqB_8wR>ru zE%C)ORxW>i{tSzZ`jV!d3yc!y?#(w9fApAF+OJunZwBMdKfXP4m#9m>U7+&o>6WmS zQ<NpOz4@BF4%~8iTC+FZ%fRM(ckcU-4_r%@MI`<S_;n<<IH=y>&^nXfHw*aEc>dVP zo>6++bCY?OgF8Qm)SbN#kHqZ}To`@6cZccmPdTbHUoxzeoHg6)F|z?%#YWy|3w(oR zcF$0=OXRv@Q@CsC8_TkrGf$goDaU?Gy}tgz@txa5*1o-xBQ`@X<@T(rF30~RhJD@6 zwMJa(`q{eW!WOqAJhhJg+qS$-aLV4lw&Jf#euQrDnfXEJ#if;PIUW@YcKmgUFcbU1 z`(Eep`Q|pc@BcneE32tL@cqyVZvp<_PyLOwFUE;1(5UfC+gKqL_-gs%JBeXc^(NA< z{FHr<eih!)bm8Bp2@m<4W#%TzCbTKtzAd|_b3tdMyY}6bTN7)et={jG=a#>H{J^%0 z$2puQ3Enup{w439)o)7tZwJ)b_6poINEX&?brU|Qvqd^HJNky<rK~T%`$CxJ39J&I zJ-6TZNz=@m>A^i~nwK0~?yj-%{Ze<&du>Zw&fS}^pT*>0PE_W(-$o0U`yY6Ct8nF^ zQ@@y`82`VXQhH#^qNo7%9|7m`CfQl6Fn>^gu*AnkYX5Of_cQr7^mSL>*gVnpu5Zo8 zM<;Z3ZFaUT_~Y!f|BJKM>;wgwDZUQMe>bw7VN>!cm%KhLQD}}pQdXhH(TVNZjcZ=4 z+LLj`%YEr&m68Lut}c4I<?<u8CxKdf$~bg4ShNNvrRv(}O?8^wsVll*;qh5cCOdi` zS{>BcU)GYf!)ltS)0U(EDkfM-iY$qIezS1m#I;@iA(xInoW5aIkyt^#{JoUvZhc|- zl8Otagq|_pKmB(}j%BFRe!l><)`Xv%HgvDHIj7r@aHGFR-*lz!6}PQ*MW;6CrtO|* z{3h8@<>Z`{jh!d9|I7-067!4wfBcigUlP-H&GhVjTYGlFd~e?S@_H9n?{L{C7N59x z@7Xq`t6QSuwKiW^;u7Rltk!3=-PHa2oJ`9yMX9fs9%kNHlXzm;t%SPdGDESH_wS5% zuUU07eP8pl<#Vcj1RuI~LGoM0qMieLEI&Wq>=(;5sjlSO`osq(S6MVOyxFqr^q=(B zg;QKFEl}`l3f<Bj?wO$_{(IGf8{w*5wW6;)mYmT|3uo+Vw9@)1dcY{n;HgA<Uy1Fu zg@27?4w|Oyf4BbH-TMj7lT&WEeGd%K5#Or2RetSi@2mHD`Pb!aHg5YGJEhG$X!_y& zgNy86b;np+&XE>bIwj#;@cQeorQ2A#LXS=3yRG&v?-|phW$W_UW|TC4Zna$du<G2Q zZTpmt9$laHcp+QPs+1BpqpdeMXJs!t#dPFy@hQtB-k+VNTkJ1Ht`)L<ne?V%6Zg%z z^M5|CXs(-TC_ATU*Sz5LM&5sO_ib+ZIJ-5?$wrvp?L}Le_s7IfvlVskiI~k<6T|vZ zjVDgvHfNwp_YENtrTgC&uhZP2pluZ{v!gd(b+t6B_#chH74MQ+J5`_OU+B=^!M5=U z*OBgZ_Iuu5ZLhzZ+q^&D{K@Wp`T-9jg&F?u`OU=ouU0H!_HU*s!pkbUwd*&1Ibk0u z)%0}6{wc3N3Z_dP?BWjpQSd|SfJfFx@jE+=n^GIIkD9Y|<dmIwEW7*6(xxS+dNq0~ zxH2ZlA9`nOAb#*>Pu<My#{HebN&y}(R9g>d2}t?vNp-tZ*)IRCIse+89$}~TN9*sU zyDhqq_gTsB@QsC?9~V3|7rfK`qj2&=Yn%4%*L>L`+!NYNk1y)DYO{wgaqi)T_A_{0 zQ*%t&p4*8xi%;FyE?5!vT}(T6BL69uf5Ip1-)EnXk+Ys!sy=VxL6eN*%i^qLll1@o zk(G<Qlj0nFz_{M!i|*``X*N^df5>_Az4FQbtNmyG*WUlHIn_IXWq+>p>HYshR)+Ph z`uKf5->V7nYp?OIw%_;vi|)MnGbMfGqpy`O`n@;(N$iHXSKhuiJ|6ubBBAJK_49PK zUo%*Zx8@w1ySSoSbrz4$2U(sPpUm{5eQq11ot(S&a!4IgT^GtX^KtU${RbNpC9_{G z?(>VYwBDj!l30_xTx0$p9_K0Z`!^l`%Q?L>!@}BRZ_TvO(+p3u4TG-*FTT&dwDf)E zgGt6li_fGAPiSjqDt-Qw)5n7Iz2DT3;7hu%&qaF(pAGRg>|~tDm1kbqH#6W);`9G` zjekGxc_sW_bWfsm#7TL1IkA`Zf0pd~U(WMuf7r_AfA%$p?T((`AM^kCAN{i?-}x3E zmEN*3>97CC{Z%2hNB*prmkF&~^Z)*%$WNgM!?Tku|MR~-zV*lN`CFTr&-_2!{Hp(b zecj~ebMm?O{=a>*^N_E_x+5IoKI`q1ew;s4V3Ja2ex<Xem-qSix#f-<;!-#9N6493 zq$LE}p7>_G!|MGj_xF<Wp80oPzWE&>!P@svzj2kU+&=XM%Vx>uNa?h5X+5qM%{CDX zVKcn`<>}%DUyg5@`sTxQQ$_!SdoQQFkzBV<rtYg>*V#>5e=#qM%i6Qr{a}l9?3vxR zv9r(K-8-Y?*_p#;FNNkYd1qEkkW`fHa1uYRb+9J&US`$|>vx>t$@413IT<Ft{rvFn zx$0+b616<e9A`}R`C9AzUu?ZD;8*{7g@cv4)Q)?4&UPOS4phDOcH*D)qA7Wk{JR3y z-2tx!O?o~VRex-IAJ?F!-1)lD_>atcH3da^l{eE^C-zA)i13)RTuhPGeCM|IhatCT zqvW$SoS#DHYD{XpvvcXX+g(Y@lJ~E1%gHQce4C@g6(KIT@B04A=|K#W5?B6M)iX;W z!rjVn`!{8_Jxvx~4?-6y_3rEq$zqu#YT>l6b=_K)zV(W`UvE5UymdK8LN2GHze7f? z^IN;=vYf@5a+6bEdYDN*TIkg&@-0u=a$)x&*Z3!`W%_4YbKIWjS4@20=zmUS&QcD3 z$7g>{IKL}j+T*d}k?prfp%u|Pxejv$dBv|ix@S$@?UvWmCcl0h)zH{?+D_XfZjax? z{9|p8)_U%gTeCYW>41dyI_uZpSecJSq?mTdGP5t+Wm7C6Zri%_Vd*-b^64`L0{@mA zKV<h-{kYDO-Y}0@X?*j<U#Bzqo=A?!G?Cr4#%trz9rFrQ8fMQ7c&*VqA@8)wA@4Nv zYw{QOh(%RC)0umKd1L+A?-nnFm!;|0h&%Ay3u(CVtmlNBt$skGL8$iB2@KaWqg5K^ z7qM>o$me5b?d-Dft5VjBSxr9bxfflx$6vo9Ja4UP5LfIO&hosOE`3Sa-1h_Gxf>?T zTv5N|Xm<AdEQbr?r`zP`>IM9{{h}t7Thw92@2wJ!Yjm@vgd7#Bg=d)jH%jXKaCgH} zH&2y!vy^rBaCXFbOnN%aW6d46M>G6iUR$y(Z|3ICJl{=br=RRxApgLio$uM=nOCBt zE}L_TZ1|J7=+KVoSI=a<pRWCGtIq2lwor{z#v3zhG?x9*zW04=qS4FqXOxq4gzFB= zs(UD0+ZypBu}=50REOrA?Bo1#BBeTuzNZC5-qLTZojOzB@*a!4d|zmT6{q@#ofpKa z7K<92H{DCJJi`0-I7gg`)c?h7e5F&9yFxAmsXp6wE;IXSP|%LOYs7XRt1g-I<K2q~ zwTe8M3hSAR-z)Mj)p^BnY<W3jPj02&2bW#W=PhSs9Er3QzrI3dPD`lI`3X6%FLuu2 zU{NV#Q<V)_WPN_B<fq9~^!%rv<TvgyX7io?_uYclH@BJh|F-!1FXX;^$c8&6Ta8;i z+<!b+n^LuFp4^$lB@^db=Q3_<=$!K>Kq=w+Hvv(LRS)E~7lodfVg8}#$9d&d+jIh^ zpWc!x;o4DnL0tH9k!1aciO~)0&arx2Olw?HjCL2SVRgRs`1BVmiPFf|$L81nzWLJe z^3=M$bGmw_MlbBDwQl`q<StV`d1*j@s>!FKudYp(6b^S<tG-&cyvb?BmMwK!A3j`` z(zz}4Z%U(dCHs$u)sOW)=kbT%zkQ#Z@!{K;7mX<_ksp71ytq5B{MYk`+Vg^bnEv48 z-c{o*QGR%jg5b20Uwg}D^v55Lxx@HF@{=83qR6ARhmTA4-#^$IyY4b)5mV2>>WJgZ zMfb#%{F3>X`}O#N=s$<d9rqbB)kK;7Ie2`^U$b3*3XYVrKeYaH=aa#w6LMZ#G+HZH z-evl*ui?YLbj1zZ8m($(i)-3k^AWXuy4ARI;)ary*$n$sLp1but_XCyT)j?}RlSLc zw}bOc@m?L5B_C_<N=2WKnCiJ{U39;M5$}xPshx|e86G`2tn=~m;pIN9YKB?+XZ_i- zYL=tc%|%(Ormgf?|7^#qC5zfaOwT)%y-?8M>|JubySGWP<=a`Uz%DLc9j$m{<G*ng zH)dxR9ag*kDE_`Kzv=vz1IHFvERO!U(9TO{Leyzi-g71o*}HA7%N+D!`pKSpVOiv+ zmZNfJu7%Ej3fKA{zaHuMq3t)n(Y`r7%TirJN;LmDcq}|56rioSRQlC()3V83-&RdK zTT$fp{&AhC@TK*FvtuQ19X+t#(b2Um-pTPzk;cU|pJ`1xubWS;Q@OoOX2!CL&i`-i z|BG?W?#n*ypvC^4O))nu>AT*dZ(sCgeV4Sa+j&!BHJ6sp3$I<?f|D8d_LO^7h%S4g z`ynjtR&&xO(U5{|UD`*s@lWmy5n+)r@LaKHNyeOvzlU8}xzw8v$2C6LYO!~NDRay^ zljY(wE-UJXRkOMr4LLI{YLeoEMI8;^JRPN+9{i75i#xlX@T&EvEY{pKab-&R_3Mi7 zrW|SwJ@WPZ?=@=GdEOG+xAuR0_gf=F=VR(zA(5rMR;zeL`1HQ-ZSdW)awFHXtr9P1 z-r6f(eC~G4|G(?^D(7ZJd)9qlAK<9rbZwdrvuDF2X3i%Mqxy6vl;>zIoun(dWumG( zdtZD){qM5#ioHuF>NGol`j)vb!Q`&3v8}PKyZmI2wOk8B-G6nuZ`v8888;~)E7ztY z_NO=d$%Lt&wAM+z<L-Isv-q)P^R%#?Q_}7I+62ru|LLoK*t$K*<08{4wlv;vb_qUH zH!tU_H|W?9vVDf7cS!$cqgw6#k94vGjD5TukG$r+qp@s?kU(MdjGeP$?>tCfSrx@| z`p$=sA8UO4R8^ggQ`7UlZDjV!w9C%l+w8J#VT$VXuFb0+ADwhA{nEs*i*HPrGi_cE zuf+8l!N>PbX_n1i;rCoPL1O0buSZ4ON)7&r-gaEH<D}mWp&tE?#5*${_C~DM`ueE) z;I4&FlFZvL9v64=`5ykD-nYk!Z4dvp`)9R|zFM(8OJ{qEO^y1~E6Hqs4}39LAY`Br zb7M#Bv7DEEZXsU^e9vDzdi3Yfs_4k$+l?2j`?0zH+q;_BBwkPBA4{!PYAUPAA9~7s zymZg`%sAdRJj*8PO#9TSaD2<0f=9EArCj%%(O4#Q`J0i~WvLmb_b`0jd!qbr_VO!6 zJ~HxCnG>1Zv)nJNE704w&S=eHm68y~3o~X2o;t`fAv07h?ZZ*i3Z7j&onJ2G_6q!U z3-gP8TG}eL-;3qrUY@6(H`&sE?(JMX=gpkyo?EA$Zkg5b&*5p&!DGJ-Po*xi_BiUd zIA)sGbny#P|64=$mWm}?WpR6J)zyDt@m^b^9i!p(=H-)>MQmx`X7VpTTUM<)slor- zsyi!;rr+4pX5Mu9&>z(;TV}DUADVKbE#S_C3KuD3Y1{mx8}}v@Ds41e(`Fv|bn=W` z!KcA$*0TIDN`{3kjdli7T<>c1?Dr@ha*RA~ko#kL&-$->GLrM>b9M^vwy1FbaKAa` zMZBE6>^koqQ8UcWyH+F~pMTIxJhV#c!-e}NSUVF$KmYJlysWuW|4n$cgu7(1h2EkY zO*!o^QZxcIg%S<oY~(gPoFeE}SN2+AaljWN&sBkDN?JQLbY53>@7hxFXjRPgEj7;r z6T%&@EzJFF!Ka*>psnVS`~KEZ3(Hd)AC7ZL30fzz91bigP53T<ihHewM*St{ZiA(t z>|`bjaku|5Y)E)`Zs|MSS1kFeK{k=Q)s2qNEiu(dp6+1Me>Qsh$G;Im&z01RmPY@w z+UMYE_S{ri@cYG-bTv=AsqH=uvU6e*H*8=1Z@v4m(EqPmx{p5je)Z_Vn@>5nyfZj! zzu(Gk*MuF@o=<O<s&2BHyItj6f71C`j}s!zYMz%Ki(&F{^vp_lQhryoxG}LqFK9;4 z$9RSlU*6sB{(Rc|!Mcy{4&QuuvGt<;k$1nJHvM}WKkw^D{oR5mzG!iZBuW1iPJC6B z?05EnP<V4vw2MPx$}>&T?V_qv>ef9}xpQ!O|4LT%ts*Ncp3XPeU~q_K#T%3Q;>y-# z2{+C!cMm`QynTAgBKg=a{d&B6p6|4<Jz%l#q}&OM`u0S}^$TXPe0lZa?Z?RfZx41l z=C__&>agy2-Mn+$In#9}gu1t~`~2_XoIm5y-A9`>(-f|zeg0g;%Cpk)TMg@(@Asx$ ziBFqsEf%wzlY5%!^Alpn=W8GCF3z0zFQ!M#b>A_Ir7j!VRZpzkBRw<u_*~I2MopdU z0@i|~j~YGPzKK~(pHWi5f48u%ZM&qwYW+G(i`V~Wb1?tdH1QtW@&L`Re-4FQ>XBLF z7%uMVdn0H{{K9kk_r6V@JZa919U+{nL+o7qRsVBYsJ@+iNk22*^|01y;n|^&+W#gm z(by{P<5OdI;NqhCh|7hucYe_onfzemNBaog+gnOjp7iGBUv|9Uj11pfgNc!9k0WfS z&Ah`s>EoJX3orCUoSAxO<<(Ei<=7@YGq2j|{4@DyPLbVYE&HxS^Ji=4K9-u7@Uyqv z(`J+9V@=LSlWtwSo~X9cHBG<OpH+ZY>eyfNbM@BV|1B*nHSfqyl}ZX(@~e6Frlq>u z{H%^>-f`AvJLm8JJG@#~&aZEubHn%C=Q}6xJ?h-qo3&`$4%NFEf2#^UF?O|0K6yLO zJ$&~Gs~!)TcUe-2B5M}^$Pjw7GSq&@wHK=MpZ5D6zx;0tb3C)k*{$n+%U?vBMRyq} zx~66^)p6XOaZ=~NhxCwIMxEmdJC+%JZ9aeMO#k)k`EQrR`<!pGimI5(vBGbOi(Tgi z?gQ(t&UC825xUrE^+GL!3!*x_47E3OeipVgR$O+P$haYSw&0}$(=9e^ywWhOKDlj* zT|irxqi&nIRy?<YV!l=WzZW@YpYx^fHk*+dom#WAY12KUl&88!!}u0y6tI2qn-Cay zqPLzy^i{%+2P)FijQ10kOei=kb7#@ogB?-<4nj(@|BRJ?b>_v2sE3?6sq#UcaZTX~ z(Gv_2x0~Ef9~0vKe$2V-V@9s$hjnFYYEiS>t+UgcW^6tBBjwPB<iH;jHagjur^a3n zjlJ6vuhKVR6W^WC{5g!P_9;cDx~^E>QTyZBgnzrwJ&^Df^$y|pRCW3HSxH;UySa1X zf{?d0KKhj#R+b4xYv<14`x^Os@n*9(Ya&nG`uJ|v=G|p0*Y$3gXY4We^5wo%&Ev;+ zKmM2}v1+<XV&3}OuS<7TrEgyS;)mPky!`09w{AA-TzSvo9317s`B&)BRhP|MHmN+Y zU$p$xVy>$Kr_YINB=294{9G$hZ7U0Jx%K)hdFos_i77vm?V=Mm`7IBgdU0OqpTPDR z6%YG2<}R{O*ew1;h@*Ak+Mkd8{Ds@k9A3FXe}UK$j)2H^uSxw`;jQx}IgPg#O`U5s zUsk4~B_&jj_pje+&lKT{jwuf{PPe!vE<K{vQ@e16r_2tPUh{D2-?#SEEL>ap=vqKq z4zH=0xk5{-%XOm{u1fKTnWmd@&W+o?I(z^8c`=g`cC9Wx;j(UxUb=hut%B21*%s}F zTurb1?^Z5x+h-}%Q7gN9gTR5N1&M9f=H6G4`WLQn@DbzYxb;p)6;+<L?c2P0acQ-b zPjJJ_7Gr&*{bhR!;*uFGbe`siGm8lqZLQ$hqpf=N@~-t;q|UUez6$d@!fkqHj(dZi zHqTutp9{Q_AD_lwUO4C6QW=){&Rdr3O_2_>|CcZH|K_&~$L<)Z<?&eGFPLfA_WbDo zYumrn{7H{}Z~Afme5Kka`F0Wp4TZ)j#}lo8y3Om8n6ZKPlg_6W7rpG9<Q01AGSZ1J zmQ^NSZuaHwy6FF^KQCdjR<O~3-`Cf^v~764?7#lzp32Yl*{f&I{vW+Q&h+zt&r9wR zbN2=EI{jRt{!{*@)i>Rn8(g1lZIrgYA+vq*8yya{PkB7^E_~Q<J#3%lyh7O@ACG)^ zP?CMPGA;GR+jiq0wt2rl+U+dJh<5(g!}rffxrU)OXR%u0(>R5?`+B;jQyl|TJ~A19 zRL}cjEHdf-{HRCbf8Ou=`d@$Fq@U;It{(nBE!OSppX=s{JI|l5|NAt}`2T#Ri`$zG zxAhr*SUc14jc0Ym()QzS->>nB?ETKg*HKV*Au#lL#P8X63;ZKf-_O>bCcZ7|Bg?bx zxqUCSV@uQ?Jr0`?U-7qmeW|{}h3{FLHEz0Bl$X{Rn0K>IzCE|KY@N!ljf)IyYSIdg z@;$``6Wmk8CjPk2b>xDZZH`!P-D-!fxjIg7-sBzPImtM2yIgU@&F620PwD)Y-n`Z+ zcipF5vt#-%zOii-3RRY>*6n&2{Mu9X^R^8N87HN`N*rgKZ@nc*^oHTF)pc!wtG_=x z^zYuz4Zhni*RQwXezQ^jri6g?istX<_%9S4+4f=jryeGzO^$kpGsONy^<4XXpugs+ zWazr5f$C3wG8=9TmQ3}Pld(Eubi;Y_m*0NV58V;BuqoVfW<ll;?N8G;J)8JPx99$W zd2D_u-8*j;e?96}c3|?IbgK^4+kb5KZ>-;cF7ng^|0lPyoaVidPWW57_SNhiOr@rO zpU#_*fAbzs<G*9ILA_D;-dx(Z<Zi%zeZ#d{?S38C-Jh6xU5N~w8es7;FxRBRUD-ml z;yUXhmKz?QMC(mXO`ntYNrmyyF6o)ui%UY+OJv`Cd-#6QgDHFr$7Z{qOG}jR&{WPa z?C-qkwkoWIWy8yddq2dV%3h~^WnTT8vNF5B$<E3fT`tw1ylh%-&S&Roy?gWiMW?>- z?TviUZG0zVS;vy}390uNre8R%``6#1%;ZkJ(mV4%(>~0eU$&q5{NV}))4Uye4}S$& z%-iE#cKpq@_mkAk-vt@3u}(@ZI?iNq$MEx9>-#0|c5r>-)8&5mA!}QtV9MUDQ!I@N z*Q8{f_~xfFf1cmM{LBBc%L4CjP2ZAs#QTSob$7v+I>yN@YPN}9U+ur0_}I~yw&I`q zm%Xaf4Bh{)-v27^>0A4%+h>2j_n#E7Wi5{kzdR>Tc-c&;>D+rnjd%2QTFRu<dT&{) zoiY7Qg^P{TF|Mn!>rQOyjI}v5fqi0-z{9nRr!?)F#S}2xRq|`J$Yv)tVZ$z`q^|WJ zo<DxIz0JjGq2U@u=Z=yl-%e&5{lni)CUDlcnRc$p+p~3|ePP?y)irN_G4p&+VskLt z#2i#QOZ9IWd$RhG-FhDv^ZzzGF1Amg@BCvYrNiO-$~c_V-x}C=9M|S~u)C;RG<16G zm7vD^-xcpHTUCDb-nXs^w*P{-9ITE{D4HlCzvTa<E{}*8R>|sK4^NoyyLh4~^h54} zDjB2jozdzYNtad6pIo=ZjYoT;XZpkCOt*_|d?GLHsz39`|4IFh%nR|Sr~Na1Qy(Yx zrarE0yY$chBAqAdtEP0w%-r(eai7MKOPXDJQXMRp?GFlmT(Lr7UEu#EN_Jb$uFQ>I zY~bC=&}Md_`$+?*jQLg1<#Q~1ethv=E|9ZMx6tcvTf6$l!=01o7KcCkYO3S<XgTx7 zC;q2rW!oovJ*(&U=lr<D`OW9U`tO8J&oKYLy?Xtp-}~Q{8ULTJGS%u0=liq8?yG&4 z>@WK?tzx!am!G`p^ZwP_fBt^)_Kfngw`YW(F5;P>dNTMy?oH$SO_O<x4+II7>%NOk zeX(ny^bgk9rjD<ChR4(2#Z=rX-`Mt2o$Yd>X&cX$)q-;hnC`3V#g%xfy^HRae(?Xn zlr#1FvVZZ3H58w(*Wdp6_5U*e{Ad4zmxMktzxzlmG3D^;H`*m0>hn8`4c_@)?J?A6 znDn=vN&U^rnX;Bu+umuv;@0H2Co%Q;rD*?2ccVgA)N}2ub*hh=GsVj&Gy2Ll-j=CS zyy~m?B96qlynVOmt-_<_-wxQ^dRzQ%PFtVNp%3!enro_rd+&ypJbAsLVuP-t@P6r@ zTXomcJXoBYxtw>zD{h$V`S29$>X*M#j4w6qKXLFv`9#)=Swi+J*VSh4o?vLo%zu#a zb4|hPAB8W@txz}2>Mv|Qre`=)^}&TNA2b`I?d9%iD1X`8>vUVTG2&b2?ai;X=K03V z`^%B+WMo{B`pU(;OHy-PZrc;hJfoZh*M_FK9-;p}B&+WEn0)=v=>v=<S9ugWX6whB z3GKf+EhAB`Y0k0#wi&!qv%QV~Pf7pwz<7C|j)kR7g}<Xf#L`^8lLZOUcO<t@6ghC> z^`qZi`+ior|L|(t^HkNb=lj(3`#+RQ^bat0y#77^ac841^9Cc~GR?k|d)5dVmg!i= z9^YJ1%8>Ko?c~O=Zo7j|Ppc>hpV@!z)s-b`rYk*tvw|ki0x>gZzO0|^w^N1T0|Ns9 DA$wvy diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml index 27d53063c3..d13e63c803 100644 --- a/.docker/docker-compose.yml +++ b/.docker/docker-compose.yml @@ -346,7 +346,6 @@ services: OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin} OPENSEARCH_PASSWORD: ${SEARCH_DB_PASSWORD:-admin} - LOG_LEVEL: ${LOG_LEVEL:-info} depends_on: dbrepo-search-db: condition: service_healthy diff --git a/.docs/api/auth-service.md b/.docs/api/auth-service.md index f6c32497c7..40ad6d8fd5 100644 --- a/.docs/api/auth-service.md +++ b/.docs/api/auth-service.md @@ -19,10 +19,37 @@ of immutable properties (id, username) is mirrored in the [Metadata Database](.. ## Identities -:octicons-tag-16:{ title="Minimum version" } 1.4.4 - -Identities can also be added in Keycloak directly. When requesting a JWT token from the `/api/user` endpoint, the -immutable properties mentioned in c.f. [Overview](#overview) are copied transparent to the user on first login. +:octicons-tag-16:{ title="Minimum version" } 1.4.5 + +Identities are managed via LDAP through the [Identity Service](../identity-service). The normal workflow is that the +[Metadata Service](../metadata-service) adds identities when user register. In some cases, where this is not possible +(e.g. in workshop-scenarios where accounts are created before the workshop starts), identities need to be created +manually in Keycloak. The recommended workflow is: + +1. Login to the Auth Service as **Admin** and in the dbrepo realm navigate to **Users** +2. Click the **Add user** button and fill out the Username field and assign the group `researchers` by clicking + the **Join Groups** and selecting it. Click **Join** and **Create**. +3. Click the **Credentials** tab above and **Set password**. In the popup window assign a secure password to the user + and set **Temporary** to `Off`. + + !!! example "Create user with specific id" + + The user id is created automatically. In case you need to create a user with specific id such as in migration + scenarios, you need to change the `entryUUID` in the [Identity Service](../identity-service) by modifying this + protected attribute in `relax` mode: + + ```bash + echo "dn: uid=<username>,ou=users,dc=dbrepo,dc=at + changetype: modify + replace: entryUUID + entryUUID: 506ae590-11a2-4d2d-82b8-45121c6b4dab" | \ + ldapmodify -h localhost -p 1389 -D cn=admin,dc=dbrepo,dc=at -c -x -e relax \ + -w<adminpassword> + ``` + +4. Finally you need to query the user info once by navigating again to **Users** + and search for the **Username** and click :arrow_right: to search. Click the username and ensure that the + **User metadata** contains the entry **LDAP_ID**. ## Groups diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java index 173b3ef95d..4be54d5edd 100644 --- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java +++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java @@ -372,11 +372,11 @@ public class UserEndpoint { log.error("Failed to modify user password: not current user"); throw new NotAllowedException("Failed to modify user password: not current user"); } - userService.updatePassword(user, data); authenticationService.updatePassword(user, data); for (Database database : databaseService.findAllAccess(userId)) { databaseService.updatePassword(database, user); } + userService.updatePassword(user, data); return ResponseEntity.accepted() .build(); } diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java index 3c2ef1340e..bb3bcbb094 100644 --- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java +++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java @@ -191,7 +191,8 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest { } @Test - public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException { + public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException, + UserNotFoundException { /* mock */ when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class))) diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java index 5a4690892f..5becb9225a 100644 --- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java +++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java @@ -109,7 +109,7 @@ public class UserServiceUnitTest extends AbstractUnitTest { @Test public void updatePassword_succeeds() throws AuthServiceException, AuthServiceConnectionException, - CredentialsInvalidException { + UserNotFoundException { /* mock */ doNothing() diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java index 71e30fb860..94ea986f78 100644 --- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java +++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java @@ -40,7 +40,7 @@ public interface KeycloakGateway { * @param password The user credential. */ void updateUserCredentials(UUID id, UserPasswordDto password) throws AuthServiceException, - AuthServiceConnectionException; + AuthServiceConnectionException, UserNotFoundException; /** * Finds a user in the metadata database by given username. diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java index 38045e0399..bce9d6e264 100644 --- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java +++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java @@ -161,7 +161,7 @@ public class KeycloakGatewayImpl implements KeycloakGateway { @Override public void updateUserCredentials(UUID id, UserPasswordDto data) throws AuthServiceException, - AuthServiceConnectionException { + AuthServiceConnectionException, UserNotFoundException { final UpdateCredentialsDto payload = metadataMapper.passwordToUpdateCredentialsDto(data.getPassword()); final String path = "/admin/realms/dbrepo/users/" + id; log.trace("update user credentials at endpoint {} with path {}", keycloakConfig.getKeycloakEndpoint(), path); @@ -171,6 +171,9 @@ public class KeycloakGatewayImpl implements KeycloakGateway { } catch (HttpServerErrorException e) { log.error("Failed to update user credentials: {}", e.getMessage()); throw new AuthServiceConnectionException("Service unavailable", e); + } catch (HttpClientErrorException.NotFound e) { + log.error("Failed to update user credentials: user not found: {}", e.getMessage()); + throw new UserNotFoundException("User not found", e); } catch (Exception e) { log.error("Failed to update user: unexpected response: {}", e.getMessage()); throw new AuthServiceException("Unexpected result", e); diff --git a/docker-compose.yml b/docker-compose.yml index c2927c1c65..3c78d4d9e9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -403,7 +403,6 @@ services: OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin} OPENSEARCH_PASSWORD: ${SEARCH_DB_PASSWORD:-admin} - LOG_LEVEL: ${LOG_LEVEL:-info} depends_on: dbrepo-search-db: condition: service_healthy diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml index f96cf27b47..2b18ed1422 100644 --- a/helm/dbrepo/values.yaml +++ b/helm/dbrepo/values.yaml @@ -306,7 +306,7 @@ brokerservice: ## @param brokerservice.ldap.uidField The field containing the user id. uidField: uid ## @param brokerservice.ldap.basedn The base domain name containing the users. - basedn: ou=users,dc=dbrepo,dc=at + basedn: dc=dbrepo,dc=at ## @param brokerservice.ldap.userDnPattern The pattern to determine the user. userDnPattern: ${username} auth: -- GitLab