From dcfd87cd174bac559a31a83300f7159626b4e836 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Tue, 30 Jul 2024 15:39:40 +0200
Subject: [PATCH] Hotfix password change and LDAP

---
 .docker/dist.tar.gz                           | Bin 9911 -> 9884 bytes
 .docker/docker-compose.yml                    |   1 -
 .docs/api/auth-service.md                     |  35 ++++++++++++++++--
 .../at/tuwien/endpoints/UserEndpoint.java     |   2 +-
 .../gateway/KeycloakGatewayUnitTest.java      |   3 +-
 .../tuwien/service/UserServiceUnitTest.java   |   2 +-
 .../at/tuwien/gateway/KeycloakGateway.java    |   2 +-
 .../gateway/impl/KeycloakGatewayImpl.java     |   5 ++-
 docker-compose.yml                            |   1 -
 helm/dbrepo/values.yaml                       |   2 +-
 10 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/.docker/dist.tar.gz b/.docker/dist.tar.gz
index 8de17c93ea61448bb57c66d16d836b7340fa000b..13e91ed189c2425dbb2d2493cc6fd4fa9d949b3e 100644
GIT binary patch
literal 9884
zcmb2|=3oE=<~K3f#j{UbI+y;R>s0lsIXOM+_Px>#-y3m=Yh#|<B-!-WBHalpg31$i
zp7=J;_W$262MXj<RBq4q&Gk4cWPI7yx%|BGUE5}_)T<%yCLGmzmXvvG#g{D??(h8+
z+W7j#1BUvretzwb{yX?yv0r_)`_;jViEFC@EZ4~HT^+)owY9n2=jm2<r`<8PC+fCU
zZm)2d)%)qTZTSD@IPKta@e_G(49+lFZql+gTJ0C{r}Ols@0(tqdHh}Y^pRu9%Gpab
zHFV0R@6ud7GfDd7v`GuL%U+(8u5mdic;ds1bHS^U+V5074pkS6nw67tW5<+4otDs7
zCNp9W-}&k#a=9Soti!aF6Wmu81XP`Uw(RW>-b<#pnAkW=?uBS(rd2L_I4!DDF?tq{
zZ20P>Su4-2%2;%gEqd*yYZKiig!T8`STo`BnnTl;8u3)GI(sVgq+8$al-$%lv7(dv
zu1g<W!m1eQ?;UI`6J~7UK6grp*Jqv6Qkl)}A9N0vB=_IFv}MkX<hR#ePhHIR@3FUx
zr1n{(Ue*uXQl*xG52Bt2bxRjMzcYdT@1NK9v2{ltGOaAVmr%R)Pr13P!nfbbnFn~=
z&1*MKUDl;F=}EE5>vJ+L3+}Ko7aY)Y*y{g*W7Dn+JZUQ>joVUV4OSVSHj(|YZ%Xd(
zgIlg_POok}wr$zr&w}q1j5hd2<{Mn?lKrwmcfw1j<?W80tuo%s)d{Oi*Snaf8%wwv
zxLmyyb|TB*e$M5D<p=82H+_DaGbitUe)8?3Z=_VL{~YP8@!s{W{8;S1gVW|7{j{I=
zPr3Q|ZGGK0!>)zgyXW)IP0i^-rL(YNh^BDo^nLR>Rj%=`>I|4tzln82!Q+eSYo^Mz
z>%QT$)!d+TSM<QNh7WIf)b_WVvK9X*V{^WCC3j8RgiAi^ajtKUI~kvC`?|Dc>-y7^
zCq1^yIH7UU%d_m1-Tk5@kE@p)Ul#1WBYORk<Tbgn8GCm=){%Z%wDif}>^UKRTB+PG
z#LN=+9shIk%mePtukXJ%s{eO#f&1CSRr-@Gj%svHdaUMZc=)uMS<A->;<nbQ8@8&f
zGBfmD@GyV&T)T43!nNxzbZ0dD-+JN6-$yH~uNhyL$@04HX?9WLQBKGfm$oeLWrDZn
z=j&(o>#g|4<8xJpS3@F5{pYPZuOg2H(Ts<9pE<smnrkk8=}G0iC)<jZjQ3>3r3ifc
z`E+X9+Ien2_0&shN{_#bJlx{=!vFvJ*<EWMFXz&2dtEs9wxYZg+x=|bUrzZ?KA%{f
za?)lhZ)E)@=ll0(uNQpXbI?>`mL%J?>E2?SA3LS_Bwu;MVN<tCggMA3O>y;$1s3VN
z%sX<sYUJiGnD(|$-sS0!%wMTLem*?SxxDMH^v_k1?-!<i{dN2B8sE2yLbY9$VQ&f>
zzNYy7c(^rKs(T-6i#cOt*ze~_|0jv7{`3AUd_DW~zaZ|r!Kay5cwLI?{aM&%5azM`
z*A@9+YGPkR?2?RReEUuEIA1PW@~!#SK8r5%W82?6yjZAvwQpI=o>dO>PA)WCC9>_}
zE`d$n$>ozCL<zVjubVv0e~-o96qBR>3N${6pWHcHm$&ULYhzdHt!=H#R4>nJonvD^
zLyfb_b&ldyndq8!dB&d38sm~@lU?5kMVc*8pI3TN<CfBO>GA`+rSDd$e60Q^rnl{O
zYV_KRHTNQPq_+JvUGk@fdESE`GGUJW24$zqSRcmxIQI2idinRy)@y5j1z0{`_k+9d
zwfWA~!hF}w)2Dx!`~2PeUjOi|pJ&gWeK~aXb-~%El3zbQetf;aarv3wV>hn}`P#p$
z=wSWtW1RE%*Tzk=zZ>0ryRfq6R@~j)x&JZ@cJ3>1tG^SXKh^u^!uro29~G}Ze|2{5
z=O?SIc0E{LFLUL*|C;ruy?-Zt`dL(ZbzfZQez}@S`s}OERTQo%6<41hwmfv{;$7=1
zKUb85=JN*Rny$Wfd;0W0;UzZvW}MZx3v*lkj<fzJd-%Vi`p}ozPQ{7(dF+$huYTDQ
zKHo(D?dMOqTMymW+t)Q&IPspzdVlfme-B?2mKk5ZBbU`TC$2cux%u{Qzsi`Mk+xg)
z^Rylm-aPb_bJkUT-Ml|<mu#(hb)N0->*B@h=5Jpv|9ZOk;pn%?sh>WSe){?P?B6Ak
z{}$c9s+GIB%Gz~4`=SRj+}+2+-bU!W-kZNUZ2z5Ffv7v8<#Ml9UC#HG{Wt4<!tbuU
zh_f@=5(NEqZDwaJX#K@%%xn0n;E}5Lqt0bI7oT6N6h2U-QY56lt=;oiiR$d7-yOC5
zo;()mo4IN2%6-dD@c(j7yds{@DaO3LMDlhM`-~H2NiG#-(ZxQmHB<Dz9aU*i;o7q@
z@A1;~l~Z*tdmT77;rS7@T-n2YK7O$cvMTdEN)_5lJG0GxJ`8Bm)ZyG`W!&nZZLhGz
z@9h$O9^UiE&wAI1OqjTP%d3TImXEAbr<{~Yf4n8gljm~$_he>ni&X8RcIyX6R`*?b
z^S!F3SmjIgC65=M{u)Y#<mpDQRbeZ(mic&hMsLESkVvfzg{z&Oll8nOh;Te{3O~&M
zFy&}r>V(9b>bkEV9G5<^tvMkt-{wZN_=(&J*(ZDBHZ>aU>vGduxwS6&S5C$z&QdkU
zxQ2?!GES#@?;G?^SmKv1q_I_6RX8ZQ`_ZyJ6aMO#{@g!*{r}51e-_S}TYt^#o4Af+
zc9EL6Q~USK&6ShShU?9L#CvTe?}M4!zKOU!S1IJ0qd9e_H0v~*#`WF5-S&p8ZT-z+
z8g)#b{Sfb;_I0ZZ_>B`H4}I@7Dw?uEBXYXx)T>i-G(2>Fe%E{yk~>XC@{^1Esx4Py
zFEq_n^1qsPGSuW~_391ZZmF)>$oAvtX`f6F_uEP5Pi)=8(C;z%z6R^;?4OR`*Q`2e
z%&g-aoYS^9-6VQb%;5vS6&gQgn;Dmu{_ULUaHlaO;#O$emYcs<KXa=1mvA^!;L_4G
zhfOuY$5o_Gx<$(f?wfN>YidzKa_UL93mhTRj_0;lFJtL{zGLBh8@W9m=S2ED<-O+b
z%=UZ5?`Dygx?kr_vm~>8Kl^5exf`n(xJ$M;U3mD8SN+?exlDI!vRd}uT$ZhQ(TCkD
zccJCR>Kdn1#=!Ju%Z$qn$>OJv2>bAzS>88)O6+Z|+r>AXQkR^b_qK|6&y*|EmTi?i
zqt^M-ZQEMzIZ`+7pJD#@&hvfR{>vYmlg_A=9sjp&`J|rX_x{amHk7p!%?W0!`M9xU
zl_Gau3`5>}p=rIU|Jt_KJxpG@uzhcRx=_%ThtI>=`X}6E>9TjLKk(gS+Yx`Kzpw3I
zF5)<<;o`W=I`+t;moAy|{=SnJ{cuY&vX)Jk@;>NZVj214YvevzwbEm)TOBpKa&pU^
z)E4-iwTpVIc3Izc+t$zTkAM8KaXwF$bS;;K3+ul7e`W<9v_BPJzLodw^{YW@-dtuI
zgI<^zor(EBaoe$pjZ62s=fCmry|}#R)zNp)5A#?)$oqD4hSKYVl@AU1z0Os=o!P%V
z@TE`Lh2}q7mKIM~<fl11Y<A}%9*LLA89T~iR&Cg{uf<P+&pI`?VB?B;S2*o#H%s4@
zm$@SS!9Lx}ZDOzaqX>s*rEjiI3z2zvV%<9z!^paAQ>O*#Bxux6F46sKa#BqusPUBA
z62>}_1vd}0yj+-^DD5|SdC!a}-!&E;CB7R(W2a8<je5DFL};l%#Ohhw=afa=QK)^!
zxn9<Z+r~e!B>F>4NRO}5@hOMf<`paD6v!V|^3+{ldLZjZjbC@bmZSeF1gsA|zQ6g~
z<hKi4H)-1a@~G!q-xfO6IKKM#2j8-cM;TwQaWZ8^9<})Fw$uOlv__#{JO3Bm;<%>I
zy?e*W!*^J?+WsD?2ottGaB0Oge?Q4>M{~@J+G<ZM_t935%3=DLyYJQ$)|vM>|BAcL
zl55}kFzrgx?-`fnpGO`4o}RHKFyqUd_HSm=wIScv?s%%Y@^YB_%CkERPu;ncb9d|V
zrv^S5SG?PoFS&ix$?OW-XX(w|I~B6a=if{XJ!|#3$>9CDb(8yrzEzwn2oV<fp?7BH
z^zN;%C)K}BP1-BQZKEh!{b2Iku=1Jp_K$f~XPRjAEIuOgR(FL4@6?mUp#}3+3q9Fc
zR4AZXJo#p*LlT3f>UzeC{XElTlFv_E*Iu_NynXXl?wi@aS66<Q{qtmt#I}RxT-{%n
zZBspTv2B;wqr3`^@Y!<>*F0QgvS;EhnSamp-z?sDV(a3`o9aS&o*7-N*c*4>;LZ8=
z9^K|mzD~D}+-{iNww?1)$%@%)&n#$re9QavpEeQp`cUcBQY%(YI?$7mwNcpQI?q(r
zuH(xi7>?*Yaldx$pF{dquY#ki3n!e^OHJ=%bkY9(SS#7`#?uPx-RGL5_K3eZr*t%b
zTAgBznx4%<=bFiXCf_x8j`Hg)ky-0yX{qWnZ}NUcokgr!yxbG>t0k{V%#9b3`TW)S
z@b*ntdxbdS)H)8-a!j~Uw2xV7--Ed=rtg*ayohbtUd#VbzWmjHYq{_LC-%R8e&mp5
zlex{l`KNYI-TUw4!hfd6e-tnJr*hEj_zz8W`;TQ|-;O+=SpI18gw!ef!(Qi0E`3=1
zOL^td_=3mhIK<f3iOSvg7v1bE_x_@)-ye71JeR~H!5)8$oOYi-(DTHt=EKPt?mxa2
z%1v`x;zBsNm@hv(5}kHrZuyUgc9&n8>mQb0c>U4-H^$0=8QUub?>Dn7=>E9iY3alL
zTRwa?ZI=J=BzEC-o&?jz%4;&+N^I3XtXi(}ssBvydvbN-)d_QcPx7A^eq4_2i6_gs
z_PB}PU%UJ>zG449F=JWJ+*7-HorLnGwm7%z*ZJ?5UiXucUo&r0spf;3_FlcZktft1
zO_Bd#@}$2~;r~_sE%oo^AN}+TUm3$>|0nl%#Q)#^Q?s6)`2TnLtHQN$_6?u1w$?@b
z|M}a${^(b3<K~^&Cx7{UIQBmBSL^+`H*P;j-?sb6%M&kBKg^Av@!+`bjFp*&=VV%U
zTO9OB`E&p1f#r+J=H0aTXdav4Q>fsayhCl*X@kwSdH3>*5~7aHsan(A9QTdyZLR&J
zq?;$T{r~GY2h8(*)c#m8JLH3f^%mEMIy==Erm`<=TXTF~oxH&3dslT*jExqbNoAff
zshw#}>0W6a3(owesUgmnd_SLy^%6cC;JvV;aVFQq`d2qfvaTvL|G&rf`*YP*?K|r#
z4%-==ke8Qx_RxMG$3OWi+B;&mhOLy}o6L8=z~|vt{^S1x{x6;R?2h7=nr6Fsk^hr_
zt-qRmJmUY?=EINYzy2Rzxc2ANgW<1}_x|I5eSE9(r{DA4-5VGd{6E}$%Kz_w)$5k`
z#j5^q-z@xOS3yv>px%tQ`Xe9WTOMYd__HrSU8v0L&HeIwzkjo8P2O|h^9BVimi{c&
zXn%q9z3b&`6KvG>7B1iXJ}^<Nf;ovd^zDZa&RtonBLD3>TBWt$u&#HpgLqxCL9uWA
ze~~F4XH1(^^QScSL~w_$sbu@o^X6*%o77wLA{TyaSS?<C@A>>D#p>KMzine@pPjom
zpyb$@qjoQ)<~Dg{)=UsIknC_0SNA$tn|d!>OH=lH%WA{(d-!=2Lf^c6c=#OqGdGD^
zrJvl-W{I~u?N|SDi?!$S?fs`Vp6g^Q+<$n<`VWQ&s^5D%@$Y)!l(5O)?B<`|4M|L@
znrUhJcZ%<QzNw<KafVs=5Aj^4WKB1xFA5Jgoblg$ra|F(A!n!BYmY*+S4X{PcyOID
z*sXBVymXNV_meZeTQl^#T2uZMEvSF^MPR|_q?wC%Ieggr@9b|01`qDwqxsKP2sSHS
z>)g6kUgLr2nZTwMLQfT+nT4%fI>Y90^NZe=Z9**jxNmAMW4nGqj=AZOSd*ONg<owi
z?55{(W^2}{UA{6g$6#f5ma35CU9&PL^VaTtC%E6rX|^W0J<+e2_}<ayoXf1G68>Ii
zeisV9V_#G`F|hUapP#EgY%6oU#1+J|o=a1|Gk<o*-7Ut+Ixa7gV?I@}eLPgk^<PfN
zFyHr7&w>}LIys&7W<C^=<yPa_d1BT49c;WlrIl&Md{ru2pRC<@q~Q8a0mt7z4xE_r
zZSiEeOK#dKyfgp4KKf%$l5+`<cJH#o6GAn=NOViOyX=_B9m>Mfap#)iA@4NvWBmzn
z+-uhqUGsa;cw_&wYMCBRZ)1~r+yZR*8VWhd)3oGlbp!hhL$yVf8eZ?v7rMxQQ7E$F
zw|e9pfkhXpCYqG^I=0Dvf6+8Om-|smcIL#XhXjm|&5cx>xHjU}rQ$2xf=hDLB;s#9
z-n!+xslbcw+{35+o-_P6o3TEJkx_Gp{*sO>w}LKA{2+XD_Jt!~ryF>;#5+d6p2G5M
z-OWpv<~F<(oVez@i&KGgXR=+}+CcBSCTYTV=cv?9I~jb=LLoto@maIr*67=piaA9-
z{7GDNsCa$$Oqci5nadT=TQx4=Vzp78e{6Bmsr`?9)4A0q|2tx%aLnYv<Tn-vd6Q%(
zxAH%`ZnU;J;LyyvJx^Tk9bl@=cbhupuhgyZnLj7J_4~m2On~VM=gb4oouXg#&YQWD
z@vGQr#djI@DIXRs|5)dIaM`*dA32t_tcJ@={i3z6cO81E8u&)){l&sZzZW<2?=;C|
z-^p=yZ+DEy=M~IS{`V|RroFUUApDZgHZ`M3-S1J%jYUNTPO~K5Ic++_ZvEnr`2-D#
zDJ2aq>GM`bpXd+TV;85sK5a(2ht&Gtcip^ierB)xUQzXUWgW+o1gpYKb*+hgA8y8<
zEGV`8XVA{5bi4ePPz@vV&71C=9kQogLmn+?EML}nP2u6a1E!Dm_pHd6$vpk_g-I!b
zPI6z49x;$TR{cXk=K#NRtX`4Onw4i#iXLjXO#XKK`a>&=QqT9tX4n5d`O@*Q*ZNpC
zCFg?Etv9waf0@qu=!bejQK3%biPsOceZ3Z|2$#>wlAh1y#dYb?k14_rj|=MD6#jRV
zMZJUX!_n`@VxRq$%iFhozdOgn+dD5XpZ?H&=)Lm7^6Gmp=TBZ=;q`F+KlYU`KItaj
zQBD2FyYl6i>fE5d{gZ-h7=B26lH*TwsW|-j@$b6*&Dy(TmOq~UL+0=MCB5p}KZ-8C
zEdH_is(f?aNAZ1}-+Cn<EZ+5mdH$4dzg~PgEO=dZ!ut<}rw>nN{}<4*NaX3!GH!)m
zOb4s?+cjQfyY(SAZpn)X<B%^iT%Vg9pR(LLmia@s*Uo2?PD-gxxL4|P(q8b1vVxew
z`LB~i7#~&Mkg7T_aY`lf`dM}#N%b=hsVpVh0(^F7gyL*#j)Z0`n|CW)&ED>M&P2AG
zd(u`-%kaogvtG4iQRtePyB)+h1+Fb|d-VFK+sO$cztkM3FfH8Y{#4QU^81OCpZQFd
zHrpxo|5u`=qa9~szayvH_AY1JX%>p18Z2MWn>^&6ZF61bpbyh;c7u$|HaDjn_uI9o
zMe$y-==8_0*C<pR{<~ZvUeE1t3`<an#z%&U0eQR!ym(4D?Zj{Rp1Qp{%KY(V<0|=n
z?f40C-51_^ozPRM<K@)a^jV1W(FA8sv*bxaDUtmlWhyr}rQA0?>isAG|G(uPH#W$6
zvjyI)Fz3iLW^ONU+_Jp<;2!@YA79@+CZM&#L}g0JH6uUuFG3eHwN@FZly`17dMqe1
zIcI^>hN<@zzSPceS*E1^u))>osw!(?(^vlRrwo2g?O%B&U%&L_(j_s0qNApJkIYir
zRbi*)VcPRFXQe48quyth9mg6qv>d90`p>9pO*WrlGpTji38%J6cVhLG?r6GlpXa=8
z{r>Zw8^+OxcC4>GQ+_|$F}O4R^^_$VZ&x;7Q%L-O_K^6BPBYVaiz{_qceRzhZ<|$Y
zetf^c)@u!6f?vAZQ_e4%^xJE}me2dY^=(<1tNQcqekaz29FftRcq|(pF>^k77}cjU
zp*%-x=_FmrEfZDU+56%X>VKD=SL|IfQKwn4^0!I6!K`=lX3l##Z*g^%*}J3b{w!=x
z+2B<v8qWKj^;pTWiy!AWdasT-wOM|-^9kAQf4Zt4c5YAdxX84MEsgivy=0%Mo0s#|
z8>DT#vTepq?~wk@M%CK(k9490jD5Tuk38m$(O5P`NT4ushUKi-I}g)WmPPe2-Tm<K
zVU16js;aYbYP#RA8*EEW=5O78&rRuifYD^{tC3f~C3*ffetF_oV2($bxBoFVp2hn*
ziu0Ft+*Mh2`6r8n+q0V5!sbNTp8BI@6D0CBF-13h6gBM0Hr^wa9hw^VN1?)eip-m5
z2ETqNbiVw@^=Ex&;PJ-q_x|mUTpS_$Ijr~Pw4Qc%BR|`e3;aI($ySWahg#>}PCYYi
zU51M@|Mo93^XAW=yMFuB(wbGwue$7iFMogjn(Dm?Ce8AzCeJcT`lJ|RR}gdj_oQc6
z51dPoI+>y=&SJUjX^ZgnITsV2rurF9ow04Y;jC*1VxBRsc<;LJb-d-$d5MpHtdQXl
zz7b^IRN7kn(RXUHtlGlGTn)#L^aSv$HJn*xWZ1lZ-NC~TQazT;&dY9jaeY(KE2;I`
zXMTigb*xX-@INJHar(XQoTn+j_xP;JjZwSe@}*j8I=9_DenUOu+m5Tsq#kd&vSUxf
z)gSsPuhtq%UJi_&5%lqQGpo+mOKW#H1wQgu_n#^>BQpKoe6#4cQ!|+K-h}Q9Ox62X
z$-BPQoBQ+f3zxFQ^aPh3F>86$_QY+8;pUIe)>>>6*YQ&^YrFZuD!WE#vu;w&sg&i9
z8?#lG^%-1XcXK{C_59J}+g&U*UP~zR{h#!4>%8#XH!DpQ3zMGze$V-j{Q~#j?!||j
zOF6^2lRn3^h==`=TvHOXbT=dad+D7E1lJ_V-PcU9Qr*k_`>fotz+<v~t2N9NZ!5+b
ziL4OmG?37j<G)dGN<-Oxcgci6jeAC(s{+lGw03IvysqruwWXpcbf;eC&r^#JtZQ25
zeE(UYjN7RLVLlgb-J9B7STrT@LBD8;QrRJnw#5}!8|T(*=x<rH=#QtlZj;B;_XR#)
zHZq@XGc>hoPv5nCg|N+3kB=#D=bg}dw`8-U<ZhNll{xozow?huTBui~6uxW8`eN}F
zC!Xy|Re4lya&w;NB>%69!3n>QPnXDix9R`ug@rfw+dRuM{8?MMufD2~XRWoz=kt2~
zeCJiePk+Ab*lX%I_gu8lbN7wuXLlw<n$<inJr=`s#=$cy;Ys*i(M<;oj%WwX2>Ke&
zaN^6m-Jdsib3a)3@!#W@2OsXdXn)|{@27MAy^Wvq?W4Z6;E69<oFYlmKV=iEz8;%1
zt5NkF+tF<u4Tnyg3D(ln_R{zpbJ)|OSzkVwn`^7c%8DoR4K^4YVp*|f#{RuKT*3|B
zJfD2{^y1CU+)6LnpZ`6~&3wM{oc}k&DFvI@jLzLl_POM}LXB~+O-*^pt@`ctITwN#
z7U@oSy>I^V&rG*fg;TDEJ(PPCulS);`yTJUJ4tLo*=G0k!w*cDm3%(@fX%l>Oa7V6
zp0n}69p8uzIy05MW$M@Q>7Tl!^mnI(ZdXmKV^C)jzxRaTT63f0eb(A%n1Uj%J>YuK
zb&`2v&l}AGJ;S#j7<WB>BjRuDu<CsMP5Zb1XKOJ3*fen-+wuU-uYZn&T<Vco<Cre)
z>3bt&%KU}r&fWhydG4e+Gb}<mH;34{_^bZsvQT|H`I3HSyz61D)55bui}-&Z&j@^_
zKV!#_nwGV${}((vnp?Isf8h)k{@(uwvu-R~>Kz-Gbtj>U<M^3}7x;wdrW*BKO`dr&
z-_dB^)f*zS1iN=my1g~(-<87}*Z#QZZ`Z8XnD2WoJ?JUB;hS4~HWtSmmesNUsMqOk
zmTsf!7!zdw%j%5E))Q-%ewfRY<apSfy=U`%zsvRC`un-l-Iw-Bh_3wiU|CLP_u9#P
zg<R$Ln;SPzp8W4=UU&QC#r+BoDsM;XEot77oVR%93SB)<^Qisr<m+1&C8mE`cl+X1
zy-j?|LhaVG+$2~(YwWwtlAU#xf1OFyiS(bzmp^W?e|z9MgJ<zu?aQ*irk!1;<l_-I
zb5?`=A)_=SZi7FPrtu7?4LR1W^!fXs+vxM-uV1CDUy5Jeyr54^PL*kuu;xU6r8i6)
zvP+j;kSn{g;zHI6E}jxrZ)OL1G4DE=M1^}>0#X>(+(>IN`Jl>|qhq?@Y5Z)(rTkMC
zCIxgq+<NLclgEkK=Wg3uMStFT_~ts^v|C}4@p=o_l=DPZx^JBNSA%N~qpfgCh)B^R
zd8bw@2|bIG$J`E>OK7UxF<{@Gk!`SuO=QB6^!EQ}I_egAiy!3_EjHr(<H=AgQ^ab-
zaBbUyi<>qcIkflVgjk!XXrVo;=XQ2pd-m|$t(gjGxrTN#4c<hE*rluyIPV*Iy)-o3
z{GoWK@{%>o<yW)Q8<wp<5f&-<iZe-mkL`m0>x?bjf{zMaWe(z;_<zrdu49)Hl2kN8
zt>rI!%jK+^d*qsz^m6CgYyV!X;kC}5wyA8(=4Wr##IDFzUh|wM==qZ+$&sfnUOZQ^
zN4V`3tLKc{ufJ8zU3c&18!an4*1eajSLWsBJB!^aZ&|3RyQrm(^I_Ja$f!u65Aqv>
zp9Z#Ob)-J$p0Y81!^Yyt2A89nT6fPi&)P1`yv<<KAH(Tk0@q%atTMW_xzGNUfVlo2
z!)?AH>@HP~`i(&nw`SSD`(jdf;?Df8Urbq!a~P(Uu2A{8qAc{s%!>xW+Tk}>em;7z
z(cL5L>BS50x6E-d7nF7p>)Yg$Arj`b=FkoCu9-&~y)RT0Z{4{5>}l~^v()o=Q%_tA
zNG@b{n&DQW+Z?CzNmr*JbMl3krMq{1`+f2wE9bJ^R_#7dPQ5Css#wXpea*%;qn<#4
zkos5WlubXKo#^o9_Kns~1~nF5<1O$0s9pT9pNUh9f5z7;Q7t}2P4h2r-{!8pec8c>
zahdSBJtzKL`*^6bm+`@dDf?r2BYaL=ePsAy-INgj*ZZzz8Hg`iA#EwBf5o6!j?rqZ
zK}oj3!R!+q`u}I~Jq?*wBoNb<;ko;y(VDtH_f`IFe!H-LXR6N~iLiYSjgooJcmH3T
z|MKUL^Htwdh5!H5yrll`Su-QEgt&8=%(lt-PhNI3a-LQ=ujKFXWYaOTwpT@mHVU@o
z%`!K$jo7k4>hGF=FWAgh8mWHDk1}6o-ePM0w|-{onaTgxuFdoNw>@ru)|3C9m(*v>
z-51R5wDZE`KmIv#zvt=PQ2Ko8K&z}y-)+w_F&5!UbGGt~9XGSJ@5`Rw!S$yisba(K
zt%>%VjlO(4B>6{f``?Ow8H+7z6|3FY>t_n?J7~A<;-no#>H_<-r%#*pN<m}N9VX+C
z>Uv*{MJC;!AN@%D&--;>|F7RC^fO)m*TeeLdW)m}ef6F3?(?Vh`)jVA_#dqDtH$uy
zHAA+2rp6uinf(1<3U0r+ccXF9_qfAsg5UV8X1$Wh&fhHkPHXj>&eEfw4uxsYYpA*X
zY{tGzuBw9a+nfFzVm`8atu<q#-OSmpC-*V$S^RkR-bfvRymGNyJ14z3-gT(p^UR}~
zHXgHGALL(4o47>(W}2Y0^xF-QCcoA)X_jr`*tmH!r_dy3C4S#$3@5iMrB3@h_h;Bb
z)9}j6zJ13tzO8fUoF&+MSM2DAmEV_4s=OBwuw_HqAG5<2W<RbinmX%1pF!ML<DRI!
z*5cp3pWB(cYwkbxr;!Q$e@`51xZx<f=X+hlJmqbz`=_Lf2u$EDl5pGn;d;^*JC?d9
z+UHjk>h@bHo|o_Fe0xeG`_qF9iPH|o?Obwy`)-kE>kd5ZT%5}0dpLgL{wb#XPx2H0
zuzfQrP>Mctb>3=yvrWwNp4eS>)V=v^`p@3Kze~>rvDGiS9wz+h$UTP7=cPmMACX+K
z`sMnv)|%7b(m1}Dznh$O<x|@9Z>n$Ge${qnhFTUl+1M$q4_tJ%YgWsl&i=H;jy6&U
z^$zaV5>P$hHfjBj#ew^tm`qmZ6u5Tx#Gbi}S63a4IISoDZyNLR5(a~NHUYC*OBI&&
zEIMklEKPcC)J4Gq%YJ`9RIj;y=h}eke=Bd_{P(AyxA%yU=YLiI>v!U;f2h2DbM0T7
z+U4jyXPM&XJaki5nl#UGnyu6M2fEw8*eBk;Sn$7d$Ndk{hw}H`u4S3m{*fW;PC@LU
zuS*MTDyP4h_A~dsnt$G%WqA?Xj~st8jkRD$>O1T0`(EBD5`LmvC3ff0#T;Yh6II!o
zMn;8eTuf53)hGFvFTb!o^S|lp74B~(*GhgA+IQ@nlFZ)d1F8!>{bvOI?zb(nd9*-s
z)ql>~{La)f8~?vrzdO3}fB(H}Y03X9yINM|raq|n;gPUo)8R8aVjixYaWK^9&O?RQ
z)k(Rrj{8%NE58yn3S05Ez;&AMpGSgiHXT!%IPzteid?xW((p^?)QbBHW{Dcj=n51O
z3a)9jmk-}>sv^YIo5(Bav_v?^OXfkH<i6#NJ`ap%d8U*;UfcVp(|AqnQ|;^W2|L7%
z88%Inov`Y%&P#J^32Vi9rJeG%5!)@deP}JHkrNk^-S=s&vw&4*`%g!kxI~8jQ@UXx
zv1Nh&tabO=3udpn7h0_!-ty+-^&o~zmTgnIkNi~lJ3YkZkkfTZ>p(8|eIHxhrma47
zmu<~)#@$-wk68k9c0IAYIrU0sqN>qKkvhE%w#N@oQC+*c{Y3qu|A&2>|3z*4w*KM&
z&#NB%|GesU?w9|;DvSQV3{xsfxz*Hfoh0DxDzZL9L8zm?N%>J=sN*`fzmr$}xL~$?
zTW;?m9aScYTMqh@nAHmIgsO{L7E2U<^mXMByFN`LX#c}!o_`A7q@=#Pv}ae-N{>HV
z^r!u)jNJ6ic$v$;>K)!4>avgK%h#1ok2q%Yv;JoF-1z^c@n)a?tE~KTXx@i=Hv2QC
zc7D0;cTXt)virrCi=X`|{AyM&zjtoskv(%O7sXs*+@w;;wMV!5S@e#S!+HstCrfqf
zcAvUX>TLdjJC0N7p7jyg`LWLr-QCx1>SJ#>gKxEA%7Xab0#5Z0wM9p}{Z2mlb?p(~
z4|@yMPv^sZ`yVh`<p2M^>cRj0UpIaHUq5S$*E`?sJKQBAKWJ5R$zD2{USuh8eOcDA
znc@s5f9<~-75d_@V3AeJ_t?OUDK0Cbu6*a2(kaEOzKXBo$b9Fw?-u0CKU)58myOih
z;<`#6{aYM|i`OjO@T%0LEd1l5*!H8@xtue9+)cRhZIhj?l7y9w#G#+;jdOjt+?67H
zud8>riv4l*<gCs3EO+y5$NZ4%`!>d&m@%ud{lSstQnf1=ZqV*ycyf--yidOUT~FM9
zSA&?)jg#G<?K3yA?fGB-`1s-M)E4oy#TUxl7kJkeh2Ja{J+JnC%3ls<OQZX_sjpnF
zcS&ll%WZq|H|Nsz1;-X9s0U58{}aKv{_l;gA6W7k{+c^;6q!$d{p-o5Oz#qIe#f1U
z{>z!LMysCv6Fl!`^Z7Yen;!f~_}_d${?@YzJ%Zcx<`y1zW9+fv+_(J2?EG!5>r>`L
z#R*kb_*Z_LdtRoTNv2`PzW=K8ByO0<ypJp|)?9Hi&qcZBO+-;qU;4)=h8q`dD>v)C
vKNr_`dbx>%+Kl?SGnaV!W(7^2b!CZ~=}J%EtV`$T{bM(H8f?Sxfq?-4Yn_?y

literal 9911
zcmb2|=3oE=<~KH(#kb8a|9umGu+aMP62sD8SFGn%W_E^2yf#w3S!i{Bg9xW*Pvr@l
znk}{ees6x@D{v*%I(J#3npoi*rW>(3W#SCpsaJ#EO*pGHZQ}-+kSen;^W%Q5JWyOx
z&``hnc>B~Z`Znxe7oWQ5f3<n>;a7!gqgIF1uL|MM+S)vS#;NS`mTwh(+P8T=PyX0p
z!Y+C}I`rRMJN^@8CZ}@@c7MHe@!h#|%}cA<ilnT0k`=<kQp3}(a(34j%FUc+TRzXv
zKZl!pa`PK@U&q32+b`%wo=vs(*fy1C&*P|VHqJX|&Fb<AFP`7oG}qwe_wczlG7>kg
z%zGTuwox!`Be%23+E{z{jXvSmd{VrZ<t$)hy|mtJyNvk?hiMsXB|;DWtPH-i=99}|
z)2*8nZ_nc44PU)9Yvs9B8H-M;MX%lTZ6f~+CH=Y^HWNKV3eN^f?y|j__H@+~h3nB9
z`i$J$Vv62<bu;N~^!WDq&?TSgSAEWgs;f>7vhCj_cI}{TMCXJxZx%;KY@020EpKm}
zW!3|G#-kH|F1R@@lVRVApy|S_>q_;u?hq_L$6NW}yncPzPr-KMCD$sOd2f8WAIs$M
z=DYi)25G+hUrF69UR;|V6sx>`C*!f;j;m~eqh7<-^9C%DrY4gkGoJM%M)J43I<rkj
z{GRxx$2L*hs<v$sUGXNvsz?6_p9=HMDPP%w*IER2&uY}+m$L0C%6W22>I8G}+MkxY
zOlLdlFVb7JjZJvV!J1N?$#a>0&2>4qeRAQhn*F^w>(#G2+<fTn_aypK>3-vPpLn;u
zk?Q_$_Tm0rrJGi9{@Xq+`t&X76Ti^J0PB1WB}EZMrI&ZE3r{@r%TZL2>$Cs10G&G(
zUj&Pn9#7=l?R=hVjYoO*i)kDm-m)y)(W=T+{G*IXc-_j|9=;r2!gEUkHSEo1W%8}j
zS3Of3J8w$N`#|S3&oHk|(R?4K8ON@g#^=?3`sKQcZRa+e+i>{J+1T=n8q>8^|HnUG
zQWT_ln<3po@ssT{{WLcHGkFv4rT+WX?dU)2bV$5QVOKz#k6*WlE06x{2!UhHabKQJ
zIe2N3<}DW!#<u;rWxwt$J+gI|lYS%PpX*MO`8Q2|77-uAy+G49{i4cVkHvu(nP#q1
zZtRpi8Lyzf#8q7MH`B7Lb@@};QiBe>eXi5iQx?r!&|E1HoqGE$tI(bkv+k7nJ=rz=
zO!u6&*u8r$ExGz!<NnhYzXR_=W|``~X!-Z&|E{GctmHy<3}gCV-{JciVelg^`+|7Y
zVg~m>Md@>wXTDkFZYkEmlI?d*ipQ5p`Jgt7cjt#FAs^=}Z#Zn^1R532@Tn`TesRFK
zoRi7J%yl1!f5@q_<Nb?@{@DDr`Saz+&z9h$?|N&luK9jpQPtnCh1ZsCn-DP9VPDsy
z)XIfFf0;RThx=#huo(%cE4{G!fBxt{Rei5N&!4%kyZ)^Cs92Tb+5Rb^V&AgP^cOd*
z^s%~f{GWlqrWH#omPEEsd6OBXaAM6G0hgt<g;Un`On&q5VqxzJ_s6b*fr{n@zn>;B
zu>4AC?YKB8%7(i@w_~y4b;Xxc&Z&v_FS{Yn=lV~{y8H9a!0)x?0ULFXZ@joA<>qFI
z$@zkpHJtQ4lzU8N;`S^y-1>vho~c#s)7cwq&ZlkUmbq3CW5c;PZj0+W^LGt%&3Aou
zyp;J(Om5rl)abPrYwj8Jv^}orRJ6a_;A>&m{`CU8kLt~J3Uj#Qci#K?=3QOg@~!^z
z+RyKZ)*meVt5#lm=;5blZ-nkuzWaCYPerKp{+&B5YcsxDB?VVz)&BVKh1KSl^6P!s
zQ>U)_=NPW{V|~2k!^_wGyFVSTt}d|F>-WFS|2=NDy_C;7{W}-s&98bt4XS%{zh=je
zE3b>crroyMxvEd^$4hzkub+i~pMG>{=Zu<NH9NB6?L+p<)J)N5=byW=a7}6N<bM9;
zp-UH6%`5#}QWBca8}K$UZ0&Y^{h#_TDryX8$Jear@!Ko>?-T#JKR^Gix^%r|*+Yr#
z%_kop{<0-}zKQ<a&!2L)9=b0Tf8=DRL4MTr<!u-3Wo*yprOmqTe0JjPY`ZHL9(>yu
zEEk?9H}AH%x#)(yG7mqooP9Oj%=}-~r6`;4>COMX?u@*C{`O`5ucx~ouKl*qsPd1|
z&o57()m_r5zxF<B>bB6ma~JtD2Nv|RK3*AWEq1!<{p&SX^~>d3#mbM)J-+AFm)k+@
z`=41y?3={0dgkSb%q7h{+Rc1{kv659EMG1NlzS2UdJkt-zDkjh`nLASicJ&F9uC%Z
z%#ukuYrt`sr)8Q*h3o!5lKY>BR8=lq`LrWW$^Hd@Yhe5yUQy#MuFp2=E;#5?CZOz;
z-S;f&Tk)M`H^etbsZ4%o{?6g`hCfqsPM>?xr+B{8_tvepx3iiyg|Z#ppjUWS&0faK
zpj}l_Ax=;Dz!UeDD=R0Pb}xMNb4TULex(ftu0m2?oA$1KUhUChExmlImuj!V2Ie5y
zZiA=XT)V9w99i9W<<0l1nqrkN)t5Y8eEM5>W96ZsZBZvno|RcV+O64m<baFZL;IGa
zl7gzAjTEwflx%EZyEkXej(I#LI_wKlWqqoIE&ZNcf7{DmeY$2B?;*X`KA(H($IkEa
z^SNesQ^xN7(j2C_-BZ^y?(wuZIOS_Pd#-fg38%@9tX?nO3RxHBcXEe5*;^kh{@`rx
z|DGGm)~+@)f0Vx?TI<xIO-fULA8z{fPG?2^^;bW5r)^bLoXNfLF#Cp|8_qmioyhQ!
zE&D#3*8FYr)~@}y`9RB|<sxG5oNs($iR=CCwl`$$(c1#1x7wJ>?n(dPpBw&BEVE@(
z%jI69qNx_z(bL$cUS+=-G9ilV5{p6LEOz&0HWw#q>6Y;Ccp&h=B~vcOHF!@c_v@X(
zhh(xF=I%Z5^jN_b**`L|r`aMRXZ>*#yytYXe^z>^@4T4`lCvHeys=$uIqB_8wR>ru
zE%C)ORxW>i{tSzZ`jV!d3yc!y?#(w9fApAF+OJunZwBMdKfXP4m#9m>U7+&o>6WmS
zQ<NpOz4@BF4%~8iTC+FZ%fRM(ckcU-4_r%@MI`<S_;n<<IH=y>&^nXfHw*aEc>dVP
zo>6++bCY?OgF8Qm)SbN#kHqZ}To`@6cZccmPdTbHUoxzeoHg6)F|z?%#YWy|3w(oR
zcF$0=OXRv@Q@CsC8_TkrGf$goDaU?Gy}tgz@txa5*1o-xBQ`@X<@T(rF30~RhJD@6
zwMJa(`q{eW!WOqAJhhJg+qS$-aLV4lw&Jf#euQrDnfXEJ#if;PIUW@YcKmgUFcbU1
z`(Eep`Q|pc@BcneE32tL@cqyVZvp<_PyLOwFUE;1(5UfC+gKqL_-gs%JBeXc^(NA<
z{FHr<eih!)bm8Bp2@m<4W#%TzCbTKtzAd|_b3tdMyY}6bTN7)et={jG=a#>H{J^%0
z$2puQ3Enup{w439)o)7tZwJ)b_6poINEX&?brU|Qvqd^HJNky<rK~T%`$CxJ39J&I
zJ-6TZNz=@m>A^i~nwK0~?yj-%{Ze<&du>Zw&fS}^pT*>0PE_W(-$o0U`yY6Ct8nF^
zQ@@y`82`VXQhH#^qNo7%9|7m`CfQl6Fn>^gu*AnkYX5Of_cQr7^mSL>*gVnpu5Zo8
zM<;Z3ZFaUT_~Y!f|BJKM>;wgwDZUQMe>bw7VN>!cm%KhLQD}}pQdXhH(TVNZjcZ=4
z+LLj`%YEr&m68Lut}c4I<?<u8CxKdf$~bg4ShNNvrRv(}O?8^wsVll*;qh5cCOdi`
zS{>BcU)GYf!)ltS)0U(EDkfM-iY$qIezS1m#I;@iA(xInoW5aIkyt^#{JoUvZhc|-
zl8Otagq|_pKmB(}j%BFRe!l><)`Xv%HgvDHIj7r@aHGFR-*lz!6}PQ*MW;6CrtO|*
z{3h8@<>Z`{jh!d9|I7-067!4wfBcigUlP-H&GhVjTYGlFd~e?S@_H9n?{L{C7N59x
z@7Xq`t6QSuwKiW^;u7Rltk!3=-PHa2oJ`9yMX9fs9%kNHlXzm;t%SPdGDESH_wS5%
zuUU07eP8pl<#Vcj1RuI~LGoM0qMieLEI&Wq>=(;5sjlSO`osq(S6MVOyxFqr^q=(B
zg;QKFEl}`l3f<Bj?wO$_{(IGf8{w*5wW6;)mYmT|3uo+Vw9@)1dcY{n;HgA<Uy1Fu
zg@27?4w|Oyf4BbH-TMj7lT&WEeGd%K5#Or2RetSi@2mHD`Pb!aHg5YGJEhG$X!_y&
zgNy86b;np+&XE>bIwj#;@cQeorQ2A#LXS=3yRG&v?-|phW$W_UW|TC4Zna$du<G2Q
zZTpmt9$laHcp+QPs+1BpqpdeMXJs!t#dPFy@hQtB-k+VNTkJ1Ht`)L<ne?V%6Zg%z
z^M5|CXs(-TC_ATU*Sz5LM&5sO_ib+ZIJ-5?$wrvp?L}Le_s7IfvlVskiI~k<6T|vZ
zjVDgvHfNwp_YENtrTgC&uhZP2pluZ{v!gd(b+t6B_#chH74MQ+J5`_OU+B=^!M5=U
z*OBgZ_Iuu5ZLhzZ+q^&D{K@Wp`T-9jg&F?u`OU=ouU0H!_HU*s!pkbUwd*&1Ibk0u
z)%0}6{wc3N3Z_dP?BWjpQSd|SfJfFx@jE+=n^GIIkD9Y|<dmIwEW7*6(xxS+dNq0~
zxH2ZlA9`nOAb#*>Pu<My#{HebN&y}(R9g>d2}t?vNp-tZ*)IRCIse+89$}~TN9*sU
zyDhqq_gTsB@QsC?9~V3|7rfK`qj2&=Yn%4%*L>L`+!NYNk1y)DYO{wgaqi)T_A_{0
zQ*%t&p4*8xi%;FyE?5!vT}(T6BL69uf5Ip1-)EnXk+Ys!sy=VxL6eN*%i^qLll1@o
zk(G<Qlj0nFz_{M!i|*``X*N^df5>_Az4FQbtNmyG*WUlHIn_IXWq+>p>HYshR)+Ph
z`uKf5->V7nYp?OIw%_;vi|)MnGbMfGqpy`O`n@;(N$iHXSKhuiJ|6ubBBAJK_49PK
zUo%*Zx8@w1ySSoSbrz4$2U(sPpUm{5eQq11ot(S&a!4IgT^GtX^KtU${RbNpC9_{G
z?(>VYwBDj!l30_xTx0$p9_K0Z`!^l`%Q?L>!@}BRZ_TvO(+p3u4TG-*FTT&dwDf)E
zgGt6li_fGAPiSjqDt-Qw)5n7Iz2DT3;7hu%&qaF(pAGRg>|~tDm1kbqH#6W);`9G`
zjekGxc_sW_bWfsm#7TL1IkA`Zf0pd~U(WMuf7r_AfA%$p?T((`AM^kCAN{i?-}x3E
zmEN*3>97CC{Z%2hNB*prmkF&~^Z)*%$WNgM!?Tku|MR~-zV*lN`CFTr&-_2!{Hp(b
zecj~ebMm?O{=a>*^N_E_x+5IoKI`q1ew;s4V3Ja2ex<Xem-qSix#f-<;!-#9N6493
zq$LE}p7>_G!|MGj_xF<Wp80oPzWE&>!P@svzj2kU+&=XM%Vx>uNa?h5X+5qM%{CDX
zVKcn`<>}%DUyg5@`sTxQQ$_!SdoQQFkzBV<rtYg>*V#>5e=#qM%i6Qr{a}l9?3vxR
zv9r(K-8-Y?*_p#;FNNkYd1qEkkW`fHa1uYRb+9J&US`$|>vx>t$@413IT<Ft{rvFn
zx$0+b616<e9A`}R`C9AzUu?ZD;8*{7g@cv4)Q)?4&UPOS4phDOcH*D)qA7Wk{JR3y
z-2tx!O?o~VRex-IAJ?F!-1)lD_>atcH3da^l{eE^C-zA)i13)RTuhPGeCM|IhatCT
zqvW$SoS#DHYD{XpvvcXX+g(Y@lJ~E1%gHQce4C@g6(KIT@B04A=|K#W5?B6M)iX;W
z!rjVn`!{8_Jxvx~4?-6y_3rEq$zqu#YT>l6b=_K)zV(W`UvE5UymdK8LN2GHze7f?
z^IN;=vYf@5a+6bEdYDN*TIkg&@-0u=a$)x&*Z3!`W%_4YbKIWjS4@20=zmUS&QcD3
z$7g>{IKL}j+T*d}k?prfp%u|Pxejv$dBv|ix@S$@?UvWmCcl0h)zH{?+D_XfZjax?
z{9|p8)_U%gTeCYW>41dyI_uZpSecJSq?mTdGP5t+Wm7C6Zri%_Vd*-b^64`L0{@mA
zKV<h-{kYDO-Y}0@X?*j<U#Bzqo=A?!G?Cr4#%trz9rFrQ8fMQ7c&*VqA@8)wA@4Nv
zYw{QOh(%RC)0umKd1L+A?-nnFm!;|0h&%Ay3u(CVtmlNBt$skGL8$iB2@KaWqg5K^
z7qM>o$me5b?d-Dft5VjBSxr9bxfflx$6vo9Ja4UP5LfIO&hosOE`3Sa-1h_Gxf>?T
zTv5N|Xm<AdEQbr?r`zP`>IM9{{h}t7Thw92@2wJ!Yjm@vgd7#Bg=d)jH%jXKaCgH}
zH&2y!vy^rBaCXFbOnN%aW6d46M>G6iUR$y(Z|3ICJl{=br=RRxApgLio$uM=nOCBt
zE}L_TZ1|J7=+KVoSI=a<pRWCGtIq2lwor{z#v3zhG?x9*zW04=qS4FqXOxq4gzFB=
zs(UD0+ZypBu}=50REOrA?Bo1#BBeTuzNZC5-qLTZojOzB@*a!4d|zmT6{q@#ofpKa
z7K<92H{DCJJi`0-I7gg`)c?h7e5F&9yFxAmsXp6wE;IXSP|%LOYs7XRt1g-I<K2q~
zwTe8M3hSAR-z)Mj)p^BnY<W3jPj02&2bW#W=PhSs9Er3QzrI3dPD`lI`3X6%FLuu2
zU{NV#Q<V)_WPN_B<fq9~^!%rv<TvgyX7io?_uYclH@BJh|F-!1FXX;^$c8&6Ta8;i
z+<!b+n^LuFp4^$lB@^db=Q3_<=$!K>Kq=w+Hvv(LRS)E~7lodfVg8}#$9d&d+jIh^
zpWc!x;o4DnL0tH9k!1aciO~)0&arx2Olw?HjCL2SVRgRs`1BVmiPFf|$L81nzWLJe
z^3=M$bGmw_MlbBDwQl`q<StV`d1*j@s>!FKudYp(6b^S<tG-&cyvb?BmMwK!A3j``
z(zz}4Z%U(dCHs$u)sOW)=kbT%zkQ#Z@!{K;7mX<_ksp71ytq5B{MYk`+Vg^bnEv48
z-c{o*QGR%jg5b20Uwg}D^v55Lxx@HF@{=83qR6ARhmTA4-#^$IyY4b)5mV2>>WJgZ
zMfb#%{F3>X`}O#N=s$<d9rqbB)kK;7Ie2`^U$b3*3XYVrKeYaH=aa#w6LMZ#G+HZH
z-evl*ui?YLbj1zZ8m($(i)-3k^AWXuy4ARI;)ary*$n$sLp1but_XCyT)j?}RlSLc
zw}bOc@m?L5B_C_<N=2WKnCiJ{U39;M5$}xPshx|e86G`2tn=~m;pIN9YKB?+XZ_i-
zYL=tc%|%(Ormgf?|7^#qC5zfaOwT)%y-?8M>|JubySGWP<=a`Uz%DLc9j$m{<G*ng
zH)dxR9ag*kDE_`Kzv=vz1IHFvERO!U(9TO{Leyzi-g71o*}HA7%N+D!`pKSpVOiv+
zmZNfJu7%Ej3fKA{zaHuMq3t)n(Y`r7%TirJN;LmDcq}|56rioSRQlC()3V83-&RdK
zTT$fp{&AhC@TK*FvtuQ19X+t#(b2Um-pTPzk;cU|pJ`1xubWS;Q@OoOX2!CL&i`-i
z|BG?W?#n*ypvC^4O))nu>AT*dZ(sCgeV4Sa+j&!BHJ6sp3$I<?f|D8d_LO^7h%S4g
z`ynjtR&&xO(U5{|UD`*s@lWmy5n+)r@LaKHNyeOvzlU8}xzw8v$2C6LYO!~NDRay^
zljY(wE-UJXRkOMr4LLI{YLeoEMI8;^JRPN+9{i75i#xlX@T&EvEY{pKab-&R_3Mi7
zrW|SwJ@WPZ?=@=GdEOG+xAuR0_gf=F=VR(zA(5rMR;zeL`1HQ-ZSdW)awFHXtr9P1
z-r6f(eC~G4|G(?^D(7ZJd)9qlAK<9rbZwdrvuDF2X3i%Mqxy6vl;>zIoun(dWumG(
zdtZD){qM5#ioHuF>NGol`j)vb!Q`&3v8}PKyZmI2wOk8B-G6nuZ`v8888;~)E7ztY
z_NO=d$%Lt&wAM+z<L-Isv-q)P^R%#?Q_}7I+62ru|LLoK*t$K*<08{4wlv;vb_qUH
zH!tU_H|W?9vVDf7cS!$cqgw6#k94vGjD5TukG$r+qp@s?kU(MdjGeP$?>tCfSrx@|
z`p$=sA8UO4R8^ggQ`7UlZDjV!w9C%l+w8J#VT$VXuFb0+ADwhA{nEs*i*HPrGi_cE
zuf+8l!N>PbX_n1i;rCoPL1O0buSZ4ON)7&r-gaEH<D}mWp&tE?#5*${_C~DM`ueE)
z;I4&FlFZvL9v64=`5ykD-nYk!Z4dvp`)9R|zFM(8OJ{qEO^y1~E6Hqs4}39LAY`Br
zb7M#Bv7DEEZXsU^e9vDzdi3Yfs_4k$+l?2j`?0zH+q;_BBwkPBA4{!PYAUPAA9~7s
zymZg`%sAdRJj*8PO#9TSaD2<0f=9EArCj%%(O4#Q`J0i~WvLmb_b`0jd!qbr_VO!6
zJ~HxCnG>1Zv)nJNE704w&S=eHm68y~3o~X2o;t`fAv07h?ZZ*i3Z7j&onJ2G_6q!U
z3-gP8TG}eL-;3qrUY@6(H`&sE?(JMX=gpkyo?EA$Zkg5b&*5p&!DGJ-Po*xi_BiUd
zIA)sGbny#P|64=$mWm}?WpR6J)zyDt@m^b^9i!p(=H-)>MQmx`X7VpTTUM<)slor-
zsyi!;rr+4pX5Mu9&>z(;TV}DUADVKbE#S_C3KuD3Y1{mx8}}v@Ds41e(`Fv|bn=W`
z!KcA$*0TIDN`{3kjdli7T<>c1?Dr@ha*RA~ko#kL&-$->GLrM>b9M^vwy1FbaKAa`
zMZBE6>^koqQ8UcWyH+F~pMTIxJhV#c!-e}NSUVF$KmYJlysWuW|4n$cgu7(1h2EkY
zO*!o^QZxcIg%S<oY~(gPoFeE}SN2+AaljWN&sBkDN?JQLbY53>@7hxFXjRPgEj7;r
z6T%&@EzJFF!Ka*>psnVS`~KEZ3(Hd)AC7ZL30fzz91bigP53T<ihHewM*St{ZiA(t
z>|`bjaku|5Y)E)`Zs|MSS1kFeK{k=Q)s2qNEiu(dp6+1Me>Qsh$G;Im&z01RmPY@w
z+UMYE_S{ri@cYG-bTv=AsqH=uvU6e*H*8=1Z@v4m(EqPmx{p5je)Z_Vn@>5nyfZj!
zzu(Gk*MuF@o=<O<s&2BHyItj6f71C`j}s!zYMz%Ki(&F{^vp_lQhryoxG}LqFK9;4
z$9RSlU*6sB{(Rc|!Mcy{4&QuuvGt<;k$1nJHvM}WKkw^D{oR5mzG!iZBuW1iPJC6B
z?05EnP<V4vw2MPx$}>&T?V_qv>ef9}xpQ!O|4LT%ts*Ncp3XPeU~q_K#T%3Q;>y-#
z2{+C!cMm`QynTAgBKg=a{d&B6p6|4<Jz%l#q}&OM`u0S}^$TXPe0lZa?Z?RfZx41l
z=C__&>agy2-Mn+$In#9}gu1t~`~2_XoIm5y-A9`>(-f|zeg0g;%Cpk)TMg@(@Asx$
ziBFqsEf%wzlY5%!^Alpn=W8GCF3z0zFQ!M#b>A_Ir7j!VRZpzkBRw<u_*~I2MopdU
z0@i|~j~YGPzKK~(pHWi5f48u%ZM&qwYW+G(i`V~Wb1?tdH1QtW@&L`Re-4FQ>XBLF
z7%uMVdn0H{{K9kk_r6V@JZa919U+{nL+o7qRsVBYsJ@+iNk22*^|01y;n|^&+W#gm
z(by{P<5OdI;NqhCh|7hucYe_onfzemNBaog+gnOjp7iGBUv|9Uj11pfgNc!9k0WfS
z&Ah`s>EoJX3orCUoSAxO<<(Ei<=7@YGq2j|{4@DyPLbVYE&HxS^Ji=4K9-u7@Uyqv
z(`J+9V@=LSlWtwSo~X9cHBG<OpH+ZY>eyfNbM@BV|1B*nHSfqyl}ZX(@~e6Frlq>u
z{H%^>-f`AvJLm8JJG@#~&aZEubHn%C=Q}6xJ?h-qo3&`$4%NFEf2#^UF?O|0K6yLO
zJ$&~Gs~!)TcUe-2B5M}^$Pjw7GSq&@wHK=MpZ5D6zx;0tb3C)k*{$n+%U?vBMRyq}
zx~66^)p6XOaZ=~NhxCwIMxEmdJC+%JZ9aeMO#k)k`EQrR`<!pGimI5(vBGbOi(Tgi
z?gQ(t&UC825xUrE^+GL!3!*x_47E3OeipVgR$O+P$haYSw&0}$(=9e^ywWhOKDlj*
zT|irxqi&nIRy?<YV!l=WzZW@YpYx^fHk*+dom#WAY12KUl&88!!}u0y6tI2qn-Cay
zqPLzy^i{%+2P)FijQ10kOei=kb7#@ogB?-<4nj(@|BRJ?b>_v2sE3?6sq#UcaZTX~
z(Gv_2x0~Ef9~0vKe$2V-V@9s$hjnFYYEiS>t+UgcW^6tBBjwPB<iH;jHagjur^a3n
zjlJ6vuhKVR6W^WC{5g!P_9;cDx~^E>QTyZBgnzrwJ&^Df^$y|pRCW3HSxH;UySa1X
zf{?d0KKhj#R+b4xYv<14`x^Os@n*9(Ya&nG`uJ|v=G|p0*Y$3gXY4We^5wo%&Ev;+
zKmM2}v1+<XV&3}OuS<7TrEgyS;)mPky!`09w{AA-TzSvo9317s`B&)BRhP|MHmN+Y
zU$p$xVy>$Kr_YINB=294{9G$hZ7U0Jx%K)hdFos_i77vm?V=Mm`7IBgdU0OqpTPDR
z6%YG2<}R{O*ew1;h@*Ak+Mkd8{Ds@k9A3FXe}UK$j)2H^uSxw`;jQx}IgPg#O`U5s
zUsk4~B_&jj_pje+&lKT{jwuf{PPe!vE<K{vQ@e16r_2tPUh{D2-?#SEEL>ap=vqKq
z4zH=0xk5{-%XOm{u1fKTnWmd@&W+o?I(z^8c`=g`cC9Wx;j(UxUb=hut%B21*%s}F
zTurb1?^Z5x+h-}%Q7gN9gTR5N1&M9f=H6G4`WLQn@DbzYxb;p)6;+<L?c2P0acQ-b
zPjJJ_7Gr&*{bhR!;*uFGbe`siGm8lqZLQ$hqpf=N@~-t;q|UUez6$d@!fkqHj(dZi
zHqTutp9{Q_AD_lwUO4C6QW=){&Rdr3O_2_>|CcZH|K_&~$L<)Z<?&eGFPLfA_WbDo
zYumrn{7H{}Z~Afme5Kka`F0Wp4TZ)j#}lo8y3Om8n6ZKPlg_6W7rpG9<Q01AGSZ1J
zmQ^NSZuaHwy6FF^KQCdjR<O~3-`Cf^v~764?7#lzp32Yl*{f&I{vW+Q&h+zt&r9wR
zbN2=EI{jRt{!{*@)i>Rn8(g1lZIrgYA+vq*8yya{PkB7^E_~Q<J#3%lyh7O@ACG)^
zP?CMPGA;GR+jiq0wt2rl+U+dJh<5(g!}rffxrU)OXR%u0(>R5?`+B;jQyl|TJ~A19
zRL}cjEHdf-{HRCbf8Ou=`d@$Fq@U;It{(nBE!OSppX=s{JI|l5|NAt}`2T#Ri`$zG
zxAhr*SUc14jc0Ym()QzS->>nB?ETKg*HKV*Au#lL#P8X63;ZKf-_O>bCcZ7|Bg?bx
zxqUCSV@uQ?Jr0`?U-7qmeW|{}h3{FLHEz0Bl$X{Rn0K>IzCE|KY@N!ljf)IyYSIdg
z@;$``6Wmk8CjPk2b>xDZZH`!P-D-!fxjIg7-sBzPImtM2yIgU@&F620PwD)Y-n`Z+
zcipF5vt#-%zOii-3RRY>*6n&2{Mu9X^R^8N87HN`N*rgKZ@nc*^oHTF)pc!wtG_=x
z^zYuz4Zhni*RQwXezQ^jri6g?istX<_%9S4+4f=jryeGzO^$kpGsONy^<4XXpugs+
zWazr5f$C3wG8=9TmQ3}Pld(Eubi;Y_m*0NV58V;BuqoVfW<ll;?N8G;J)8JPx99$W
zd2D_u-8*j;e?96}c3|?IbgK^4+kb5KZ>-;cF7ng^|0lPyoaVidPWW57_SNhiOr@rO
zpU#_*fAbzs<G*9ILA_D;-dx(Z<Zi%zeZ#d{?S38C-Jh6xU5N~w8es7;FxRBRUD-ml
z;yUXhmKz?QMC(mXO`ntYNrmyyF6o)ui%UY+OJv`Cd-#6QgDHFr$7Z{qOG}jR&{WPa
z?C-qkwkoWIWy8yddq2dV%3h~^WnTT8vNF5B$<E3fT`tw1ylh%-&S&Roy?gWiMW?>-
z?TviUZG0zVS;vy}390uNre8R%``6#1%;ZkJ(mV4%(>~0eU$&q5{NV}))4Uye4}S$&
z%-iE#cKpq@_mkAk-vt@3u}(@ZI?iNq$MEx9>-#0|c5r>-)8&5mA!}QtV9MUDQ!I@N
z*Q8{f_~xfFf1cmM{LBBc%L4CjP2ZAs#QTSob$7v+I>yN@YPN}9U+ur0_}I~yw&I`q
zm%Xaf4Bh{)-v27^>0A4%+h>2j_n#E7Wi5{kzdR>Tc-c&;>D+rnjd%2QTFRu<dT&{)
zoiY7Qg^P{TF|Mn!>rQOyjI}v5fqi0-z{9nRr!?)F#S}2xRq|`J$Yv)tVZ$z`q^|WJ
zo<DxIz0JjGq2U@u=Z=yl-%e&5{lni)CUDlcnRc$p+p~3|ePP?y)irN_G4p&+VskLt
z#2i#QOZ9IWd$RhG-FhDv^ZzzGF1Amg@BCvYrNiO-$~c_V-x}C=9M|S~u)C;RG<16G
zm7vD^-xcpHTUCDb-nXs^w*P{-9ITE{D4HlCzvTa<E{}*8R>|sK4^NoyyLh4~^h54}
zDjB2jozdzYNtad6pIo=ZjYoT;XZpkCOt*_|d?GLHsz39`|4IFh%nR|Sr~Na1Qy(Yx
zrarE0yY$chBAqAdtEP0w%-r(eai7MKOPXDJQXMRp?GFlmT(Lr7UEu#EN_Jb$uFQ>I
zY~bC=&}Md_`$+?*jQLg1<#Q~1ethv=E|9ZMx6tcvTf6$l!=01o7KcCkYO3S<XgTx7
zC;q2rW!oovJ*(&U=lr<D`OW9U`tO8J&oKYLy?Xtp-}~Q{8ULTJGS%u0=liq8?yG&4
z>@WK?tzx!am!G`p^ZwP_fBt^)_Kfngw`YW(F5;P>dNTMy?oH$SO_O<x4+II7>%NOk
zeX(ny^bgk9rjD<ChR4(2#Z=rX-`Mt2o$Yd>X&cX$)q-;hnC`3V#g%xfy^HRae(?Xn
zlr#1FvVZZ3H58w(*Wdp6_5U*e{Ad4zmxMktzxzlmG3D^;H`*m0>hn8`4c_@)?J?A6
znDn=vN&U^rnX;Bu+umuv;@0H2Co%Q;rD*?2ccVgA)N}2ub*hh=GsVj&Gy2Ll-j=CS
zyy~m?B96qlynVOmt-_<_-wxQ^dRzQ%PFtVNp%3!enro_rd+&ypJbAsLVuP-t@P6r@
zTXomcJXoBYxtw>zD{h$V`S29$>X*M#j4w6qKXLFv`9#)=Swi+J*VSh4o?vLo%zu#a
zb4|hPAB8W@txz}2>Mv|Qre`=)^}&TNA2b`I?d9%iD1X`8>vUVTG2&b2?ai;X=K03V
z`^%B+WMo{B`pU(;OHy-PZrc;hJfoZh*M_FK9-;p}B&+WEn0)=v=>v=<S9ugWX6whB
z3GKf+EhAB`Y0k0#wi&!qv%QV~Pf7pwz<7C|j)kR7g}<Xf#L`^8lLZOUcO<t@6ghC>
z^`qZi`+ior|L|(t^HkNb=lj(3`#+RQ^bat0y#77^ac841^9Cc~GR?k|d)5dVmg!i=
z9^YJ1%8>Ko?c~O=Zo7j|Ppc>hpV@!z)s-b`rYk*tvw|ki0x>gZzO0|^w^N1T0|Ns9
DA$wvy

diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml
index 27d53063c3..d13e63c803 100644
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -346,7 +346,6 @@ services:
       OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
       OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
       OPENSEARCH_PASSWORD: ${SEARCH_DB_PASSWORD:-admin}
-      LOG_LEVEL: ${LOG_LEVEL:-info}
     depends_on:
       dbrepo-search-db:
         condition: service_healthy
diff --git a/.docs/api/auth-service.md b/.docs/api/auth-service.md
index f6c32497c7..40ad6d8fd5 100644
--- a/.docs/api/auth-service.md
+++ b/.docs/api/auth-service.md
@@ -19,10 +19,37 @@ of immutable properties (id, username) is mirrored in the [Metadata Database](..
 
 ## Identities
 
-:octicons-tag-16:{ title="Minimum version" } 1.4.4
-
-Identities can also be added in Keycloak directly. When requesting a JWT token from the `/api/user` endpoint, the
-immutable properties mentioned in c.f. [Overview](#overview) are copied transparent to the user on first login.
+:octicons-tag-16:{ title="Minimum version" } 1.4.5
+
+Identities are managed via LDAP through the [Identity Service](../identity-service). The normal workflow is that the
+[Metadata Service](../metadata-service) adds identities when user register. In some cases, where this is not possible
+(e.g. in workshop-scenarios where accounts are created before the workshop starts), identities need to be created
+manually in Keycloak. The recommended workflow is:
+
+1. Login to the Auth Service as **Admin** and in the dbrepo realm navigate to **Users**
+2. Click the **Add user** button and fill out the Username field and assign the group `researchers` by clicking 
+   the **Join Groups** and selecting it. Click **Join** and **Create**.
+3. Click the **Credentials** tab above and **Set password**. In the popup window assign a secure password to the user
+   and set **Temporary** to `Off`.
+
+    !!! example "Create user with specific id"
+
+        The user id is created automatically. In case you need to create a user with specific id such as in migration
+        scenarios, you need to change the `entryUUID` in the [Identity Service](../identity-service) by modifying this
+        protected attribute in `relax` mode:
+
+        ```bash
+        echo "dn: uid=<username>,ou=users,dc=dbrepo,dc=at
+        changetype: modify
+        replace: entryUUID
+        entryUUID: 506ae590-11a2-4d2d-82b8-45121c6b4dab" | \
+        ldapmodify -h localhost -p 1389 -D cn=admin,dc=dbrepo,dc=at -c -x -e relax \
+        -w<adminpassword> 
+        ```
+
+4. Finally you need to query the user info once by navigating again to **Users**
+   and search for the **Username** and click :arrow_right: to search. Click the username and ensure that the 
+   **User metadata** contains the entry **LDAP_ID**.
 
 ## Groups
 
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
index 173b3ef95d..4be54d5edd 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
@@ -372,11 +372,11 @@ public class UserEndpoint {
             log.error("Failed to modify user password: not current user");
             throw new NotAllowedException("Failed to modify user password: not current user");
         }
-        userService.updatePassword(user, data);
         authenticationService.updatePassword(user, data);
         for (Database database : databaseService.findAllAccess(userId)) {
             databaseService.updatePassword(database, user);
         }
+        userService.updatePassword(user, data);
         return ResponseEntity.accepted()
                 .build();
     }
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
index 3c2ef1340e..bb3bcbb094 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
@@ -191,7 +191,8 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
     }
 
     @Test
-    public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException {
+    public void updateUserCredentials_succeeds() throws AuthServiceException, AuthServiceConnectionException,
+            UserNotFoundException {
 
         /* mock */
         when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
index 5a4690892f..5becb9225a 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
@@ -109,7 +109,7 @@ public class UserServiceUnitTest extends AbstractUnitTest {
 
     @Test
     public void updatePassword_succeeds() throws AuthServiceException, AuthServiceConnectionException,
-            CredentialsInvalidException {
+            UserNotFoundException {
 
         /* mock */
         doNothing()
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
index 71e30fb860..94ea986f78 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
@@ -40,7 +40,7 @@ public interface KeycloakGateway {
      * @param password The user credential.
      */
     void updateUserCredentials(UUID id, UserPasswordDto password) throws AuthServiceException,
-            AuthServiceConnectionException;
+            AuthServiceConnectionException, UserNotFoundException;
 
     /**
      * Finds a user in the metadata database by given username.
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
index 38045e0399..bce9d6e264 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
@@ -161,7 +161,7 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
 
     @Override
     public void updateUserCredentials(UUID id, UserPasswordDto data) throws AuthServiceException,
-            AuthServiceConnectionException {
+            AuthServiceConnectionException, UserNotFoundException {
         final UpdateCredentialsDto payload = metadataMapper.passwordToUpdateCredentialsDto(data.getPassword());
         final String path = "/admin/realms/dbrepo/users/" + id;
         log.trace("update user credentials at endpoint {} with path {}", keycloakConfig.getKeycloakEndpoint(), path);
@@ -171,6 +171,9 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
         } catch (HttpServerErrorException e) {
             log.error("Failed to update user credentials: {}", e.getMessage());
             throw new AuthServiceConnectionException("Service unavailable", e);
+        } catch (HttpClientErrorException.NotFound e) {
+            log.error("Failed to update user credentials: user not found: {}", e.getMessage());
+            throw new UserNotFoundException("User not found", e);
         } catch (Exception e) {
             log.error("Failed to update user: unexpected response: {}", e.getMessage());
             throw new AuthServiceException("Unexpected result", e);
diff --git a/docker-compose.yml b/docker-compose.yml
index c2927c1c65..3c78d4d9e9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -403,7 +403,6 @@ services:
       OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
       OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
       OPENSEARCH_PASSWORD: ${SEARCH_DB_PASSWORD:-admin}
-      LOG_LEVEL: ${LOG_LEVEL:-info}
     depends_on:
       dbrepo-search-db:
         condition: service_healthy
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index f96cf27b47..2b18ed1422 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -306,7 +306,7 @@ brokerservice:
     ## @param brokerservice.ldap.uidField The field containing the user id.
     uidField: uid
     ## @param brokerservice.ldap.basedn The base domain name containing the users.
-    basedn: ou=users,dc=dbrepo,dc=at
+    basedn: dc=dbrepo,dc=at
     ## @param brokerservice.ldap.userDnPattern The pattern to determine the user.
     userDnPattern: ${username}
   auth:
-- 
GitLab