From 238d60fd634ad3e602a0972b8e9641d7a94db4fe Mon Sep 17 00:00:00 2001 From: melaniekung Date: Thu, 7 Mar 2024 10:31:55 -0800 Subject: [PATCH] Add LDAP docker configuration. --- admin-manual/customization/authentication.rst | 28 +++-- dev-manual/env/compose.rst | 114 ++++++++++++++++++ dev-manual/env/images/gears.png | Bin 0 -> 1673 bytes dev-manual/env/images/ldap-config.png | Bin 0 -> 26589 bytes 4 files changed, 133 insertions(+), 9 deletions(-) create mode 100644 dev-manual/env/images/gears.png create mode 100644 dev-manual/env/images/ldap-config.png diff --git a/admin-manual/customization/authentication.rst b/admin-manual/customization/authentication.rst index 8a7242c0..4e21c91f 100644 --- a/admin-manual/customization/authentication.rst +++ b/admin-manual/customization/authentication.rst @@ -139,20 +139,31 @@ Enabling LDAP authentication .. _LDAP: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol -AtoM can also be configured to authenticate users using (`LDAP`_ ), an "open, +AtoM can also be configured to authenticate users using `LDAP`_, an "open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network" (Wikipedia). When this is enabled, users attempting to log in will use the credentials associated with their LDAP account, instead of local account credentials, when :ref:`logging in ` to AtoM. -Enabling LDAP authentication in AtoM requires manually editing a few AtoM -configuration files. For more general information on how to do this, see -:ref:`Manage AtoM configuration files `. +.. IMPORTANT:: + + To enable LDAP authentication in AtoM, manually installing the ``php-ldap`` + extension is required. + +Enabling LDAP authentication in AtoM requires manually installing the LDAP extension +and editing a few AtoM configuration files. For more general information on how +to do this, see :ref:`Manage AtoM configuration files `. + +First, we'll need to make install the php LDAP extension: + +.. code-block:: bash + + sudo apt-get install php-ldap -First, we'll need to make a small change in the ``config/factories.yml`` -configuration file. You can open this file with ``nano`` or another text editor -to make the changes. Starting from AtoM's root installation directory, run: +Next, make a small change in the ``config/factories.yml`` configuration file. +You can open this file with ``nano`` or another text editor to make the changes. +Starting from AtoM's root installation directory, run: .. code-block:: bash @@ -191,8 +202,7 @@ Change the ``myUser`` value to ``ldapUser``: user: class: ldapUser -Exit and save your changes, and the clear the application cache and restart -PHP-FPM. +Exit and save your changes, then clear the application cache and restart PHP-FPM. * :ref:`maintenance-clear-cache` * :ref:`troubleshooting-restart-php-fpm` diff --git a/dev-manual/env/compose.rst b/dev-manual/env/compose.rst index 4f3cf7f8..22ef08e7 100644 --- a/dev-manual/env/compose.rst +++ b/dev-manual/env/compose.rst @@ -4,6 +4,10 @@ Docker Compose ============== +.. |gears| image:: images/gears.png + :height: 18 + :width: 18 + Linux containers and Docker have radically changed the way applications are developed, built, distributed and deployed. The AtoM team is experimenting with new workflows that make use of containers. This document introduces our @@ -90,6 +94,10 @@ It's time to use Docker Compose in order to provision our containers: latest version before creating the containers. It has to be based on Alpine v3.8 or higher to be able to install some packages. +.. NOTE:: + + To enable LDAP authentication with Docker, please skip to :ref:`docker-ldap-auth`. + .. code-block:: bash # Create and start containers. This may take a while the first time you run @@ -195,6 +203,112 @@ stop and remove related containers, network and volumes by running: docker-compose down --volumes +.. _docker-ldap-auth: + +LDAP Authentication +=================== + +Docker Configuration +++++++++++++++++++++ + +To enable LDAP authentication using docker, we need to create two new files and +update the existing ``docker-compose.dev.yml`` file. These files are required to +create a network for LDAP and to configure users for LDAP. + +First, create a custom network for authentication in a new file called +``docker-compose.auth-network.yml`` and put it in the ``docker`` directory. Copy the +following into the file: + +.. code-block:: bash + + networks: + default: + name: auth-network + external: true + +Then set up docker compose to use the new network by appending the following to +the end of the existing ``docker-compose.dev.yml`` file: + +.. code-block:: bash + + networks: + auth-network: + name: auth-network + +Lastly, configure LDAP credentials in a LDAP Data Interchange Format (LDIF) file, +let's call it ``config-ldap.ldif``. The following example creates 1 user, ``example``, with +Administrator permissions. Please refer to the +`LDAP documentation `__ for more help. + +.. code-block:: bash + + dn: cn=example,ou=People,dc=example,dc=org + objectClass: person + objectClass: inetOrgPerson + sn: example + cn: example + mail: example@example.com + userpassword: example + + dn: ou=Groups,dc=example,dc=org + objectClass: organizationalUnit + ou: Groups + + dn: cn=Administrator,ou=Groups,dc=example,dc=org + objectClass: groupOfNames + cn: Administrator + member: cn=example,ou=People,dc=example,dc=org + +Finally, we can start AtoM using ``auth-network``: + +``docker compose -f docker-compose.yml -f docker/docker-compose.auth-network.yml up -d`` + +AtoM Configuration +++++++++++++++++++ + +.. SEEALSO:: + + * :ref:`ldap-enabling` + +To enable LDAP Authentication, change the ``myUser`` value to ``ldapUser`` in +``config/factories.yml``: + +.. code-block:: bash + + user: + class: ldapUser + +Clear cache and restart ``atom_worker`` for the changes to appear. After doing so, +a new configuration section will be available in |gears| **Admin > Settings**, +where you can define your LDAP authentication settings: + +.. image:: images/ldap-config.* + :align: center + :width: 90% + :alt: An image of the LDAP authentication settings + +To determine the Host IP for this example based on your docker configuration, run +``docker inspect auth-network`` to determine the Host IP (``IPv4Address``) used +for ``openldap``. + +.. NOTE:: + + The Host IP value is dynamic and may be different each time. + +Other values that we will use for this example are as follows: + + - Port: 389 + - Base DN: ou=People,dc=example,dc=org + - Bind Lookup Attribute: cn + +.. NOTE:: + + Although we've defined the openldap port to ``1389`` in ``docker-compose.dev.yml``, + ``LDAP_PORT`` should still be running on port ``389``. This can be confirmed + by running ``docker compose logs openldap``, and you should be able to see the + defined ``LDAP_PORT``. + + Connect to AtoM =============== diff --git a/dev-manual/env/images/gears.png b/dev-manual/env/images/gears.png new file mode 100644 index 0000000000000000000000000000000000000000..d0879484460e72938047de32e1846b949eb6c822 GIT binary patch literal 1673 zcmV;426p+0P)% zX>3$g6vuzl+M)=h7%f^26qH3#LB&Kg5{Na%Xx!=s5`!eDsGuw{#$Yf;C2ql#7$b|u zeTlf62q7YVa2F_11VmO9Ta8peAO$;qIB(?j&fVTJLkIuK`7-a^|2^lt`|fhi9Vks) z4{Qyj)}Yf3SPtv}?gb7nj%kI(X}~fd84J2nxx5V+Q%cTKSkPZRHBcFadwfv#b~vf|jC8WtpM{{pZ(4MPqV z%7M+qd;9G`f0eM*M!-M7XEEDu1%6V0%p@`g1^^EuYp$u&$-th3{p4^8unHLoVXOw` zBM#OAV}bKD?I#3!sbN0up?674?!$m#z<6L5@G|0{%Ku!Tt74``cRR2Um<`+kToBW? z|InoAM3reVxxez@{sz7CIV|+xh>bE}uSW;Z#N=P^!9CW&agK|_GzpdiQ<0(9)u3|% z(8a@%ftF`|fqB4X9y~g%bUbg0L)s1ahyzh-0#4HCosatsWr1ymey&8m$t*IvPf(uw zjDWKozEpc~bU+W_bB$6f9p6#~aGz%YvcT|A+e+X`gWlwb0hsCtz~xZ_&>cBhnH1ZR zPvU-{C4%!gSq0pJdvd!ou;+1P^w@NN0gg5}-vwCVXum70{7DR_3L)*lxR4_?$eKO| zcvGXlg8WakhK`?cPMVNqwH~M=v=Lm;2^SW+nU};3>pS9Rl zXKA-P=o4gFwD~a6768c4rkZ3iaH5M0$hx{|S4ZVP`J$Tn+&rx&%W*~1o*T$44o1$>Ph-3IyA&$9>eBEKB2{p*aG;}i@Va;Cdk-`k`&DXZ=}#?TnOjf(C_B>AE0?Z9yy?vA_#-~D+T@O(hp8@Y;B1q?!J081lqWwEEM>MZSc2YrGh zL~Kdk+iU^Q<=u-dQ!MtmQeyi_kP@?9Ei0z%LypZl6f7w^3jH^8u;dSj z=mbuyVmkk)S{TXg1k*U@r->}^p62%+z(tzh_am96dBBJ0?xC3YN28ylS92gGom?4oM*@3h z6S^C(C50=9=X_2Y zi*9ksNcyL#?Z`Erl0-H3zr#%iE=I2W+4Qb1vfZg+DCX-s>dZdfpqHiNNwef|2J)w= zutO`+4{J5M{WI>JV@V)`oavi^-;ivv4&9JV*k0fvm!zD00000NkvXXu0mjfGm#t` literal 0 HcmV?d00001 diff --git a/dev-manual/env/images/ldap-config.png b/dev-manual/env/images/ldap-config.png new file mode 100644 index 0000000000000000000000000000000000000000..32375dd43bf48e4291eb5ce977bbcb4d32d4facb GIT binary patch literal 26589 zcmeFZ2T+q;v^E+)3n&6AA}RtZA_@Z1J5do(ks?)U1nEfV9TEir=_1kzL6P2s0HH@j zdT&B#p-2ye8VDiD|AOC~^ZzsV&fJ+h_n!05z3&VI?00AFvesVfS91!C1%g=iUbQuk_RAi3!5P zeHRK?9hy8LeZN(+;vbdIWF>x0v3XjVj4r*!pD9wD&u@0O;z`zg*w}5oNxjtos*$ty z_?dAxKedbQ7p^E-Upqin3GbS{y>gieLm-oC`8zwSI<1J^?o9fqfu*`7piPR?@dT2{wWK-J!eLS0c@;i7dJBB#z>{&iFhR&xY=OK0L=Gp8L zC`{Q?_Rgi4JQPLTROGEp-{VySqN?0Ao_b#p=m+6xb*dfOb;z$=U%B6sIDAk~O_mGC z(@im^Sz)e|#NzkXj)6e5+e(-eh|>_`Cd*v6Kgm zx2zmRl`>m7ujA<6(&*a zJ#=%6Q!uyl(@DoFm59TP%3t&@D}Zw3VXnpE!M*AAAr1VZbCs+xN$A;Iit6Cw+33KqMPekcPg>=J8K`e@5Mhu{h8_8C1yf+?XQyLiiFYuJ36Qy>&icdKy>3wLe_=f+9jqMAK#ZuoOY z1LA(KjyBjO$jR_xTu6T$T&6)&@b|g%({gC?*Vlr+r%6o#y>M!_ZD3=bUp3!u6OP^E zM_PgV`>(NId$^qyIm7f`3WPLoK&oft89rU&{M6EIv}sOT-=9nl#vsyWF=5StIQnBo z)D7Hw_#34O$MoS+OsGEBM!&?~x*Vp1Cx-IYqOyy6^&AR3nM&#L{YYuXASWy_aaPm9 z8W;&rV>hq#maz=}(fd|2)m!^uj}($~Ght4*?m;J&7h#2AHTX5_I$*^V<6D0v-egCS zx1Y@Gcs_zK=(hFy5yjjwT;kTPLjFrMCt3s}AzE{AcV297^#sT$vVi_-*V_I-lwOqp zT3(Hk7q1guSG4nXXd~{RTjB>Pg!3cit(#cYS|(nSl4&%7m%M-iHwEG)wSIL$w)>}; zIOX-XR>P)6UB#M(M%B8KC5y`NvaGVkfFjxnQN{>Moj zNkKc}iYWIGrft;31h9eJIPs=+q@jtHvC|vfsu zLCtlzoZ!p=2i-~1w{os%49+>DP}d6nsJY?diYqR;-+T^DC*jaB>iWpxAjj(q>+>6$Hiiw1tJ@z3ZxQ6j%-~lq(Gn$a*j&sQRa_HP z3s}geUHz|B+^_mhSlyPa={1^qnprGsPZ90D@Xs#Sa9Wz2ox!{7zl0`bGgi{rkbbfn zHkU9iEoada#iM3%loz^kDwj*AP$cFM9qYHtJ8m30qw)$}imEBYrqbRw_#P|1i zdsx~4qowSz^hxm_gEntdj9c<9-^dQ~9`nUKC#@XYjGp&2rGRd=IzPkkQCB3#&rj`} zL98*?Z8is5)Nlou^VMO&LfuIsc1@=#SExOvAL6fcA8?&}f2`O)UP9{E&WwB;?91N3 zQpTl)aQH`X4fS;hn)Bc;S)2stB>t3$yxxEx{!=VQNQNx9DPq+@IgX4dg{$*=!STqR@bF;IgQcWQE?hc_lBF}ZN+jE>}ov?0Y;hyz*UtA5f8+@MahI|ngH1(dDfVHK(|G=iuc`f%obmNN# zN@8Jtj(=!A=1TI%%L{uh&ciMfYla0wMM;x=PX39{Qz(jNF=lm-5^v5lm^w4JG;K$J zl&#OTkP4_la5TIO;eN?BCM^g1AoV~{LFa2T_gT=8(gQK5E*EVqj@HAbx+|+LfyMEq z;OVZiMiW+d*NcNM2$R{CP_!j+b)S(T9I-_&WtParX@NN0eh$uu4@Rh6*$@QN|3Kk;GzgM))!5<}YtJFuQ1yqo zTOq8C1M#&|Kd6ew?2{>ZLZ*Hq0zEs;m95kTLyngcjt$w}BIO2;e+FdU6&9>`7>6Ma zNwY^ucNkF?IJ)7kzd`XuUjFQK$0WeZ*U zrpkIu*j9>OlFq2Ev<2Z>&rpR zqRPp7#u+BA@dJ8WkEI|VCld9y=zSbzJ+svfoziujRAWBYD`bZFlZM~CKL%nn@VCZ% z-kJ>T+0Q51FI%VN!qQ7NHl9;CshKyeXj}96=$&t08T#RpO->c^H)iv5qnwK-MIA?0 z=(dxpy(6i=>PcMbUoi^e!l)6a(?8zRFDytjy@&lw?bSwDV~U&_--p`ooaRB+!dARI zQD+PX{?JIw_Ctyxzs|01jS&kUJ+f%FKPQ-`uonkXP)z z%B4hPBA4+o4&mBr`sbvQS{e?lLTYLxj2Ft(lVU}nO{W`?jbB;Pkk@cvE$FCadEVZ3 zOvcF@%skt+4xT5FB3uuvhR*AZaz3m;06sZAJ*;3P_3O4+c&V~{24)%zYg!P6t=w~l>c>%JbSEKMb(O1S z)Sd||SnX|7!ND}2UBAXtD?K2gP?WkF!5YI|A{`l+3${)z@vzeo4avS}87W%dH=S6X zC4KR|0!qR3z}GtPMH+ghjm@>aX*$_V(m3mmc+m*9&F-PT1uR5K0@gLzCc%~SGCx%U zxA6tC)h>Rwue=UzA{Wrusp3@9b$)xtV>!&TlYKXe>cI9et&BPg9=(=28hIZ8r!g<$ zeD>b%CD#Zb=GnfbQ2^J=!i8MjwP5&#fz_r^tX)5`#Iw=={1}9keZHrkx;3u7?^??p zk4Fr(Jl(BnhXEnpCwF~}BV~B*kBQjinaMV9m7x!I3)dP?PBSGi584ttSo$TaM>5)V z&psu;so$Zj0V7N1vG9w(FgG*5et_9dp_c4n`h*-zt_*kYmuKB^$Lr?D2%GQ`?)$%X za2b`uWWW-@+wBj<9J9SnfGhkVzjntANX=o5FLEa6kH1CtUV#p^t?StHF!JI3@B4{Y z#p8M^Kafv-p9A@2P*ISc9S*!;5!;=Y4&797CM+b8GWcsZY==!?p&LJU?pfZrw8kR0 z^$+_hN2b%R#-(;Gc-~7Kc`o6Kr)u{fj%G|s4LDBnz4qa$CC5#>(($P@$BuDrkG*N9 z7GEocS4fi+s-fz$ufqEFNILpUrt52jPv8sBhq=pg4~R>tPiOTGrk0?itB6W-#n0^* z`ggJTa`6O5Kb-}RNMR3AwL}cTOJ7MX30HakLcc@wE5sY?hMK@_$9kz+hi_mzaV|4Z zB)h++EKC;0$hX9yYi%qKE5dOWTy;I5kSZ>EvbxAjUl`8in8|k>F7QP*bdw0-v zwe`{3ZjjxB3{JD`up#uDn&M9CT4V0rgwFG8&)&3iG1V!QE2XW}a^vRti;ZPWzPY46 zG(9_;TY)7sxSxv~!|&bxK>CtcMRP(>vUW8&eO6;VgDVX~!tuqm_@CTFtfT4t0sNkG zmHFSnFxH&D&Ci?W=H3@#-^`szbD%EqCwvx+O7|y{VY0fAPH&el(-C#6tb*l$1JALy zc*>D8hWGS&VvjmD*#ldm3<|4)K`Q3NgyHS-Zt8F1L!#`L&Lk;l5bU=9R?t8kya5PQ z)RBm5YD3|@xFpPue2eUsi3J?B{zS>TDe!o(f^eBeq{1KLIOL9pp`K~zfEvST$BY+O zIP-e&p8L}baT=RuL|J4)iOUJUL<-as3;Vo%^(}v~UYY3|;E?$mQGSFB8J8ORMn{M2JFaGf(L9Jxgy@~nEwbT(giq2MysAN&J zzK-LoWdX9giXL-f5v@Lipf@;A|9kn|#R3iyp8WCeh!oz()rk&$_df+@`B^0P6OO0k z(pq7lbtBl-t+?9rG4FFEUywm|UxKj&tsNocZ`bpjQ8WOi2p}b7RcLo-0}6Wb;YJ5J z?wN_;R01`Lt0@2LgCXB}MqkR?y^y_3vemDbo|qJajftp?l@Pw3;u4Mc=C|D*318MNT-vCOrHEt8 z+dcXJoF+h14TtFVhL-7n+sTTnP!C47F`+GbmoVE~NdUq^ZU110C!%YNoes9olyZTV zKOsZ>cpmjZs$@mR(ah-*SJjCtIwY=Ik%i)u%~ysjn7b(Jg;G^Jq#mwPWwrhU{lS95 zE8O?I=MIG0`X{!`chJY_nK4At&l@-5#eKkJ{@rewpA*BqYK)r>0|mg+^B!PmV`1-@ACWiSCie!|v4l<3<&%;G8=ZQi8+R_~)k~Hq zkPWVya6WACJCXg8;~^UslCgRbo`)1U&|wJMSJ__de- zVV8Yy9x8Ris7L`)#&6%W%%SuM8R9eN?@%i`EA(q-0XNN=hMM@k#>o<2yWe8!k~Cdz_r+k&&8@rxMsf2*bq!3k z-J}D{l9ImE$&`r*7#k17sb)uWV9SLTHWl+H%L>~^m2xZX0}DJH0>VvPV+N{!7HqH# z^K~63w@0*O$OcJ@I=Z%1&EhylbSD?e!H=&*PqEK)UzXmVBfX|`6X9ww=T+$i7%?~A@f#oY+y~-}?UNoWzynx^KD-ez2+F=v7U%A>b zbgVwH4WhliHgcDXwZ`WqvDY4+;=bk3SSkHDBfSkG?=d=WKCDXE?)0^FnB>~+KJQP2 zJ7Bu@C;ZG(Vxtp!?qe`cH5FLLkp}CmL=Ddx^PG0Q?s(~}ygL(rw&#Mm7vBuub3{~5 zl+SRuHe(PA^DVedK4&^)(K5Z=WE5Psr;S~*e6o8pU??_C6w*8WEc?AD*s0d2VU<1w zp36g?#_UC+ovT;7L{q4+cC!h=6kN+tYncRssvW#H~FGpOhe80Ur8r7XRy zN$Q-)t>qfCsux50y+vxmWEOTpJ1`!bF@zh;J(Q^(Dev?pzv9=#aIBXPnO!@cLsORh zQ){22pnrWdKHYg20YxqU7#o$&w@&41cqo(-m2PIDXTLk?5oQlxshT4jM?hZ| z=c-OVTb%#XQvdrf@tn>0xRD*5K_{ov1ZT7Wzpeg5zzW&3V4r^ZKy@fqU}nT;It^_t zPZTQd8jaaOo2Z;Qv*XDx#t?n5`lIqZJc8y> zx#NSd#5liV@HluqwpJW{O-O5LK(s)+II;5mhO>XfYxAoQ*v8%%?nKo(YUDF2jxKzu z%;t@b5HUHo7KfKS7|T>Zpk=LFqGns-f|_MTwnGT-)|^W=6cKd>vq5);2&35sMh+eh z5vxU29k!GUVokgrt9usurqqp}7Zis=+`|skgm{4l^ykjMVI^T^&ZnNE8O`dMObT~6 zoj_P%BrCM9nOII16(ZMK!CE;wHDl_8sQVxtI&8FZmqU9j3A7x8MsaBkzxT{O2I9;Z z>AUZ}KgNW)bj;>lD{PQ`5@3xnN<|sYTZ{S^VKK*gH9t~vG(LktdpDA~7!7vd%G$x;&gWD2g1&&>JxFvI|LBDVGtxIDg-m}9V zGwMb2yaihc_$B`9+CP3_lfi@DBG}UV51*@unK%i0asdl*jm#Hf@0^tQ_f;hJKVC8GFb}I7&$+aw4QvhU z0GkEC9uDY1DG;O&pIiU!3j97Dv7H3U;bs%)2bZ{Q|2K90g$aCdPR<&sEg=?&Fh8#6=s`g1Pc zuU@4W56>YEyP%n?V@~qKkCX^1(;o_a8;tKv5;fln2?-(Z+rbGI7`=RXIQ2k&cYL70 z03~zv#$hec)q>5jjk z;i?$)(qkN|p{hrjkvXxS2Puj)+qbP(e+aTm4rJq#v_C;u6AJQ50; zGP1y=DH2m`1!3F6qOalSgTW)hyCuIXqL-qe;7cZ#%XYE72m)l3?QRcO-(*Hpnqb6) zRt3s^Pl!bpebH~#a5C#>{joyF=(VZuX6`8z)&vC~NL8WgfP4sM+jUa~5z(p7<-O#!GmxII_9nWlntrp zGUejG3s92R&)Ulw*Q1_ea=J@@Oq={1Fqf@3o8z}V*q<@%BFN6g_$&;H=+}Vy4F;N2 zn8vIL}P$E7t1#uR53v?%pmJc_G6+r%k-VpKGe+sgL?g3yZcM7GPv?gx56g676- zqj!>b)175igG}Q+b+^g+RW))Yjgc8asNEE%jr5we)ZNEyHHrn0Vc5X+k(`6`Lpel$ zXQ;t+7XrPFy97V=$)|#2Y-=rR$1~x`u6trAK5M0r$`Xx&eb;yFEby(ep``=%5QgMc zOcHU#abEti*X$SzVt3-n)j@$(w3__OH*sUy)vlDbk#HgoVO{R0QHpEp{6~Uu-0ii{ zL;?5c)^81Z`fkK!@mk%v;o;2+)@EeEckifkA4MLN$TS~tzE>bSLa$x@RFl2UJqGow z_FRZO-Y6h?{iSOX1*m?JDDO~nJ!wupAp?0Wl-dBZ;45y*u}dh_|0Y{b`^6nno{f)Z zJy+)N2E9j|my-PBw*9u^=NE=tNr$wNY}GM;Zdozb)PBUM>(}Cmku#69o+r2;|2baZ zzgIlw=xaPVI23hY`lOAotAtWfgQxM}Qv`=+SDBrAD}Hfq%yXr%^VV~f&HAJbAnr4n zG-XErzS}}I-+kFz@l<}s==7m4IN-t-FG!FhBMU`$;-1=eSI2U9Brj-SFxGFc>!kX- zVuJ>2@VrFV`Vrc}Im%M`jJiX(2_y(MJ6@F`x#l;O)*IjO?om@De~|Sjg}WWLa8K{A zUvn*E^IBmY^(pLQ9*yrkj=j^Sb59%s*f$Yjw9x7Snbwq6czLj{adO&0t%p1vQjaud z84b#8abLtfGe!}cv97l8n(eHLrAga~QzzNeGJ2>htN*-T^ffAmJ)f-d{+M0`1Bv=aY^tN@lJep{>Ei4L2##hsu> zj3v@FI7w+K2#|AbzJy0Aeh=rW;$hQLRNO)?+gz5Mh%7DD&MuZ%9VtOMgU=>>d}9w= zXy&~bC^Mc5|2g+5a;#fzpQqRE6a9kh%t5bg7d4N$WJ93vt@m+Q+&(54wJQlsOUhpA z?R;d!^D3G;MO)oZ2G^qFer%t5iSo96Z)^b(HYfc{yR&mG7T;1?=nJly?Eyc;88WEZBaEqUvkp|F~g}rf%rT zGq7o4G8qrwmA8i3XY}{6sCi5zihm#LpA1G{kHF%nYufYZTW8NYh8tJ(;PXmxZe~r@ zeG{=V-ZD~5*&FihRBhSlN#EL^uoDsJ0pxk0G1uRe_^xhS&i#R{->x#rOuNbnk|Qf< zGozN@xQM02Z5L4EG{bkWSrNt-vmKV%R`-#j%VFNabvZ<7DVh-Jt;juK?3aA&mIgRcNegH*9+@&H-#6 z9k2hg=s5Ehlt{OrUP2a=t>J~V8oPUFRZZ#Cs$DYGSYofLhU7Hz<)u)XI`mRg99)+t zA1*Z^ym_R9k{zLjxNy@6ywF%x{e7bOfaAOyDkZ96FROW=jxZ+m-Ez(fS&i|h#!7HS zESMkgClyVz{Y>sAcTJQ`G>(a*>k*TCYr)|hWpBJ!QJ8i`zt^~CmgrRR)YWJS)jb=}Ko3*wHw|AH7Z=DLzmXF7d;|vD?HCl9&9O zsx0}#t?g3;j;#|6o<9sisPUETivHJVc9Edll0rKI;DCZMZxc+b=}+*(_(kja~G zCd9GHW7BU~IW6J3D$C<-CG4x#=kDh~iR{_zPDF!K!4oBTM0i&bVDYf3?_2AcsRTz0 zJG>R%RRa5v$I%KN7xMC2KTUnqi)X;&$=C!dvFn?lp1!0_@qrt3Y&bJ%p?oGfGd!2; zFi`H@1p=iBkzKH^yQEreLh2pPn=QOF&8vr^bfWtTPP>vd@wZ0W_5+)m`;C;LBEd~G z!m`&5W;$PpmrV6#W+E?<1Og70GO|$%-hR?+bJF1BlrxK7cRpq< z#^ZI()iuhcGRbGf2pMlmk?E>hevUeE;e8O*y3?Qe{mJUl3j=W%B}7RHh<(h8=LD`I zbHnhh(L;6>5AXd+*&QP-m%9t7ty~_~Y`$y2R=SBqXC_imDy0qMy{Ms`zXuA)E2YiU z%g=3c7RulpDsO#p*`(>squ=v^Rnn1inF|y9S2lM<6-=sgh)Ss!r)aG3b+2q8z-1g4w9Z=neI%A7CglqcGjNF&MR9VG98kgrenhOxej?wH;8O2fX7JEy=-4~qhatJC*&ARz|qL; zpzTbE?9~F(6*D43(-K@kvfL%Gi||uQ4gjO^KkKvkQw!BS?G`qCqgM*JY&`Wl5HZ7F znduA!8U{@2H&;Wa$6!4&WbM3(Kiz6MVG!XZN$u*ZHSRiPR}G+B8}BC#?H@-pJe}L zM=p=_lj4ui@96XVNjf5IXS$D87~l`t(76U15CG;>c!Y z<*|US3v#%*PohgzdE2V{))h6}*DDmm4WixqArYFn!Pw#&EiW0$ly3e*`!tb1`i-(; zXz%VM6#FiFh~7ZTEtfy7)Ku$*}NeYEJ%!XNl^lixKjAHZ9z zAf%k1ZQKZ>@^RS>g@J5+;4R3ewH20rzQ$`U!#_c!$8L9`A3n4e^%fG+_Q|IMxyETa z#&alTo%z2g6aGJKc4)m6eCyUXb(Md4gxchKhSc>#iL40tuPh$1j=&V*6gMBfwm+5?5!hEJ1>c{ z{8gUI${OyWX~0Ks7DjEnz|z7PMPE{@?C+xC@jHHk#-|k*4hgzbt*jFL?D?8WJY~Oq zm8O*^pm9x&cI38e!||Rv2s{`AU_aY-l}iH2*SH;T)6X@9{O(57=*R3&1~ja0N83|l zrAef~K1YFPYXS);!!$JSMswb=W09>4e~!r#KdvpIO+M-^^%h8pXPwb4;80efV zlT(LMDwk1J8w7gS3c)Z3ft=m!raDuxnL^e9vP=@=+rOOC-bE~-brwZw5j{n zWQ>UpTN6mphV&~E=I!BajTc2`lmAtXPz)ui)~5m&w%_?>HNRhkmboS&z%Orl1K6E9 ze7LxQF{c7!wsqdpg%Vah)1}L9Lf4A=mXJK|+<(`Jf-+Hd)9*H1jha`P1Rm-7Q#?-1 zKFvS&ZOzNy=>sa0-}Sb}OZL~DFbYy%NeGv6jpNRd>?wB(40jI-a;{y&LN382XDoH_ zZpnGGnS}pEL1%^bZu_Ep;ZHP_yhJHL8?iMwe}|`iz1!t1HA{{JaFV>4R)wF(@2^r- zdpXJ<+ZN%6(%kBM&$~xT(kXpE-DW(%CdcdL*Evl;a&r1kC?fKb9qz=nOE`?a z2ZUpBzkYafA9-J!GQJMl@=!hx4^O@9v<7kPT+3I0bp^;}#}{|I{xa6_YLrYXm5$3#vlE76JOs+XrH5a5+FA{v6(;}J-(MHDz?=m35rF68 z~aG*Y+>{Dxo*X0{=D#oZh|k*8w~*Z-p`Ze@yK1 zb#hb5;$)q#rshY&sUuCleP&ol+}oHvQlSE%!dxAX#ojMU;g=LR7!D^IbV6~#w9aP- zk42pc`l*tCo$QdK!&j*1OQ_rZmz0OF$nIt%VP}AcnR&O5uNCI|EK}X^X-x&ws`a&b#-8H%gY5!UCSc#c4 z?lM~j{l=W#(Ky#7N^vna$SnQ48cSKUXW1_(eoh?$O-6#v-|Eq?oMa(Iz{MosDZWYO zz*=EmEH#w9C((rn;DiMX^*Wj$oe1(^(l1Kegk9COql$Tth_Wv6lz{!IpOqxstt@!F zPKU8R0l|gVOjG|iLPY}+N{k%DVt*>@4W~n!JEGbK?%|=g)*x!Q=|@rLNkmHx5}f3L=mrm5yu+;bPB9IeuI4qy}mc>Psx9);D- z?Sft9JHLwEntU&*tCMY8zoKJbuf?2}QQMe~s4B+m)s}iRXjW~I_VH}yufrMM3+J{e zazFZ~N&obt^v1CxPY>EV3xr++BC-dO^8MSJ=B#br9o^zd91tA zAPUw4VJ}nChkJ(5kG<|%_kDMA1&%M3+51GSUVHo3ain(xCVUnPA?c#lKhUn+_ZuOE zZ0juw4Ho+aG3x8@^*rB_( z{;i`A)B%oate`0WHem_`f8a3QPD2n7+&Ra`H2x}RnH5XOX~(mP(G0Ih*7QPe!!6a@ z-|H4?fer3gy4;3aV~abJm~~z^O!z>fASrcIZ7|ilt;9s} z1R`tCsd-%AgWuGk=2gzd8BhXND77=~{#_#lSyfsCOeXR_BlaQilWT*;C|5~}x(=)< z^6Fl_@wiV&!uiq6l;Dkd6%*ia|3v~MDL&12=BqM2d+k)$shaaglEn<;=HNh_|Mcks4zUgd?hmi~%I$}< z)KX5JI<*hIci2_+n|r80TzZwuZQD>+F>4(3!Y84 zHLgt7xUO8M)PO=nwDe&-XAu~4tf6OHzihzz6r3E~1q*wj&Q zx#hCznBncrY&N! zaOvi0{dyl+9z`!f${ba|zs&wfI`~k!3Q^Y8tt$t;E1$gYti?>xKe?hTaOb&k-JWy4 z_AU>kGbQ;-;x;uv#puk*q}ObI;`deqonwA?+<7VK(U7~5kMsM?LOm4M>jhvRSPDho zBU7Pf?b*-Lp$$wwoU{eD>fBo|x=ZNc((#_Bj!x_L2=aT)Aa+$eFA2h9l2h->p=2Bq z)us~s;$?OMB~TL2S0)BkWRKkOx~v5z2x)~W`ZGY%M(IXp7fL|N96ua13efRj6y`h& zcTl@?_nuDpIrko9KHaaOxvLCEc-Oqz4jbYol$b``AP2R}{)LK>$FPpmA=qL{)zp?+ zerdG(6GJ&#pNAfED$Nedp3ekfs?IjDb}*Y3;+TcNcy90w?j=qK(AY!y}CuvuR^ zrI^14EXD_Pip!E#()q#`l1M$se>jkJ>p<|Q2VcE?c73at>=w<0;Y`0>`9p{O2&DK@ zUw0Ost&CShdve5c_&XNWyz_?TmQC@+H6yg$7`)h|%8&W4tw){#x~PJMEGf6;azhHd z2?MB@r~Ia{vdE>IaLU5gD#PW^2X_4gLwlG)nKy8FI!*| z^wpLONWySS6;X&EIb7C32#?m?n-*$;L6g9hlBnnHQ>a6acGkAlDd8W#r_^pa4V-M-}eum$|#Z&gV7Q?G6K zP1*O7%x5m1SS?3J&lMQjie^IEiUzN&sJnCQj+U9l2sCXEo8BFdt=bMekmxD+jydrl zyKWO60`?c0-O3L%HBG%ZWPCUYpd$kSThQWOOS4xH_~o`#pC;+i+%>l(V&v(Xc;u)l z5)a?SXJ5I!+#_xL(nZbQPo1#m92&Tm-|5q+b}V=p{bpF)=kcRQwAT1{M_x0%1V|wc z{-vYVZ~i})dVFOngA6EN@HNnfGAhPy6a;tJni$_BhXkboY=1t5AgO~-f4 z)f@d?eqU#1%;TQT)o4@x!4jV252eX^7TFGD0TF9wC;h0It2cxlhwR*+J`H`@Za%&5 z79d@Ula70)tEcC&HLvEJS#QdASTFs>`7K!~DJe0rLC;~L{{PmD-Cr)PX`j98CwH|{ z%UO1LpI48cqzet>+ndI#Gz6qAD2V$?ZUkzyoWjit-%3xobU__ju=0 z3&YKghFeUJCUE&009`e^PcM=um)7T|;9N#@{^G`~R{(UaNMyf*R!{p_q;815 zTM{m$zxEk8U6ZpVnue^ZYfLQ&D%pI{(acY7{sWK2(RNY?-`$Yt;XTTc(}4toL%Ij1 zDC&5Hk^tli{#7p7#+JZE%_!^Vdjmvh{7*>>8h(yapIY^2gdx55HdlP2nA!KQN#O!62ugtFXT*JJZDHO8#E8>YGk=q{hwMiY zSmtu>oWb2bkrb1^$$k2HpyO5bt#JRrO^vJ+QNvh_71c~>hCt^L8(w9ajNHghGI|eO z1iqzwBJ4}O_1a$3&p+F2vp0WQ2K#Qn<(w9Mkmu_nCyJy?tX$e9U*y^j(0P77ovAd2 zdurhA;kIA>4Ju-7^hb~!bg=zS6diSx0X+Y1LHoY`HIn6aG3y1KNy@hU)}z17sEq{x z;F+*O%4AIGf{@%rQhS&*#khMhTe{X|QMD?Ru=Z@fJbhGLk}A-k`^uhLE&?TfIS+4p zwgzQ#Q5;F=8u?89Hr~cCZiNxC-UI-B=SrysMl%h$(b*{=vL$=|pML`o@Qnbi)5i}U zo1D_n@P<9sK%@59XN=8i8Kx|ViBGX%woADhGO&5%d~etnS7zSAiPXzxBrE5&2w~Ot z(kXhs+D-0Zb&2^3DeSbUsas@5!sB0cW%A~RdOo#}X#cZSHDX~1<(;ht0ftKp70(Sz zoZQ}z$*!wmg>2LdG?GfbJh9;rH8-DG{4()VU;}>B_2n~SuTl+gf5D{B(MxD5wr`0X zTT}J2G#@WCDrL247&L%qI{~CK8(X`|J=oei6^F+`fhY2CL`|PznZEPjBt0?b)vS%I z*zLU8sxk0{?_$W$ucFKC)&?3o#Z+g2TdoS3x&X#{c^-W#1o-j_;OT7z@)u(Z%!Z6#l5@9TW2#?D(8v{`DE7-Y zm_<`7(9&a$b2Fi<2Jr5Y7q{f9Y(l7KG5K>f^S8xdgerhG5Wyg}CWoo~**TiAWDvP4+u!4ncG&1?(b zp1)*GPDa@{RUReJkLFa?ynnb8^8tbx1H13B6tzU-&L8)x!LzxwufmhRZw`J?DsG>z ze{_^SJ>Wh}-(x7&71AL6qDq8N@$;8Deis`9EeUQcP2^B3_=>Xj|yKi0Mq3o z!@Ci(woe~#cI*BZN zZUng=t!i>V10&aKH47Y&hJ`h>-DUqAa1OA&L#^4!0gFmKYn)-}GKZ+2PJgWMX1ncy zE(yyoQbEgqqAS>H=(z$GSt4aWa&1x9>k+k}_4xMdy=en~fe#*RI`@EC9g=z=N8YB+ zcK1sxU*w)8kg`Mj0(ooikGd1NO0j7l7SkF-qOV;T=vyNd0XwAafZt52nv?t2I_dxZ zerxe}wm?rV{Z|zbQlDk=@$=VsZ)H_#L5h#4x!#-)B#vv>u3f!)m6LOA1)zS3f2lPK z5d+|SZ$LmmMBvQ8m%r&FCz=sDQLSrenAd0X>nH2jfM-58dG&5wdvC913F$cS{PPd} z-+dm>P;a9bFTM;c6`9r<>giXYVR#8fLFE@NfIWXRNwi_LboSU(9j70 zaIgs)(=#yU_$-ef#Cfd(Z}BpLyxF zI$90@jd$KAtgM!DLxh_DKs-gt8F%m8SsX3T zkJft#@Y5)aN;IeExHH{f1+9zEex|lWad4B>8eh<1X;XpBVOT=VyQ5yDe@dj_{C7F9 z#lSiE!;=3iv@s1+M~*J4RyeBwYjb?^<0^^ufwm33`k6}>+?LNwl&%GGFlcbNT$C0F zF?eQVr_UuFB@^PNG_l>lgk@^v_$J?4{Zu|khSfh&<_vqg_DA)1b{P-OE$ZG9?jkJQ zJ_d!oJLkf(Syem?Y3r)n-6FxJkh>HZ2FZRDs_7%}hhM}4kg>|dmZO;S4>x)CDBXD% zLvcQY18;w{Ql$(c!MJ zRAFA8-R{~1aM=B{4;+ho?(Dqr@rL65_EKzbIq?4N6U7DCcAp9z)3w%~9*y2}rI;ie zF+*Kl@i!y)k0#=4lg#ca8mF$I(bLtXc32^EW@cu@WnpfP2YT4Vhr4(0hAL--$_{bG zPzrT*bvb0*?(p;5|9E>W)bwy8^poa2M^#nT=xfp!_~%|u-*yX>#^Ne$#C&Fcg@%QN zjiiTi0yg{h+l3B7XJ;ostn;poQU{LoazgdcwjO-{Fa5`}q<@0_Hw{QXH-|#KO(cV6 zIDFy02Gb*7q)qBB0|RuskHw9q#SII+#BIMzt7=q<5=a(to!@D6)zVPVtF~NiM7?LdeZ6RN3 z(botj*h+r_S7M1+wNqDyHoJmuD74zTxiO{&33IZ84qxK~=EpjgQdr(TwYgX?ke{GX zxr81Tf^AZtMmF6c%RYO(X^?zK^Wci$za(0Ti72y&H}&#LkMrZp}z$`X}2 zxUW!@)ej)97+A;1_~30vm+hVMXaNZAnX~OJZgl!$vwr0*gqq!>$Yx3IG zo@;H7Riv%86e&bSrIo3Qf-UyD{yrUmeC} zInx69FA!BZ1mUAweM4?zbqSogr6_yF?%_Mog~nC{TJHL-Gdmr>wiUS=w?#?*tf zQ!bd9@gBG!G=jVqpLG=?t7Bc1^aFEPLZ853G@6Zi!lEEOurdrM-&V?Sf7I=LjelqvEub!9~LR4z=JKDH$oEP*0obP`0k>H1- zCt8m5=BCN44HYzN;pEAfL@QHSN9#71EK|A1Deof>cQs=A*=Fty7N^hJHxrpC7qavU z){#w%U}{h6X!YED_ghvds)5VW5%RsB`3cKvrW38$aWj1rdReCVZuf>PvP9cPTunVh z7gQ6_xm`i$J>QJHRm>S$xG6Y_G&{q>f|j)J5|PmC%>ow-=Dj#Zp1(_vP=A$tkY$Zo zYTKqqx7t|}IU;ONqTpi&8f|X8fmzcVz6-M*-rHX0;>fz$muV#=%* z)4rf=V9B{-L&OvHmShOW>OxfJB6raA@XF$G=MxE&ucW?n&dXM#FA07h@(?E(NW6-k zFe21Vvb@I#MTv(n#+RUWg^}9{`WDss_Sc7NTqjMi!Gf2vdBLotmRjXUsM#NK+;Yq& z1lyBd;#)m7amg2wu?iBkPap>rX^U;+u8Amx=<2>yuUJa5jOAf7*E4Wf+nyetz&n#U zVnA%VC?7q8B-trMzcGyEbw_X0sAy*GqrzRanaUB1NAUdX>zs+j(E5pSk?jakxlNB| zAA;pS(so^tChl89`pH^(3f#~3%Zz%9%l?a=bM@F7odkS*#u~~$=h<9WbHM|r4bh<(!7o) zm3+IW;j2xN_Dr_$lOZ3S6Zb~gxqz3gEuk8tpwRbmBw~EyZR0qTLU3D}OTML4>JN+j z8RnrX{mWqiPzBb2B_etvdiL&Phy$S3mT5LULa^kt@N~FAD5DNC5~4d5J7-|_S72ou zwy6d^i1SrtcMKA+N>Kia4_+wJ?)rfhzOgBpR~348yqgqtL;o)l+nv~!jCpDse8N+( z2dg+S@|7j7Ng(ZXJ>+V3X_kB)N$`uWsoH8gvlbn*oR&A_#`;9mihF!XRS~9tZfdR* zqw0C|Q);MUuq^7s6U4qM9>(s9WewbVJwz1|PpH^nvxgBI0EwiBEmYHWYYNW|h&qxo z5DB{pp8<4wyFsJ>KHkupln@)GfHMqr19G$6{Jard696wI71E&73ukMf2?@zN^58=I zjHIj7d|uemgsm7HwQTzM?R%(7ewJ={Kf1FoNPWgb zl;?LZ7NpiC^PEL)rXY4#UwQ|nI@dU(r-yj=H(J@B zlPrs5x<*^%NFUNnLX#<}1~)Z{LFcGiXFLfnK<96ZHS$%(S(()PVr$2Aq;=K(IHfn= znD72n6>bwJ#0;;*V3LT6e10MOX&5WtG*)QN`qaIzQ*O?>1V7BOk-qt1tcjaaT$S2@ z>t5-yIE#u5zNRb*cw?@_)UT$u>wH!4ely&X>|{avkhJzjT|)-cIxW5aBzC;QO*Vn= zH&~tr%Dt3*;r`~fHujt)0eJ0`-4~69CS6HCWQkKQlSlzS^E=|YPt~N3x;-f$u z_E9Hj`F1^a4TT_H=w}~5!CnIMNj5dOebQyW2Q6@lxQ3G4gcA%sT9@h{hHa;uN&2oi zhwVpIWxeriz)Nd!mdVXClWt5mRq#?%RTV=%c>9%=Hse@W)O)Q&y0M{Q(M8okHp%0z zo=yFPX(t~ye!a;B(|5vmv-3rA49Z2z?MGg2UGP{~>s+BU6C09Ppji8Wyz4Z5<$gVF zlCzkeo3UQkM)J;9&o$JgA4>w`C&Wz9KBiXYAh*xFtKE`Gbu(XP&&|R3z~t_^voQP7 zZVz(Y(PON851N3z_{-2;pq2!y2>aabn94Gc`M9W4taeBCNT#xSS3=<8tkEDkzPNsO zdYb32(VWK(QF1szXk{4Kt+KSd9YS_I=PyXAaI3=kjHoX9Z#9A&%W7u2NWZ;RJdg<| zx(CB2Yom_mZmE#nNTN^7ZGOwHm^d(5L2^Onqc!#bv^PljLSvSngkL|B-=WbpmjxJuJt*10=`v`lJIln0u$~Rgc#^IW9HA!NRPeoM7HCdO}!cy zrY1OPcL-4kWjik;6@kYq%Mr>1`CRoIJ=MrsgiU~0LEYW~+{gPBZ3MH?+>;cwdU@rC z)X{h#=N|r}Z@`55w=8C8Swmn{*4oyF9LbtH6z)2Q}`T6{(soQFq*S^j;?WG&m^BXEpnF z7v|;VrKfLE=Xkm9)lE;pr>soMElNFEus5x+u&^F9Zqa+O_Q8V-z<1Eq)lFt1BGlQE z%j*Vmlmi0;pkqEACIkcoOjL@qmEGU!=t%f%dK{ls&ExlOiZBM+;+H;aFBJkW>P<5| z`c2#ml-O#$XVTY(NBsQ#iyuAOjy461Zh8d1ebWGmM9J1-pigM1PZdq@ML840Wk`{G*HcR z9z6iweI8WJgQv`)pX77@jF)Nl6jaSG)|9B``jD!QXV+|e)CZ8wj+2p_cE<1y(977Z2}})U38vdm(1=fAUm^@MO3^Q?B(VKXzfFO=ZYXPFcAg zomMF&m|3={H$aO$7?rYcPQKg$u@`;LY_+4ZZwgQ(d_Uint*L-a&*!Diy=Fqo4X>bT zS=$W#nW!g3UUIbDepFs_R3&2*^vlX+57f@GLjYiQBmhn{H&re|%j1Jb5qUfJF1=gR zK|zXVAW86mlUjJ2a@$q)3wcU99xYG|oQYDYTFRVIr=H=ZVUVOyLs9kz1=SU1_RXL@ z6y{M!t#CzFDk)_fqp?lhhMM9znSD|PhTf*CPueHfR*hIKcp#^n$aJYA_|@SE8M$zw zM@2M-d0)ViN0b_v8~-*N23;E;@fnki4E<mi{$|Zi^F_kmMcOeT*Dsngg>6aPPvFZY+1m&fv1UheKW_a%SqJZ;@w z51k9`S9_`BO*eN(FC0bSqsO0LQ79CjX>FG0gOC8&udO$C^(!Hz zwpP@ZW>|eXWdr(vRZfO7Ea^y*(aD0+($bq+d0cf|%V9^gqNl5iH%5({sGLVS{RhMk z{{JHwf8wAb-yeR1fD(AaJ2gSRnJunzxp;nVqz+T%-Q0LojIfK3{xse~Y;*w9d}{}k zCQZITRmzs;444R9hJ+2F)G~eEus4?He)#aK%YRu3rpZjqOD!uemw^zWS+l6G$8$4y zn@d^u!`{0@qW&Bg%=_Qgz1zt|d3t(!d$TrU)JnF+7{p?EhqX}62VSc>JMp`wNb@TbjmTR5lOJZ6d2DJN2HX;H_UzfP zurN1-KH&eH$?4Ol$u%{LLgANd*4Tu-P3cng_4N&T<4nI(07xqqIMdC$thBVPtLu(G^jL}mXt-J}oE2jSyu7>~D=Ny% zFU%KYX2y)g48^>-ub-uqOZetyX6n2;FcVTgC;kksBwxWjvayri*x1d#&OSu}Q#?QYVFp*RHo0V$(Sv%N(}A86AY-wh0?S1Smu+eCAJbz^|daM>&)npv2cc?PIhB9X}Tr8(To%$y&i z))fr`hAuB``>3%$+WQsB7pCZ-?yQoe-a}rS8pzPw`}?I*X)+SSmQIhnN-QrA`3C>V zYm1#}jJxW-z_&6~@vOdnct8!6$9`-e!=f^k`yzd5PVx=>PT;;x9C)wAF%%&_vkP*!9m5%~VKkvJv~@ ze~o2`?!9J*l!t`ucp$IikA6L0ziMvp-z|&9bQ>RG&Q<%gzH1l^v`D;$I25_~`8tE$ zmxlcZa3pw2wGKr|(d59>b9qRF)E6yP(sU8uA{QrEeJQBoziBGo0mp@@ABINbW6+aa zR*9;po}=@V`rw*oR5L~6d7jAZe8C5tGlsBuB2fNCN_~9S)6vn#weQ~D0L-N#?CLoK z&0iQ^!{o#cjMs9gkPKy$Pycw&Tx;GkhGsggq8-3Sf! z=x>`xX|ywt5sVFTkUW0hcMVskm}sWdeUdkaprt2dz3e8*G-jPa%4ABz^z12RUxy=M zDFe2351-fBzP9V;0?vnHo^K0HB1Xly?B5Jj1J2%d-`^4u!}|wTHJ58Ij5Xt(cXRsP zQV=m%dM#P$S%=2ciHRoaq6W2Gkoyc@pJ*t@Fy1*lY}_SNwb)T5^u^V2QmcZls#|E7 z8G_NOkAEGbjLJiq{EY5PcEgto$07Jl(yO#9oGM}hmcgN8=X3knU%n0Z+&^2bM6!e@ z<=g+K11Q^@FvizeJD=eSM|mv?;v{q-n@^nTly3)jP3(8&>`^ofDFu5D);KpUjZ)^5 z#|opSYV*w)rZx%%op1j`do!V9kDJI^Pyvll3{|s=b}OBAcM2L;jf12ZSfqa2fTLKR^S(mkyi;$fqUIqI z%OLqsWuvt7n)y#QLPZVT_6I1YHSjM?e>og8HyG>WqDDZlk|7^6eQW9at5Bni3Od)k#s`c)clHl>Sp2fkH75QI?NNyYce4KD`>O^0Mz9{4KJTN+XUu~bk$WpC zVUHGjHrrw%FQ_QeqP&BpT*6`K5O1t#sYH}dnolig%B3raZr=D}UU@!z>C-lWr&5m$ zzicro3}H_x!v4O$P)~1oNw#P)kv_uYRrnp+3(KiGP?U_Z5|d*Y93GsJzXV>3js0x3P z8RVbHHvh>!d@?*}Yh)1nRO^>V*3A>+gB|Htk%||8Yr4}>#1F-W!5{iq*Qykv`mdEy z0J1{ziLLb6HPG%#)Nv=T4o-)$qHuwDS!a1kUvk}eO(ZVhp{42> z?-NE$8w;F_!8_)AHNqcv*4>#KvFMwKz5MyUm2dE9_x*I<>$p-Vqr8KArH+&dqB|=J zkpHqK`)72bNduV<>|2nStwszgMaAW_d4~|O*^Ymx<=2GLii-cMmyrN7c|6{*_DCE} zI#|Va6#2w8d|lX(pvW=yMXEss3}MLqmu#vjQ@W8;daPk+XCAO{s7LNH&t z1i;}w?pPxav-=|W{|s;*6`X&HNTh%IU&M=2!}~A09Q!nw>Zj4eo7^>^dv%*y`TXOD zfo?JcY*vuuT#Zs+{qffWz+C{xZ`Ru#2T%{LlD}ZF0Fd^Dj=Ctbu>sf`!2AS17{%XT z*Qr_wa-H@Gd%>x!4D(*UCURdfkLhyiR2o-TEu*;X+}wSU zlWixzFEy+|ie33lizl&ItWlS`R zDC^e&q7{wT@7=oxQk#zE&1w&cXnFBXAP~Ze@H7q5{O6dJGT2o2^A=yjUsBX;A3J>V KQ00O1SN|IvM0JP& literal 0 HcmV?d00001