sssd-ldap-1.16.5-10.el7_9.12> H HtxHFb' ?*}}~u/Ue'2VhNTL Sd  c59279faf76a6cc63327f569e1d8765f691cd8c2bl..2`qFb' ?*}}ְFbh|gW:Oö.K7sx><(?(|d   =  ;AH l  ~           Fh 66 6 8 < A( P8 XF9pF:iFG" H" I" X#Y# \#4 ]#X ^# b$d%xe%}f%l%t% u% v%w'p x' y'0(xCsssd-ldap1.16.510.el7_9.12The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.b sl7.fnal.govԫScientific LinuxScientific LinuxGPLv3+Scientific LinuxApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64\KVnPRFkLWbA큤b vb ^p0b Ab Ab Bb Cb Cb Cc7517eef739cbeee73f158679f7e51e80e0c8dc5141bdbbc80cb71f0651f9bab8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9037c99330915baf05c5da6882e0c107d17f10df8a10f0bff55b6bdc8415bde9bdf2a63255d3aa50ed77abfd3acdd0b8f827f320f3965ae49d1e8f316b8a2472316084bbefc6053456a5e8290d493dd86c07af1f6d53b62d398da83f9780c892e9201bcffa6cfd56ee71e81ad9c0b72afed45184d5c68a322fa10f08ad2f0ccdebb8e9690f72e858faca44c86c94155a423704ce245d93a2379dded35116e861972252b8555d54794958e09ad6201b87187970ce55bec6c88110d547bc4e7c433c8rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.5-10.el7_9.12.src.rpmlibsss_ldap.so()(64bit)sssd-ldapsssd-ldap(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libcrypto.so.10()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpthread.so.0()(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-krb5-commonrpmlib(PayloadIsXz)1.16.5-10.el7_9.123.0.4-14.6.0-14.0-11.16.5-10.el7_9.121.16.5-10.el7_9.125.2-1sssd1.10.0-8.beta24.11.3a@a(@aa`@_ _G@_H_H_=@_;_;^3^@^V@^m@^^@^>@^@^@^t@^r @^^@]]*]@]]]@]@]m]m]p]p]p]p]S\Q\Q\"\"\"\\\r@\r@\r@\\\\\\\\\\\|\+@[@[_[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj 1.16.5-10.12Alexey Tikhonov 1.16.5-10.11Alexey Tikhonov 1.16.5-10.10Alexey Tikhonov 1.16.5-10.9Alexey Tikhonov 1.16.5-10.8Alexey Tikhonov 1.16.5-10.7Alexey Tikhonov 1.16.5-10.6Alexey Tikhonov 1.16.5-10.5Alexey Tikhonov 1.16.5-10.4Alexey Tikhonov 1.16.5-10.3Alexey Tikhonov 1.16.5-10.2Alexey Tikhonov 1.16.5-10.1Alexey Tikhonov 1.16.5-10Alexey Tikhonov 1.16.5-9Alexey Tikhonov 1.16.5-8Alexey Tikhonov 1.16.5-7Alexey Tikhonov 1.16.5-6Alexey Tikhonov 1.16.5-5Alexey Tikhonov 1.16.5-4Alexey Tikhonov 1.16.5-3Alexey Tikhonov 1.16.5-2Alexey Tikhonov 1.16.5-1Michal Židek - 1.16.4-38Michal Židek - 1.16.4-37Michal Židek - 1.16.4-36Michal Židek - 1.16.4-35Michal Židek - 1.16.4-34Michal Židek - 1.16.4-33Michal Židek - 1.16.4-32Michal Židek - 1.16.4-31Michal Židek - 1.16.4-30Michal Židek - 1.16.4-29Michal Židek - 1.16.4-28Michal Židek - 1.16.4-27Michal Židek - 1.16.4-26Michal Židek - 1.16.4-25Michal Židek - 1.16.4-24Michal Židek - 1.16.4-23Michal Židek - 1.16.4-22Michal Židek - 1.16.4-21Michal Židek - 1.16.4-20Jakub Hrozek - 1.16.4-19Jakub Hrozek - 1.16.4-18Jakub Hrozek - 1.16.4-17Michal Židek - 1.16.4-16Jakub Hrozek - 1.16.4-15Michal Židek - 1.16.4-14Michal Židek - 1.16.4-12Michal Židek - 1.16.4-12Michal Židek - 1.16.4-11Michal Židek - 1.16.4-10Michal Židek - 1.16.4-9Michal Židek - 1.16.4-8Michal Židek - 1.16.4-7Michal Židek - 1.16.4-6Michal Židek - 1.16.4-5Michal Židek - 1.16.4-4Michal Židek - 1.16.4-3Michal Židek - 1.16.4-2Michal Židek - 1.16.4-1Jakub Hrozek - 1.16.2-17Michal Židek - 1.16.2-16Michal Židek - 1.16.2-15Michal Židek - 1.16.2-14Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2006382 - IPA Intermittence fetching groups - Resolves: rhbz#2006866 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2031729 - IPA clients fail to resolve override group names. - Resolves: rhbz#2032867 - AD Domain in the AD Forest Missing after sssd latest update- Resolves: rhbz#1968316 - SSSD: User authentication failing after server reboot. - Resolves: rhbz#2000238 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#1984591 - After sssd update to 1.16.5-10.el7_9.8.x86_64 the customer is facing slow connection/authentication (due to discovery of unexpected AD domains)- Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down- Resolves: rhbz#1988463 - Missing search index for `originalADgidNumber` [rhel-7.9.z] - Resolves: rhbz#1968330 - id lookup is failing intermittently - Resolves: rhbz#1964415 - Memory leak in the simple access provider - Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]- Resolves: rhbz#1910131 - sssd throwing error " Unable to parse name test' [1432158283]: The internal name format cannot be parsed" at debug_level 2 [rhel-7.9.z] - Resolves: rhbz#1922244 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. [rhel-7.9.z] - Resolves: rhbz#1935685 - SSSD not detecting subdomain from AD forest (7.9z) - Resolves: rhbz#1945552 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 [rhel-7.9.z] - Resolves: rhbz#1839972 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR [rhel-7.9.z]- Resolves: rhbz#1875514 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [rhel-7.9.z] - Resolves: rhbz#1772513 - SSSD is generating lot of LDAP queries in a very large environment [rhel-7.9.z] - Resolves: rhbz#1736845 - [RFE] Backporting certificate matching rules for files, AD and LDAP provider [rhel-7.9.z]- Resolves: rhbz#1899593 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() [rhel-7.9.z] - Resolves: rhbz#1888409 - sssd component logging is now too generic in syslog/journal [rhel-7.9.z] - Resolves: rhbz#1852659 - sssd service is starting even though it is disabled state [rhel-7.9.z] - Resolves: rhbz#1893443 - User lookups over the InfoPipe responder fail intermittently [rhel-7.9.z] - Resolves: rhbz#1871288 - krb5_child denies ssh users when pki device detected [rhel-7.9.z] - Resolves: rhbz#1853703 - Unexpected behavior and issue with filter_users/filter_groups option [rhel-7.9.z] - Resolves: rhbz#1756240 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains [rhel-7.9.z] - Resolves: rhbz#1851112 - LDAP bind can fail due to unconfigurable DNS server timeouts that inhibit SSSD failover [rhel-7.9.z]- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again)) - just bumping the version to build for proper target- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again))- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete)- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] - just bumping the version to build for proper target- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z]- Resolves: rhbz#1804005 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1773409 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1551077 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1507683 - GDM password prompt when cert mapped to multiple users and promptusername is False- Resolves: rhbz#1796873 - [sssd] RHEL 7.9 Tier 0 Localization- Resolves: rhbz#1553784 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1836910 - Rhel7.7 server have an issue regarding dyndns update for PTR-records which is done by sssd on active directory DNS servers. It is done in two steps (two different nsupdate messages).- Resolves: rhbz#1835813 - sssd boots offline if symlink for /etc/resolv.conf is broken/missing - Resolves: rhbz#1837545 - Users must be informed better when internal WATCHDOG terminates process.- Resolves: rhbz#1819013 - pam_sss reports PAM_CRED_ERR when providing wrong password for an existing IPA user, but this error's description is misleading - Resolves: rhbz#1800571 - Multiples Kerberos ticket on RHEL 7.7 after lock and unlock screen- Resolves: rhbz#1834266 - "off-by-one error" in watchdog implementation- Resolves: rhbz#1829806 - [Bug] Reduce logging about flat names - Resolves: rhbz#1800564 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package- Resolves: rhbz#1683946 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working setup- Resolves: rhbz#1513371 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_be[PROXY] killed by 6 - Resolves: rhbz#1568083 - subdomain lookup fails when certmaprule contains DN - Resolves: rhbz#1781539 - PKINIT with KCM does not work - Resolves: rhbz#1786341 - SSSD doesn't honour the customized ID view created in IPA - Resolves: rhbz#1709818 - override_gid did not work for subdomain. - Resolves: rhbz#1719718 - Validator warning issue : Attribute 'dns_resolver_op_timeout' is not allowed in section 'domain/REMOVED'. Check for typos - Resolves: rhbz#1787067 - sssd (sssd_be) is consuming 100 CPU, partially due to failing mem-cache - Resolves: rhbz#1822461 - background refresh task does not refresh updated netgroup entries - Added missing 'Requires' to resolves some of rpmdiff tool warnings- Resolves: rhbz#1796352 - Rebase SSSD for RHEL 7.9- Resolves: rhbz#1789349 - id command taking 1+ minute for returning user information - Also updates spec file to not replace /pam.d/sssd-shadowutils on update- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider - just bumping the version to fix generated dates in man pages- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider- Resolves: rhbz#1769755 - sssd failover leads to delayed and failed logins- Resolves: rhbz#1768404 - automount on RHEL7 gives the message 'lookup(sss): setautomntent: No such file or directory'- Resolves: rhbz#1734056 - [sssd] RHEL 7.8 Tier 0 Localization- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1746878 - Let IPA client read IPA objects via LDAP and not a extdom plugin when resolving trusted users and groups- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1713352 - Implicit files domain gets activated when no sssd.conf present and sssd is started- Resolves: rhbz#1206221 - sssd should not always read entire autofs map from ldap- Resolves: rhbz#1657978 - SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust- Resolves: rhbz#1541172 - ad_enabled_domains does not disable old subdomain after a restart until a timer removes it- Resolves: rhbz#1738674 - Paging not enabled when fetching external groups, limits the number of external groups to 2000- Resolves: rhbz#1650018 - SSSD doesn't clear cache entries for IDs below min_id- Resolves: rhbz#1724088 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1422618 - sssd does not failover to another IPA server if just the KDC service fails - Just bumping the version to work around "build already exists"- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO- Resolves: rhbz#1710286 - The server error message is not returned if password change fails- Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly- Resolves: rhbz#1707759 - Error accessing files on samba share randomly- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though `sudo -l` shows permissions to do so- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache- Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x- Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group- Resolves: rhbz#1602172 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) deesfrsvuk1.16.5-10.el7_9.121.16.5-10.el7_9.12libsss_ldap.sosssd-ldap-1.16.5COPYINGsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gz/usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap-1.16.5//usr/share/man/de/man5//usr/share/man/es/man5//usr/share/man/fr/man5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b41b1c9800657f68d112ad168413a297571015c1, strippeddirectoryASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)0PR+R.RRR'RRR%R&R RR RR(RRRRRR,R RR RRRRR R"RRRRRRRRRR!R-R*RR#R)R RR2?@7zXZ !Xp] crv9w]J6E=4B5Cn'oItKmz9U5ra#hT65x0e*iu2 O[3$4Xరc( 0A2GPb$.}ytmt9֒+Y-Bط!2x_vwP'P{HѸ] " |+M/ S֏E&eݼ6A>m58׽*RTJg#qfq'[aRwO!v gPb.I>Sc%l%)ҬZ&92C*֘'\4^a_i#WzKi<#^ۚ~}9 WL0usɯ7LE^,7r5qZ#IU'i<&)b ](-\UWjdtU*_6'Tu> nx8~u;1`D1ǍYhSA_H ؅@IlMR=#X W cr $_^Mʤzwm0 .:Rr0R%ι+FL0tGiX&4zC.AW$ QD}/u5Uf YKŶw\~E 999&0tA3HP)?$\_xhN"'Ӆ͏ʂ^nDRjOi~\OU0.l&JŽBM*M|L8Z,8%rNZ!Fs|<56S>Ӽdhp&? Z31/x .О2NeK퐑`i TA9'&M ˝}1(QRGr''/UMdM:.Et#Nh42p$}]*鄽;(LxT=ϑj~C#:C-) [𦓮t@CC1f`d.L J``R. [j:=dfpB,m]Ud9.C=sc$_8xh)+.It vd8ۿ2R띫; ?NuZv2cJ%QVN,0mC'T1Oꔴ頯Fm3cam%ih`CPYlgZqmtڢ45K")HfBSkFD˾Hm ]Pޓ]0y6KLqA!Rrrn{2aՂt,+$XH)A-UJ=Ok^I|FI֕:G҂h/k/_;b`L[.ɺ @EɔAq+ f\~TQjnBD0BpԨ9V/ +#<,Պ,9;n2fp"#Z+dQV&8"Ӡ8MezJW\Fk"eFNN…^rv+1~#J1|=~%:ā$;Dz'O:ړ] (#F^3{owX-4']+AfMcqDr @Pw:kj]eG6*^`D;hIUV9oT;EJCvj)ތ$"i)|2;MoG뎟NN9t ,g7Mɋ )TZ@6ģ(szٲtg)M-+hq<6!iQd2LBDyy^'fh J2 j3"⛋SH8h#l?}d|X4vVTE;8\J i(S ,e_kɵ7wUR~^] {)N?NےLC:$r Uqebu<;젢K(dixx,3+QcĜ5i- ֤B 0B* p5kqi+XylӘΣ>&~Brg @XB$451l?0,v|߷ܛj7c>ކT(;Ly k҄,Xb3+JJvf޿;` 8`3PWG' ӊ֚g="g2Ā2G83mt{#uEt75JjD^{uL{KjUE봰M[ZDdd"!lpՃM-"P`2=:x r3^2rWav "VӮ w7T{;0FݾP6k8kR[AїeGٓΣ]'Mŀ93(o"֗ TH>THM?[Yё!Akkpd@r(--fٞL(ߌgmPRy;~Dd3ՍdQߦN0q3XY>O >D1q iνkeU5lK)qTW* ZgdҵYQ7Wyn-qCWSi~wY~oKzN;Xb1y#𰲼BrQA BvY&`&X'b9`Y clAZr/3`S)Oœ6$!ebgOF([.=걥' {m~&MƶvB$?"nCv0XPTLObWc%% FWSlc`GX@df 1 ǛDgNjtZKbTvղE,Kev(G2ks)τ38(>)=Th:D#n,/3.b]a4/ecFRr30IJ#b_b*xhq qݞ  TTblyعpapu82bsoCi{qZA+JTHVL,ƽ NI8 5)ע3o/B:|`i+.m Wc%y7P0SrrV& ~Zg[.3M.ik[ I#€SY'(c*aaD,{0X&t:^ ts@R=YD,3ETa8kMqWgyHakQgNhshI0kZI*@7Bv9ž>yTZo90N ΈڬW'cʡJ#q[(5_@vuU WcޣC'aLrDZ-SS8IMp\@~`/X:t.jΩ@Cj4IvB /"/>̔+2Rc n h= #7{NEZF a:N]zZ/69\ƮOTpu#oSZU]-#]XL'gwWɌ*UQH~m<̕*Gm>Q?:7X. 2:hC/ș?Dwϵ}E,*&#w3e"">@se :ص,__ɔe;N* T~sUF6ؾN&ji( 3tB0'@@mQ?K|8A /̬h׮尌ʇҎ߅^f"d/]Nlq8Y`ePmzgDexp_>bYЕ'a+Wى.*V X)䥛٣fzL2 7/0#&d{*[+vS d[Zy_v&-<@'7x>o\WqHISNfzy_f'FS>AnLTaq5Ո9lQAI, G~O)pJ#:7Yiml⑫a#}"[J5]*Kg~^jNgg$Md›k|c#\F1= =Ҥ_6OYЂ(59'O4{- sD9f{D6 h(`;"ԅzDަi o%њuK -j#h )[vel\1I !hyL*%d_0*? @Vl!TG΋ZK4w|}2mZP꣪[mLJ~~:5Ùm<[Z˜qidћݜH 1/tQ|9 ^}:,nΜ/S^z7MR şX(M3RL+5ǒ=5'Umfv~KhR_++<+?Xۊ{ۚTpfk./oW :(`#+K"-6I vL]ct@ ^]Ȍذko!me3w\(rU\w"|Sa1eq!,:sA`Lጇ.ښ5 =X8MH/}Ю`̵WMQA9C^P Ipх  E?zz`(L2Þƹ4 >hor'}t~O-)흙!@D57[9O. ٌU$_&s=֘,\(mTfΠ;4_G= o="s sm*\ERl蕨c{"!e3sApݵS0!e&'0OQA|Fe+='1ܶty">**{f!ؿnH=7]D?|F8h]? dLݲ?YlTG1Pq1uR%>Z^U|7I8$VCݘjw[Kw):/ԉxD+/D4&Kf:H0z=^wL=9oYv|{?z(Çn oZP:Q-wef( $c~;?]ͫ`/nV''ܼD-\Uz8-\kfFunlQX>ĿJ|2x0*k[y?-kD{&k.cpǓr"ԑk>f0MN٩37YdGiԀyȮ^ruŅM+tdPj-`vtȏݮ#~R2rXG,5m.lIb|^Hd ܈Cۭft=r-{tax(GR V7bC ۛ);@6!{ k:yLx,8J%r-K:hG+c5'd!R"v*I G0+叵&$K^v~n aUiƗIv*9['7򑿅yf(4Ńk'2olz c ,Ts#Z,᮰'?Ǒ>7^QJ?eCvIHOܠÇ?7"(,'ƯFNoj❸S cJA_ˆhLve$F )>D.GHW=gk?B=O!h5(vgv\<VI=Ţ:_q66Qǫ\p8*6#]~f#ܫkw6PjZ B i`pV2s֗xqH[~ncO3O0S.v޻~g5y#ⰻȱ򜎠uZeumI_`9' Ǽވ}cձs }57s?]h!{#7mn6FjڕV (f7`+i!Q(ۯo~_IJA(UA3^O?6"Í2V:PI.Ah! QP_][[\HTHPRҔ+sb̯Q4R - Ѡ*bQdpLn 9#'n8HOdr7)YU!atDL%U/iFOw H0#Az˲Jt<6mt23hsP#]h]Xڝ"tb7V JG|T(IJղ_ϛ֘j!{*#?@EѕeIU؉LOпƗY0NnrЈƔV ]A[ĬpZ`IrUfg=+ % *l.'b uWOhpÂ|pM<~Q=BeerhE^~zLaumMrEh>\APbbRa+D_X+sƲ寃tvSI}eySC׬𰁖Dfȷ킀֊J>M_,U7<2M:b؆ ,gcn"'3KCJ )t2 ӈ ASŸ;2l?y@1l2.i(J^J6*IC!a,#Qa;s!9PFc r X6o"fٔ [1ys ܵw6Z4JTZ9g("z2=ތ_J^(=⠰x'clDr{jR9,fTU$OtEg%F*T;Ȏl'?*'d4H,>m:|WrBuMʓӮ+DͣU(+i1 *Kk'y;WXS۬KN x/Q]RW!daڔ! ,(bt(# ?4YF^?,ᾘ\\8х󡵁 b`ك|w֤<أ IPkz7z0bA;\f77c<&e(sF76-!`B%Φb,8`l*\;C |1z9KzDFC;1<=C@(:vB 0~J 7(]q\ֱld;!5=9EC.VgrV)ؒ"# JW<H㝳 e˜xS-Qr)e nXNလd#ov \@eGPJ? QK%(tsFȆQp +}#e"4M3ܜmNTJt uGbފ@['o)\4X3ŠZq:%b /苆3$W!~UXO '.v vuwkl󒢔wI"L汀Qb| ܵ`F^Ҝ"_kPeS2"%{&_ b1 hZ2eMGNG\:7iacDe)JzLFp-lS-y2 hW<}>tl RX}`GqJ"'*gETC0 U$KSJJŸњVdvb zX+RHD6a-b>U: z#PIdI|U⇴~j/喞$l~(q I^pgA@n;s2V[-ŧS Ɍ?X,O$}pMP!LpknmX퉘[F3_.a:bZPv*#{KX6  ^|-AG"b*U@li ?1ƿC`!Wb梣 ˤs*4> ΀hRHAAmfCВ.SvA($ێο*;wz[m)W&V6G/DB#,K4xqVB%D [5rsU7ӊT^_mԲ;„G׿4kDC QCsW[ cc&%}u&H,}Bn/Ƿ4ن, y 1( M/6W-/+x]EXa,[ rKJwdT5,[Zp_"xC` +*q3CwTݵ`r5U_$/OAVȸfv. H?ڳy%6]0jk!*#?:]waEWe듲[q% ;W| @!</(9YqK3YNk!D&Pnm,-&,_jwZal7!Sݴ"vхV{0L$rz93d*_Qxx뚲ՁqlY˶Qnv|uC,qҊFͮLc*IՃ\ݓ8GV<v>] YϹ,ɆCGj4f<}2{k;G:lծ >0,b[\ b#pP NGn]$ە8`{Q֞+Բt}Y̓<''æ'DZi3F{(/]6Z#\]?.If%61%{s`$+!zyBBl`q<}b~(+ȣ jd5&)r'¸vTZɥG&yE i\mz ϯL+ʔBXKIշiOÒ_zy0΃]T߶yݕ,Qv>]i^1)2F m~ZYLCq#ԾC-rb\yz`"[x=<~/{!B.!S[Mڒ$-j8XP ^UbʤJ䡬L50ĵv9U%1!.OP\gQ.̸K]V٢Kq"`e!ճګ]So:[UI,>gc'_/LWq41`Yt?M7&,ښ I5\+0M?pTOpӢ鐔ʂ !;ɖPaG F@.pnS#fƐd7)9Ck}=N?1pWڡ֕Zd.4/zu->EkN=[IQ OuF +'vS@-g܀o-s<RMՈUyо̒Y];]諎45?7netbj_<%u'I!>N[z}χǼr+2%BmtJ$jCP wJeaK]ΐj ݇hf='>y#Tӏ3J;MLBgrmI$fvqo'. 3@R͒m>/i?T0M,V|RGJ&0:P ELb4TFzgIIC;˴F{sDĭxb>!@Y ɼT+tF'ƮOAfpq>̩Mm l .Wϗm3lOڙS]Bz?/kCM>iUڌC @̄Qe%) 5Vc s"4M9` 3@,d/mW&GЅ%Kh}3ڊHWs’Ģ#\>8<[s&j0aL!A[瓠pag%>bFl1t h];: cC,~97Z"SxADR`o:jq&;b @w_>h yBn[7^ ^$0qQ! 0/7WSNӌaX9,bB%nv8sVj\8#BϻZ]<" O2'|$0[H8TT$:CуkvwC%vDBKp3q8ɀJ^lBLo=6pbTd\!Zoi,Q3024p\բffv $7YJY؃mcQ1MzGGfLHZHZ ƶ9pmJd{L:N,\ m%-;6Pf!\C xE.;yg;J51A#'z&!)$>! {"ag-iסPP~DQZ~*UkwaC\gu +S64;T5! `wOtE{Vڴ> mu5ه};?v*jSKNPgqҼG@"C* T|*~.dDM'j[؆-:l$Cqr#Q'~6tb3T`O>^5~ lm QWJڋ+8۽pMZkŰw)JN؝de>x[9IS3?TW(ĚGZ׀v:.A"uЯRW8d,T)Vjmm ?fRn-:Rxx ,K^e"~¹bO}AWw. (nE)k jw\Nzlx,T#jϔ{Q&BJhA1v: ū2ҜXvg𜸮یN{NEא42v|,NK+(*Bi.n8ZWا%CBz48މnmGs*`F򵧰`c)*<Qz14y -.dG^ ~KWn x93]ۇt„na'K#V4M#/T7E C"|$F{^\=4=Fk &Qw.ލm*;M8a)$=$u>hCiA󝖱k,],J0ZZ]Au,#_]eҽ S/EϭH򥲬ӱH%)~U^3~vyx)9u@}. R`28711*kcJgSOᚌՈ缙^/vlS\ !p{"PGaΆvx .ԽԄ$B!MYs:s(,율?OЬ<BI&avyXK?+QZjgc}r.{Xl =3Ğ' G۞l=!rW ߇p ӎj;~_mGES)?gvP!o%˹A4P|KP*CH]L- 7QF0ױ2/Ahx1Hݛ 7nV v+4;ڷBj+m;qtTf16, 'BQovUmGUKvv8Ps (nSc_g?Bfr*?nKDOAh <} nY4Ph2,!{k]RRH+:_3Px I ^=X20.Rc? PR= ]`1# DDCh@vc3]qw& k8d ($8B bՊ!? V-LC u r`_grxThLz=be1 Muee2ggϦd7R]%s>dl8pS6gUt6˨:Kf.~i\QWlڌz&͋#>ﮝ0B2'd:`WeƠW UZw`ƕ7QS>l9SK?Ojmx|',!>9=OA̸fJ$7q}O k*w2<< GE[J9/9noy~A^] &9'P{5P?LۊHwQ7}~&Pv*]msn. k܏J?]N ;z?E_4l%{ ?Ӷ#j2j֍ دjB;u( ^cqM̫|ÀJ+._JfjGKv[64ra&C W`v T 8']ܐB/.Ve?[Da.+ 4jLJEGU'.ibӅ`>V_WZEQަoK MTÐ38lzrqM \ bDr!j"?~xԉ̔[7I8Tïӫ=Fq@n=6~Q5~MdBp4V;] +ݖwecqAC0J@_(]ِ831} n͟mv#^rpWkDYUZYuH]ߠq&},xTyp:h8YBׇ3pqX%A߱v՟dS4{0͵@bVAs8(8Wuy̩΁,8}c4R8"5)pȗٲ-)Uf n3ip{^-9/\wGZgfͤwQBmx1:F[8!.˾<:9˰`#^5'wAy :!aXT5psV5Ųgԕ4 ~ԁ "]MS4OP.9UrLZ{uݡ"QᇹE9x(r.M*e@XdUf^|΢zڻuto*F$ OY/bSdj UyG :R==w(}GOB>ҝ6j D6f_Q;E$*ܔk{cο#R=h4# ^[{3LVEE]ud)c`@Yz)U9Uzyl\O$,\3os cS"U6$K<ܣ>5TaNLM0 NoHa6qt8tnI%Ez[| 8}xPgR1݄aHY+$sU~.N/h$S>ۺ{ \GKNE=ǧ"HM lgO[_ǫkVBE8 X3jL"j-aIZ OqF_^p=;Łu8hA6c2b5d^"?󜊞ZA7 ?FP/3t'GVlr>qu'2 ɋJpQ55%'`hF|aSޯ  }ödW-,"2޼s\pMc'{S2}HF4 O]j}=Nʼnƨ[9'5IU1&LVH\m/L^CEH.)a~BAD\AQ#0YOfRNZY,]6ŶQF4\}$jojvZbkRJ1wi S%dP?@y2-ĕ/&i& HGԖwOskaՈ[둞]B1rMN)3 BT%vx!B ؅qCR,{G 4 LQ-ƌQZY-9Y0lLmR(vgOF܎}&CD"̤a4[Ms,fkO\3&XbC EW#Bca.e XeAXPF#Fvr_!]q>\L9,|[ 0R|#?4McX-!侢`Uۙ݌ofFn/~D0i8Pi4T*%|ĘWҌc';޺?7V08i[_m!-;;4!n)}K긳d1GZ}P`1̆ 0^N@~EǴ5Xߛ V~eXH 9Bn=NJgkJʚ=Detha Ε;5{vГm #SBM Mb"SM3Zwi dS3;|*h>Ed9׼c;g #R%p+. ᄆr߽QgFn .I^;D؞0.$k eH`DloޛS6| ]7Z9\)B!ۺ1(ZKo+[Ԯ`3痄S!.A*2EDнu6U\k..bΣ:v6 6k ㊝*S?_c)fqCZ?h!{%-.:ӢJ8e{%-LrM}蕴ED~?ofǬsռq00_A\+[9=+S[V Nx2Bâ˼+7:A 2E7J (dҴX$u!Kcc)Oi]jt(A1&E~ͯ[ zz?#R7A.-_=!IbԲ .ˏQ.ePdawov$ŰR9;r.y3uu=K<:66-y,RVQtBwf{2+bEraL FJa}#4i' ^ 7@G΀HIt2|aGF#y}J2!垍Pm{ N;ӑg@a[49Mhf,mU^/\";Ø9!xS$o$J7 ~ eX!BT d*0:Ok 9!oR&b*J؈QKD7?TBi:leAOuUvFaCVWLD%F~Mtt$u7ݙ9ꤏg^f|[ꑘ΢X?ys;[>Bj 2oц)HJ5pHn?$>uxEUf' j_nEe!.kEtQ᠞! u$(+%fWŦ{>͗s4^T94@\%tƂMxx,?;|Z8?;)ڡ&>b*kf`S gCNH&b(oNOKXp)]nUGKxF3cIm=߰/9[PWeNzmiYA )Oͱ?ù?爿cbZS ! A_ >6Gqa"KΫjyE[<=V"8H]>h %O%RYq\QQizb? @]LSgE^G8($k|&ZnVBy9B ō\/L6 tcp¨~'S3'30g=9,dU#@y;üjLt8 At[21osO牓5/#+{!Լ'~T!NN'fI8 %jHq곡/cS)#q@83U3#DPbqOv ?pJ$: ^fʰn u$NmpOx'~@rxaW7߱ IL,5g::ء)7aȶ~5v {S0WGv(a;>%tL1u9n9b?/4J[&nNl^cV(*aV'DkWj2J1ܯ{k ='^BU`6ֿbEnr- . <ټea =!ޕ ^{Ĝ䵭.=Cu-T=UR_In܌ N5h9JW>] [9aj?NX1xVǡ".T}_[d庀:v NrWc2M#Rp0zN@%갪lq+_;_Sѹ&_ Y̐tC`/P:zrύal1U%<Înt%sY1'o$뼯wۙEaNdK_".VA?h3uc:b/.My1'uSɠDb52ҕ"Z3 8J;{W1 .MimRHn\'D( 9L8e0ܓpW ]1FKl="F! psxsWfM7ޖWvV*.xC)6S/;E NriѾ6VI![e%ÏI:=E$<u[6(f|cIeQHSE3)A=T@)#D٠(BLZ #eDD]6bD8$"֤ ݨ-9b@ݍhPL(f>AL"5~H]^nǛ7 jTjniE׮ NMܑ 1Pm?޼B6pd,IΗfxU[ѽd% {i+$Պ҂:#iY棅rz;Xs!'^"֎vy+%iX{ /e6H5ȇyzhjgnqr򁦡Y]ݽr;U4s9'ױ",·ОB4z$[]Uu_B/9֗qk. `~S2ځB# t۱ k밶M=p˳)@>,p3 4_#eΖdJ__{7_ӫadCK=%EJI0^xdA1D+  #-flXzSI2b]dN5g;~=Qpf7!`~-Aan}l8W"zMNW^qчE Xy}dγa:LIn^܊ 4?[&3]v*%q3Xwr\Ŏ>oJܭٚ9G9GrPJi5o:j=yUX][Vuhe]ŠM9G̫8}=]BmrN'I>V.>'Ǹ.ܭruO-m$;#YU{sa섮>o>Vf[5| ;-*rʊxP@ u 8G"P;.6DtDwQEN,W=P}%YqUs=@cpFE>;5JP;$ (c7_4:kh$7#>zvL0bhlbAgKlsfF_#@L X25Ӡ_EU/TJ쁂JFBIW(za E-$7~f;eV;k\ƹ6zOVK_vQKXEXW/w-zqT8 K N b7] 0РyJ#,#5@ ܡ.d+d" u t,c夔Nɵ74~هf6YRV؎7ai?KZKx^ՄfʤOsIeA{S@3-W75Į2aC?ٮtMg  h*+h-2~ͺr (UKLKtȂvm (GK g;hϣO1794уCYxE=aQXPL4r:x.k;{-c&CVB&8(McM:GJ xdWK9` "4"ZKX5dlJj\iу&& c&OQԢ6y^-9ډ1^{1Ҙc%W[MfF^R4!6)Hڀ'$z{\k< Q;”B>0RNumw'>f_rn#@;";Aνڕ"XޓPm!-@%oUWiaʅY%RT xR <0JiNKPTS:jit1~PuTwš ]>mΥ z:+.RHCt*:ЦUy/aJjw}WZfج:__܉NzeHϫxm/ Zcaboee A.\ʈgErp(Z\.Clϊpx*r(7 cyJGf0;cV*1 0zt݃KwLz WExtzNZzʦ7]ZG2=E&HKuS@њ&ld=- cXx90c.4}'U`M"}ܵ RG5-?%R.BO%~ڽ+'R~ăp,(ϖqo 6oMí"8%f"ѯw Ƣs }vtd„Os'ZՊyN^[:aَwؽnڙZ,vw7Hx-S`DBO,#hVaVj*3+: A1;=VX Fؿвz9눶TΫ ;]Ԇ*(j&k,fkͧ(> , Z3뎵>ݗu~灻6w?*"wzW8I5hGB5[}'aOݜu͔t2^GŃZ_95wXuYZ: 2']lW3ѯ&Vh4hu0JD>L(9DA$z_ =X?͌|˲/$yJ '߼EdǶ:Hhy<2c{{v"@aF^z RzRȜl  X^z]*10[gT6@7E// ]m.'Jy?{Xn;3˂baUKM`EĵZFʠ3[QC54`ߢшN-O?-pQAWccflRd~~.:Cۨ7)0Yj۱ p Y'* X,;Dy EJQqV@ 6Ytk;h Zː;_){!!R9{lrW~凶6Pd g6ڏ {JI^SgD[ Sr\^r-JWQаODK9M 裆-=7,]9Kjz,69hZlaiXB3ӏqwtAm&!&"ϧK:2V~[k8uSt {DCUsۙ۲䇳 Y`Q Rb#3E75dCf .=iƜK尚jW>OUC1xR)!1A3Os`~@^qPA$\~8JntљywA?ef.OWYZ1ASLq (4&w2u$r֏@y[ߗVR DGTd+XSb>0b{oMbK>D$\Fe!NZ:pYs ]k)B7hn+ QzT5@4!њ>[*H 0)"žOU@loX";g<ĶdCj\b<L3RGS+4[B,=~L{^KtBrKJ[qGH:>˕__smE;_$Aͭʶ\@6+آ (ɍwmƾ9ƮՕp҆i_#l;^@,V]ѐc?6xC]7sotm(ɵ~`:0U;+bԪoN>+1DHd=u78; ;MrV tFRDV,*[iDK'I{_Gv3l93燶xPF0.g]U {ub4Dzq '$\DIv}**g_@foHB(4Lƴ)U,]7h>!>}$d-o}P[•4e \5>BMs"ꄧb\|ԝrQ6bbޤ&:%\GRI昈3Hf+fy ]-I|CH$]-,1*JeNusœ ,A4\ja4,C?sȤL^qbY{}+qz'Sm s˶BLgjV}j5rA 2,mvbE%Cxghp2.qn Ek0uzoO5$y3)Ζ1 dKmP>IwʂhkWJ/Ťa@LPmq@  VD{cJlOxU& hy#UoҀ1p~Re,U\`3{(?K[/)W_P# E&2"86x-a5Lۄo@rZ/GZ_+o{"Y{˺9JHYQqiýXHN{֥*ہ)Idw`Ma֜C@2ߠ1؋U)ܦΒ2UC&V]ԼJ*lSH$QU3h}at1x)ƻ<ܱe(^@-x lfZI9^pE@_u8ae]!TXw*%EX Blz]n `>?Z V ׌Ri-mAԟ_'$W;N" ]i$ &Q##bRR{uؙ4O`Tn,!1[4 [iF&GEBk>7Jn(cFRǓZҦk @Ǫ&zvT0P$`Ěq StfkHq!ۮ"9b/T2]-qͩCaz;(ي</`)a»@=J*Kހā9%X.$^mjm ՗NF͙l=V9 O:Ԑ3ԻV}г 5L>y޵:'f_)<`a`r@$ļ鳭VUD|zCL҄xbU4I$irwk% }.]Ec@=;5UF R< pHLeWbn\ wÀʺl-`Hd2 5ZY܀]WRU")̠:g%ۃcHeHӵ.܄wN kvBJ|Dd;' -xNי-}Xډ@2E.;>cjT<8"/|`J/ {N,sl?6DjꝯYZq+G.*m 79)+hg}ZɆzH3e6s5qZ#sm V)w_%f sĈ>pIޣ",J͛Ó$Z Kh(t}j+`uAub J@ۋ r {ߝ(C0,vtl,TIGԘ8 /A*T*j Shb0Ip~J8@M:9FnzGM;CVN#/խIn2C%QCsݸ<ʓ,jC2&yNiuVvFOS}qS1IȕM)ͥ9o82eUkޑ=XqOs4^Z\Փ:7Adq RtS$%K@-\_5Oٴ7QMCd^%HF{bd -6\!(c#b /yO,F%r\+|0+[X4Ud x=NLQpO慒^1;@s/`rz ބJc=O` AF;eRBOʜ<)Z b<U)QleI"ɱ۽n;K1 I[̛&@}R [JYTw 0N1\9c֤_r_b9pU XIqajySэ3+r28 A6e$M4F ^ujA9D)AH`nrK9NԢc]^lu%2WJlODRIxH.@4wa%޲5g1=,YZ FN7,]45&wc\~bDuS(YjQo-U]{W{+ 0LQH`l⬨41ͧ_b$Jp]C #;}f$O`}my9Aqo+S!/y0\Nwl$.VNSw1ChJp/;^d~z3&mm~a@@BHGz#OdFڄ-eEc5k'*P( Oj,PufN6tH(dS+z}c qxe? gu蹊ƙȚ:@)"aG#r\3d[J|Fl B?7=`EQYl|_9j|+y!ЋKI5epccz#9u")53ëP[T.+L6/dݪĦ9Q=k8W@[%7&'$kL˼>2pb/0݌az'?>V8|by4;հ=Ro dw曉+vaفvdى,qS9KQcfWYNs7CH///^ׁPrHjzkC_zҋJe9Gl4m\h=׸}YRr8a'I(w!`?a mc+C8b"Dp2}UB) ac!b~s_? Z40Úe*!F;ƀ&I.lvs#YlmZuJ| ܸn=Ҝ{4̖BG ՘2F;<8.K3(NU8KK [.jR TI\y<@(l`xI|'1o)[ڥp##\e9QS!{oҭQu,ìXNxF=wra HK\0'GAK qی0PnIh9kb]˔d'iνW"d1 4a{*5B K~FRϯHF;~{Wni K˜4I_EB< ={Mo,^ 6D.k0bbI!Prc]@2!~OؾQi$$w<.g=uzՅ"PEZVD_>u2\`fd| o^FJQTR4pgȕ; (uAI|^q]'m$)g@0&H8(4uIw?G + V!!Nc acpZwd2,*31˾՛Gv|rgjvx|X~ʷ>`4DDP韥K+2/_Qh~*>z!-o9֛Sh* u2]|zwHЍËfC5@t/(ca)bS=ZOypV6=57|+r DfgR&=R9qPp6,vcS3xnShR.ɕ?z0ٲH嵥qޤA-N4a4꿊C6ZT1&, ad3Ƞ,1Sʶ\ )vۺ2{2@ S2๳!ew~NU%1nI)ݒ2'oUb2c?Z i/YMU!QU[ɻz搤||-3Jrވ*kmw菨L(S' ѦCoOr ,u+hf#^&~XMUZ":i3"#~yR5-pͮZ '^~h'±"qѫkE='Lת焞">hdlTv{䓋:c`kQsOmިeckNTszGܽjk GYSۙp L i!m&;މ~v# A &;2%mͧw*ĕl/3L2wqŹr/'O;"CXE &[=\'fNIb$c.$#ZuGTd=ozt&˘ށ_Je:ʕ)OHqhBp}%K],[=)Ď+(݅Mt~\Q >tGdbůS } 8"0pwV>}~i{1Gf6#@oR*^*q.,-r]̹^=k D^3{ x톜Qwvdh3У?p Co*1?erq6]m[|dЫO(c:U͑}Lԝ`ȿ!-ܴO|z"]zư- _;Xbm7MV%*lގjQM.uv]x9[ nF6UJ&H.K]_̑Y+;!_2.L{"AB@i*+hbFLCb@ :~3aB;T6k%y:`5"BQ5rڍ_V(YAd&?ŰDqaai&Fou϶/4D{y~Joe ?M0Rtl;[ PK&-ǦH> DhFT>E3X%MeN!*HS IӶsmŢb3r TR%^`%;Yb#>,&vz1ݪZ+6{Gje;*uvMNJ2z8YzTJ u Z+~!YkҲOxxF%gBgI٫hYak>Q:a n}&WrO*(=bRs:dygh4N=ЁU3FѡlZEMwrsWB*qpơOTEHsQ\߷J:.ء&sH>oDMD؟չ ?mV'?£ggVO];`L>hBX'g?{[_/cfT@<2N~^A*UL /ߩC%zJ tX?4al5UJy %c`;ۅmwwm)BBkGGn(a6U(%FCbP.ʙkY/`rC&K r|SUCaĉ"CP>LS֍30Ε\9h:tYq9/X>  +u({5[ְ?34JZ2\kg%iq-퉥0H)w>ƫb7Ψ؛f)c@'3ZMvˆ̯7׆ۜ8+َKb `>(N9L0|K>\!VRXj8@R drN 1>O>jZ[qw hɘ"hFkZ0jrB8֗E: r&Se֕+%{Sq,W⡱`l{ MxS_ M]AvdsFJ̠wY ۮF0ZFY4~Ѯe};59fRB}1L\(^udްCUOWd4< -Gn0^ &!E*3tSmRW{Vֵh2&lO׎PM뀘b\.7x-n#[eCI &ti YClvpLp{ÞfR."ZgL_,+yU(|/-_T͋V 0]< pB7-p'5;xjy`y8p.jۛX5eªȟW0vE(z^+S,̴XGf$^4BIe_sĖNL_0`f9 AJ+9`ţ0mk ;‡c砈31EA^X!E'd/#ZgN.|.2Bwk 1YAF9ʫ[ᢧd:aHʿ<˲<}eqF}B(dT2 Gl&9o'‰嶑_Oo!Gu|27kW~+(L U=23@S< ^H{yy : ~֢%fyq:!F>HB`-{,֗]a{ui0eI Tybef-K~ @1|KhX`C!_O|M˩kԯeMy1Mok߼8  5V@>kRV }nRlٍ2ߟi"v?ϰ'js{(5޵,0S8  o$ňvk#Nuh 瞼&1]\YUbYs36j=Fs~qǑ(raiT GFf"&OoԊK`Y|دM"ͧs>DO$[[D^Ѡ ,Xf_3Ȝ{>$~h =hE~)ϫv#9q\e76PP/U`: @1%S@ď<-'2+iD?@q.4_>9o-ݫ)繯 |. 24Jw*7`#*z4 &;1b7xz6J*1G h]O|ӺB,ф؟oѷKp57ȍ}uefJ݆u2`^`1FdOZ`&Bw|pQpBApRoghN (xlN'(nlfSѤ3*Jl̷k>?0k]n^@ !7!₪MŦTbf3Ȯ$U [ BBQʸ>dO2(q.HfDzYA!5ۗd:ʦ:n۲N],_?~L!Rk6 \=7ŴWbTȹ:#f *0znBGGDuÍZЖYAY%b$inB}-xE)U05I:5ߘzAr\DlDjw)Mk=$ nC\N0? Q<rr0cHf҆?ޏU~ s_M;C u -x9H?X(0o|z l~Бq`hfn~6p&#B?ubIDE7lhiXV1ǥSe M e߻"F ]=]a^I'b kܒD()C!Km l;҉GohLɓeWuRR &UB LIa^U 3d:%gmPX8Y3mB*`zP֤Voq&_Y$:'@ ոٶ?OZ9 rcyRbpa,z |k&Xm~L*(@{11.渵aoM,{9W؋q GN}h"2~(6Фw64 PQK'|n~.eźtV G?VZ,hD;\^8w }.9l.oNf%t&apMv QD\_ q(3ƁQQd)׵{h*ALG~lW.lrF(j]G .kK+r/Ϋb]!9G"(=R_aݝ|hǨ}KuX&aj~{8. wڡ߿n]eLa| S2Bܫ!YA\ԼDxV@uJcad|޳KCd r;UG9GSXdJ{'`E1 M#qY hg8zr?ㆍ?e28FbxJD sR$+٧YT46e[lawopmR[x%l?,sfKw e@KݱfawsF^e[ )}O{9$q)&/FJQ %n1|OX D]"b{)z1Z='ɀ_GcnFϡz«!ZȢ1].#Sʿ ~;@NB3N}7p(..Qh_7sf'8Bbڮ;Ǣ\lXK6Bb@OC9.p';'4B9ghIHȉ\n?4:g ?Ɗ5t6gz0^GcWfӼOUB:~ЍPm)Lj9?BI=RDB L̡[Vġ㷶qk;*D9m̍PCK웎IiAˀp:eI :4ج~ZU3& aȇ%f_vr85!1 5OLF 7btn9hc.͝n=Vq6Le."Rk%yP3\f޵$v}U:ϿrJimO %BbB]eϓCAg WpڮȊ&ʤק!*U\π0kSUkg{ U!y<\Mg(=⯗#f& k`jc HHECw6%ewA+i5p׍"@xJr}Y&D廭u;N[K ZSa)nu co(j3 -=pϙepBas(b:$ 'ޫ勒~t~n8koRf"0`8t0s0$ѽPQU&uA{"T=ޭݾ ۍ!݃w1yǯ>$=FyP"&S G?$[YuEճ+R?sk䎷gΉgK;W)UNDHɢ_i-q෸7"fB|t;;qz2}gt ֧9b* {suVM1Ӗi8v =2u'Kѝ^+FZk4,U>mdCeERyg;LqJ([}ɸa` s8b*zUG "bk96}pۡmI16kx4AHWjb{r (G!0/! JgxiM =\CfvD&}^Qʗ^b5a:s@6z-RG*A"[W:M9BHZryw6^p@g Sl 58pjY&H(E6pn!YZʣ+aTŝ2sxpdMEq$w3Uךin!ԬNr5;Kܽ+fѕiёGYq7&&m[SHy( EPE2AoJwInuu%v3sB6 F0`:a&n%{g,3:rp!kvVw QfsmQa7۶Q50,vmP)e[N{.'Ncd1$&G SxCw$~Q}Ъ,bwʆG?fS2N<=yڌpt#?qWW~$[Q hl˫{s̎Hm caa&25_mʽ5 ~S~V؅_lvS-tzVޛZ\SGa94y;5` |Đ8o@o59qiƴ{Μ:.@kCegcCt^疶V#ZgqѶ 0^'a0+ox;Qh6܃r`8[T*_̍ٝ+a[z> bs.ũρ'{ uېLBhRJ8,m~G"RYNp"2ސS^B;= ?1IFI"i GQꓚ߬\bqʠAg>- 3]%u-,7EV tӱQiuJ1>L!YE"Bd?t 9Y Q ך(2ብxƞqa}a2]ci:k0 G=9yfYcscTdLɥZճz:g) I1kt& [!FT> iMmY߫Sdj?+s:Vb*B%ZN`yɊ@q0`Skސ:Y^;U!|`ٴj$ʄYZm^!r~$%c^U47R~; 8)+hgFW"'21vw^Zzlb"ҤcI\Vq#Y-^az|oyΐKiKYޕ!/I/ yP'HYiOEJAGqtn坮1 3 j 6.gÂI,f:euw$9B6vGp®WRe`r$qgm[Mtz꣮}hDvYn@#&)_ 3=cT _'%F;reC_.Wscf C _κvnwNK;oj6s3@7T,tS!OZ/,A1#v޲cB [>(@Oj]QۥVOGmTQ?L4,51a1dox&6/bwt0䄆ݲC'W7^m*I@|$Mq0į[ӡEm66ݭ۪cHx2:`s7O)w_M/OiU!VgR69ҏ(FZv1 qC",El$:Y½&@ ~K~vl  }3aY80XIPm.nԚ(*v;>RCN)Pk;X 8>}ҡ6Լ^jBSb8c#ѦXk&yk?qlo\؂XJin,$ػKkRI$fqmʢ=y FO)y۝LL ]E؜_0j9kH=+bWOKw](%&TIGӽ[@=}Bˮ{iX(*3wR77m1+ O+T?/=|u9?*p =|`GF-j(umg>Hp'c&cV!Y狹}3uÚt*,] oE>-:]s-Їl~>Ǩ'kD\n;λ,Ҍ4oZ0a7{읶"~"/ l@7I+r`}7OCgqV M_LgMJ69ejS[+B$|L_t=y#1 P HGvp)k.L5m Nu4Z_uѿiBm[Pyg؍sru6ݞ0: :9f jVrXkhZ^0$[J*_b6"NbB ޙz̗Գ0д޻-PNi8z*a_]gНSua8O`_3{Ƣ/Q*.;Q;~E(g&(ǔ)I*6)8e.m)lFB~"yOTl4~:ệ*3w`Q>`x6x0l!aB~U`.:'cѓ2xg bsU,mtHęN3u#{"H *qaF-`#`7Wȃ,-w+" 1"Ly{vvaAymqm@VM_}bJ^PT,{K}l` n_sCN 4;Fq_d,k d{̏G7 }=X6n yeyT=]˾Xؾl<3X{Ɩv: I(ddS-so7ٍ'nIf@A=!fM6Q6;=EZ>,e(jQI[IB. H@B/0^wPٶR? Slm(4;2i1V֣4݅,zQ?cY#$שWha LxkZZ#0EE|2W:ȹᒋM=:!o DO̼\3*>(E/ eQK<'E~:ѻ*]sM0C+0ƠŻGU \@>^#Bj@ ý{)>RO4`aYaʐ qAM /D~u ,`ӰdBdV-7i(4PF=񇹉)w샍Ĥ"<@:ԓh޹e zaF5dGW`"S1x.^f9m. $.l.8ar/#GOzTn9S;V۰Խ~MA].鹆п8!'iC$2$<_xW`t'6c2%.v;UVrszL8Z▥Ujbu1sCRS%_(ɠC)1ߌafDWCmz|~[h6帳38MdH8Au)[|m7g' [jaķXtbg |vuiy&)A/.3J;;?ԿiVs &o3a.aOz,Ly; ,:#P^NtKuA n{A5֣O\5 S9nV覲{SKc1y}5q(NUe9HKz#Q,_X~*Y:sSr#5Mak߰( .S!#@[zej/ߍ|Q' QjXd:w]?sjP 72[B,S+;9y {W9 g %G7.(٠EbTo#W2坛K:護߈_=*{MqW_vb t.2uT W~*㡜 1/Z+ՓI 1Eq{ڈ~O/PP-iF8a`M3Ћd!dKj, PyX%l_N|/ {J3h0<#W:.3<ݡЛ%HhHX=CyKj ӟrkWʧz3K W4iRv9uRiQjf?>.H a oINT-'%G}Jo1~^*𸙸*HWt[3P:K^*V= T9Z(?7LPi+0%~]CQ]P&j.n 6>n; Gim'D*+WU0trrw(N $mX*IʂU'WUo*T7㼠'r- %OREP[nMŒsef]-zK ƿ,44oP|Q$Hly] %ge7JϯX: IpŠ{_gh+ʦN"a~A|ڄ"&ukdGs4D6&pXwS*TyTLt\&;*a;l"ҿ2~YkB#$9<]|l= -LAE'9K0jRL!MchFp4,On"\H-0̈Me[N̖ sn}fډ >' (k!r`$F7oz\2x6cf}6#3V _55Iq!1sYK4HZTHXz=2;5 TZJx3&-VnAr"=vӶEQ)KyVrwb\P0SRT`37ƲNJ!xm+Tw$pY|C (5ጋCn\"%;xkX9)iIu=Ic,qBH3=pUITcx.RTF#&<$>fZ-w>qIm(߭,_Lo2k+15Gp k0A| {YtddoX=#{|3`reם=ֻF Cp$f1?6Q^%G"9Z+P'b7qMlR4߁~gW3%+h&lhzq%SѐFᝐDVxL dto_"޳D@)-Tt^G6AY-̟{嬌QN<&,׿'uu/$H&p=Ywp_j]}\Ͼ<T:r"Ku=9f>f NژoW\zV (ԕxa LJ K(J=Fhw SA@w vm&Ы=r|% nX`m&" fw˵3SnWE26z [8.RtmєBiD>oH=j<&oqWJ6# Ut*DJ_{= <ВPY 4ÒADvD8ur й3ל}qdd2EvD+'YciI=1}FxCeL~@V NʷGpfCF$^ g"?3VTSmIj*$PY̡~GSf|B"+{mپvrpmJaR/Dlˢa{p!_(+ W5IE0kpƛٵ5&byv쬼PeB .݂r.auL5Vb,)aqNd/[#(RG@;+P0V HA8 ؿSF̬qNveXܫ:>a[fy`u5E[ړf]ھ[A" Kfo%iZYB1 [*s 790} QP4rE] {ĩS4$# @8ɔ;H:3 "ݱ. @uS!P$4YSW:GLM7JC+?VANF}*:+s >Т,K)KQPx>ЙIHV%}j.8X~BRl,:7bn-Ţ},rb7Ű ;X$y4tاIf*ll>6|p^UF)W=wVNllԒ7]Mspä@z $O6OIVL2F|s(>?@qfRL@knvτ3ak!1?%6U0W:@_q.8*AxՙRVˁ䘅9`H -Y4i,`l> :|A iUCV:زwzW1_6= V\dͶUc&kB#,3zD²1* y7TE3Ny>AЮa7o}!;~7p')@.WJw ' +97QJ;^ Ih4A0 GPC8ĄiғTy)Z O5l9dbk9T\,wr^.;e6 bǍ`Jڌ}* cđ|iJ;39%h+L~>땪`&P]'0Y݀'S^}=ucX魩/_SHxm>j_E{ʑc5G 1g[ÖIY6 R.aox<[cZ)T ji@h+0y%&8̦k[~Z~;P2s[ǿ5:ZTFZ$41g/=,냥z>b0C~C ş_Q6 ]H|-Ȗ4 x{:0Oacf/)b:=VXXi>|b/BhDDrƳN2]t[iZ}gYkdkux\UM"u9%Η2S^f\Ү,Szkǵ[fD uG*,/UA-L5-9 >Ѽ4 k-Q@x7XG? a 1̋5/=6(-M`íJJh?Ǒ}X PA3>/ڍ4+\YdO[@͛6"8gɴ"'n9>%%' lIi9IS5߈ϋ0C ~:pW&. GDX@&]^ICLO/dNts<-rF W˪Sx,mRkQʻ;8W=Fmsufh׋d}ɠ}K4c :#Vt?]g,zR)C̓?nVkKAR$Ŵoʵo!Zqc'n*'`3n ЊϿN諻 7 &N\f;P9ARBm͍R*]Q}Q\?X5^nlH$q:'(tTg }>'$v587&@q5t,@Ǩ3iҶ3 ,Ʃ(ӼCYY8$3lp~ j֞X]@JC KtNdp~=(oP;s Simi&}%7[CbȘp?v#6Ƥ&ڥWeof [ 狍EJS9ITLn+1ԧ|^m*ćsr #|jm TD>j)8}(MFvQuPCg, Z O/(Sp`' 3ws\YZr7Jt.]DTCDCɻ+( "J-I~QVmy7H#kHu~vg:W}LVK,3#ȫ۸iT&-I%).wlLOo|˧Z=g!(@ԣg/peUʱDpD%cHHתt|S56%S0~r*Oۇ =^T!ELo " 0.y'p5_T1제SDDn˅9rLjGO\ǘ *=9O8nEGgefm 5"` ap1}f̕*&b7Z3؊EWoc>'f4 4Ta$/ >9$[LZw {E$*oN0SLUfˋιHpUo\~q@Qsh}XPA;y0&B}&Eô@ɽn2FYaotL ko 8wz5aKWߤhA4G_Lu#+J,[b;B&ÞJyCx4W-H4*]bvmxUK#/gmVy 0t!o0.н(әa;*"ȅ|>y>?46klcI>CO* q(J&~CNB폄,8z(\. zoA_F@-ծ~:Nc۟/ؔ.?8+Kpq\gj8oѲv]tזЌi_Ȏc*/x>(RW :нAY≐̱ ٹq9JE%44fg%M"=?|X#+=M;"0HvCᗃ}Dmyle6F0=g# {\-&N_)먁e 7,)O$vS$Y b/Z.XHXVgU{oa!KPE5ԧ*7 C\ H^K@vf;ǿv@HHEBKhްª`#a88'* \XV;Ո"%HʹW!Ii*[NIV'sU6żh\r(s:$]ݥBAC=o6dP\IT> @1\ 1%ew0րUX)AM޹R|g,iA1ϙI[ѧy=/a4$82 P)ѺԺd+q)m}ҴH`F.րmCd51nϜbwáJQX:DPaR<":l/5uQ8:LOtmWM_5 G&2q&;lMA} mW0Dy&uGLK얡H&T"nIM6\1Y!O[,%>B7 ɡ 3 [ݡi1-L䎽|'M<; [5ϥahPi^@n&S4Yy]w452C$yϙ(  ՆClP4Ӭف KCrBɞ;P ,+N=V$ku 2OqC2lV,YbBC'=ŵz̭1sȩ 3*6fFzhzGS92/eyIANϚSB m9Cq)iጻ+]C{`[iSFMB;[z].lw|Iٱ~VNm spW"qb;uEpmS_=a9KY߆\e5[A:-z˹[4/1+KMva8D7&sv;fQK5`KlB妄uIqDXWls88wmIN&A+TiE5qFЋ"W6X{6#\T3Bj NCe#LKH?;b9dB4L #)i^Ay&+E?aP@#7^j.sӤ2F=E&F- f YEJ㱰tg tʜO|GձTsAе2aWKVUOxeC7UԮ]ŐPz:݂9r'} CKp hA,N}ڜf/zgj{ >t Be>ne VxAEF=!Ƣw逍GFŶ|97 [_,zǚCCd{1;ycB?a+>a{ ŀ %i:Y#\ޡ%Nw⽺@+tClISʬ?z@),S`cҳ5Z! Gڢq JQ.2;5ho5iB$x?K3ѠMs=jIׇ/4o4 )r+AeRcUjeiWqYrP7'Q%*NZ="6t8ѭWb^}W7apmd`? U B/L݉.YMy( >{gؕ=CT[@sX)ٿF؎!pە=aɫ:aPmGsզ9nz+-DoQRL6~A ]02 3z vB N>yBTLO:$BZ"c|`ʎjCȨ>٬NUJR%{XwܺXI:ߔgj2d>/CnٶBd'sifAa!+e ޘzf\K׉%ұ{#L"-~5j1 V74e5QQygC↔x*_'K^o?-.5%+1`lРQmhg].NNY'<8486 `^g)StH]u Y{QeYRI!9j$c cOj/Z7~F)"pɠGq M\U6bT[K)$WR|aa?4I>9H9C=qz1(8RB &>v ;(Oۊ(BhAʥyTqܘ#}4gbzt-mH=t': 2 ѕ) k7i|Sr+R Uy! H*ˮ(EʷQ&dЯ׻>Ja$_Ͱ ^lTQE*+ҙVLxtxE/rJե?v_ gWФ*V,x']tC;k e~s?nma \#'t tdiT$ J\:~+4G?#.ߑՃ]1q6be7nKlX-hPԿ#K:. ~+#Us+O@NLѰ͂_tXEe_|M'4#!uULn)M0@ LAޟ:E- '+q$nDBn#@O eIDD !pMm m0bϯz )Owl1Zae5-kw޴WCYt<#-fg&yZWJ4["|y;q% DŽDZ$^y|~\秈uC0ֽ4"#qS@X7xЫCEnuTSgH̋+"8ckWMyCf(An(]c An39}OIDy(SС}7dcSʇWA͓"mg]ݯ+ Gݰu0<4ry2CfԂou9L3 fFzyGaiS`-',]AЊ_edϓ1& %Y;F!ȴ8"vGljd~OIdC\;w Ϛn.Aױ2}m A57^_;/1C2U,ė(v7#9dbqL.).S%Z9rUl2)1IAݨ\z6unLץ k-ǧt(-~F< tiKCw-GY8n &9]tbq)Fz ALO\:\Eҟ!@/XIZWЅsF<&Ěƈ4E'{ Ba12A[#`F #HŻL@-V!@7ұ Jwԕм9)v6fczk,Ζ[/QAnA]ytثJ}NtЮgMlZ ڔ`3ڈ'oPEƫO0՜6$++O/gIX 8џ31%27 7dBCcF#DzPVرrLy5ʼi)0( &s##//.y#!U1r^ImM9ej=2EbMZma9zSIׯ <&AM#Q߸G}#@HɄQxF$*JB큉xpz?8\TB\ wv™q-#",~!K$ R}YPrkSZ?x%%l>G6}6DʡDmtfӋp ʎi%uR!Yf٪s9LZcDPZ(L`0>phe¡ZN.cQo?zg Oզab]<,Sk¦6s"=A$h(z @<^Y'Z= 8R ,CkuL̰t4:Hų r!ەTt fŒRFrɘLW<ޕF)S$ ajq֢uBޭڵ),<%6\-gk6 ?^R*Z&Qv5g?/͆/G7#NT˃vC4u=`V{1t?- 8FRs FeiI+)2ɩTK,!+Ќe9'$r 6smoe#BϹ2[n)c^57dr}#H{uFgz 0LiLKRjQ3S<'NC]晍fL2$#i.FK|D C+ >xhs겐6""z[u&ωkz(Hx\IA)Jd2V \{Hf+6 SZݙڱ̨}~@6|Z$CܗB%$P5i myNDMPM C>RztpSNV`mX|5Yğ]$x$cGpjp,_w 2+[{19iKlUӒnATԏAhn\HE]ĻR-HҤ i>ۂMS8/h˩v :mwx6B>NpCMy>/ yg7,V yL Z$ū#,ըO<.ȭ NܖإH`7ErB!?$ܲ+xoklwkl9qŐ'C%tYle^{h0xxzVY5H'VVPy!6oq`&ˢے:X.q/n,Y!xh 9 7%-T7y7UآBBн /1k8:0V*/8kO)d : \E-4Ɓ'd:6l^f$;i5$)W-}ϔ3oԶ/c\~.u|{M9e}:(ĬL+ήrPY4g'["a%p*:daIk9݆&ф ST8 ug>ЯF") ϊ{v7?l?]z3$|ƛmZG[\fUYP ~$|B.%A9yd K=r"5%5&>Rȵ&XOricFyG^?U/xF]T^ql,瓭pM2k RW6Ht`V5؈߫0\iƦ+> :~7EhwgGC_Pr|իg/3bوp.i?U2]X%2FRggZXR ]NSU[u^ŋkfǷ}T<{2Gɿloto-VIGewtTWMٵ?,1P /|PAY[x=\L5ݟѼv:kڊ=p)pe}KL|C9407070100000006000081a400000000000000000000000162150c42000052ac000000fd0000000400000000000000000000002700000000./usr/share/man/fr/man5/sssd-ldap.5.gzDYͬEZb*j4=t*\/RCN?=`@QUDbzޯ |c?:OԾp[I,ȧS%~O˭3%yLN u+v2ѷiN"MT܉g_m?B`+Nvm?ݽ=owo/ˣGw-59UXϏ._m*`)@!mdu.=wOg1 6]W?nvq;^ZD@NE$A'|q|r$^:yp1ˍ;H۸-{;ڰ>D7& 1ΥNŭD(s:Q ob)r8(K ny0L2<"|Dn U&ʈh ʤ@|~? "i&#i1O+Q?ϸ-R x ͮ  +J.NNDZв>_h0>]ؽBm$D7y$LI ==:byFgq O$bT׸c-_v]"{' % k@5wR[hiQ6k )Ő?$W&R=),@eFّ֠"#߽>?"-rPTu 9e,@[#y [ͅ^5D #Kl{qJ@ CDen  ~]A\ $;ZҶY!toq +\I?z%Krw):G<7 z)L@#n}{?|}r>-% @Ya3oP@ 5Ũly].;- P|_DȈi-/PIG? H.C?9JU.A(XA_gO>Dmy~$O~(Hψ`ҮQp`g/($h Z }XG6aZ2xs4x3vw}'_} *{Ti7FWj{n_{Z.D3Qh ]ӧa?ԣsV[Ze$]>TR'VvT}הAl? &~%|6|ux+ EeZ t``8>z$=j| T10PgyͯIdt)[=w>YJYP6 #mH_tL_l5|4S߼(#^=\zlh'j=tUKA"eOQOJ?ä>uuچAÇuzs 9P_y]/뮮`1G/:͏ؑGkhsGյE]\hXs֐MqWndBa!EOM-o`YλKF5v5) RcHviQ}s4 m%b}3tsT+߫ ڽ $md{]7pԎT ZS*%OJ)dp/N%i+cE$~T4lKV𙚍"ŐS F/w0(N55>i!sy#Z7l>YuIn$ו(= p{_ٽxPྲY "?j$FS!Y}| pp*)_- WWBM*,_Fq2~`W)<<%#wt JJ2:X\>roᭋXذ|Qc%,bYF@4ں ֨P!(MUb ,!{o"Tbqo; 3)iJ-؛JYD MC<7 S`TeaL4ˠ/QއMʖ{#L8;4\ʑEi)?pRRvˊz&t-\q=m]{Gg~҂ijX,F#.u`++v0k/WC a\wԶH.ȱDG7^WDt g^vjlP:Nfi,~" YygsMWb=ЙvYʙҸXq{\HгYR;x"W _8z.\IKXi쑄 8Lޜg&~=w3{< dDœcOz -,2 /H)kGx G*$!LwB񒺏d uL 6xɈzZG-` U6R!BCcXcoG-z`@%׎J-̑eKm {bډŸv_8YmHWųOI.7Q⽕8Leƕ4$Nc:4 оW$bL>G0ަt!qLq܇ŗTK =2,@Վ :N7_|(F-!U;8$?665,r}}*)S0{i3MHnӂV\5O_;-нǡӫ5h{b*xw90Ժc]ZRد_.} 0{jOnQ总?!WڌV ަ0)R*pM >ܹ :%gPR9Mj.a֫Rm Ģxe6jb{Q*FC |5m)ѼnD]Uw"G/(-eU︭BuaV @Q8HP8:^nog_8;*Dgxe<WfL7xj+n9a%zny 80D$~BJ󙭟@}4-T؉u4jx; o!Dx8oq+5Q#/pERyc89)%+A )*Q;R$e bhe2*C_eV>U'Șĝ)Y1Q)jNQVcQ$1wKI,UsGRp,Ò=G |JCC9}{[6& -X87≘R>LGu=k֮_Oj; ~P,Ȱ*NTilaa:&y_qIr+7kNhW㶶}{ p᫭BWs& ڽHR@l~WzY}SmH2p"׻nX+W-~ݢvLt&SnTA# X s5!2@4.8Q,IEU{Z&1 ~ys84^B@Iʪ<8qQa"cYSYF9FVy5չxeYWFh)]Cӈꪂbkٱ -n 7%qducCpeY3vVԊ~ٚQ(=xriyQP~H'jMNL'& Ӽn9 iS|'r;@]@aTb:$&(EA`+(DCAրR.kue+ %bE U/Rʔ/˻JRnePŮ^44v'ݯE`e ><x:MdY.c܆Ӕb3S(8Pn+A8j%Px C)NABp 'IiprQ 6ab)(1wSg"D0i\bǷLݖF3vbLlڱ8>O{?lJ,CsX34Qن˧e YaFsM5p}kItWR_;"l_1g._fyqp]/΀WJ,m_;e6}` !@Йk|Q~Mp]Q jڃF|Āoy@PlέdWPMw߆v/zE-_#8L /Lژi _1$u b) >H@/rJ‚uU9X)E04 (2j'5V Pҷ $,{=BEv%Mm^JZ](rUO&$L z~{n.bs LR;4fn 7}q~mn-޹Y|~']RAnh}ҥ,.M/c%C57H7"֜77bԽ0_G\ 2o?c^85W5<"yRbP߶fdorKNC#}H{' }ܨ 5.yq aʃ-V7y9$ `&18RPhc\Dݺ=wXaw!c4"$ryts"q\Cw`d,N}& $ M 0Fh^S;ڕ_15Z;+O~硥n^ )Nt](ě5/p/Qt,'Z`HJ98 yPAF*yf-1~G9r/SjR|͙_Go\Cp/9*ѱ•Xh6O7%v >WEqw.;.Вaʊxm@`HTˉƀ9Mw!xB?RvؼV(`[ ?: R1ol|rcI]-Ra?d{s``[ofdUtvs"XU4mZ#Pb)'} l<NJ Ia+#DM]ݼ{o_gPpr,%$r}./]ښ0 Xa83O{ӗ ;{'}X3NKN۴n_NZ';߭t&\AxLp\a@Trr/5lSOt `z@դBT3*?-r~?Ҟ㯃D1a .ڐiL';3V h?h$[j6祁)o:vŎa[n%^w #4}a W\ŏqYh|k4D2v& 8"!;:GѣhH P,F6w;*$8XӲ,FȅQHX.[vB̈́Wz,?ۥ*#c(/hii[l[p}djhSF# O>k:o2ErV2{L5ԣ*CyN99Kkh [ nN$ޏLQOV#Iiro o8U!a\|0Di!L?ifǦCi i|+K|n,^/#66wm]B:^#I c[#i˗;`bJNfOk;4ܜz a>o4o-̥69) Хa0|г,f$8m/P_-h+9tE6"M^Sb0unip\魪ÞpiKE9ׄiȄ,2lZ&H'<=2ljƣVP@ 9{9'&ֲ3gF*m/VYro.` ]G"Qc uRѻ,m%I(Vi-K(|KEf QENSkJ۷e/\A ˰<04ݮ^v\}N47'V CP||߾ %{Hw)XG|1xu撧p5NSy$քr^]# 1b\w22j}lXtBD^DBkNG-SG }{Mb)ȫNݞhC"N}jkV" V( ERo8$mۀ.\𿶡pkZԜԊv"^s 'V/E(q0E9= Ûml-mOI{<Й1  1pX@|E ?;fU8(TS,Űz2ߢy^Gr%wFʧ Q_i9b'7fAa-kP=jIS  ucrg872 \\:/\TM(.j%Q~?Iu-邗ՅqxBA&Yߺ>tI)+2>EY+׉vD])S,c4G[#f|`"na 憠KfVwEº<;L!%ˈV]}9uf ˵τK΃mDR0XdkaA;qAl5W8p_1'2k;CEB?OvoVՠ@\!g]xfJZ} Y(d=WtZnU"/.ƊÇS댚'9 Q΃zS%*Ayr|vz"ya2~|aw.XI>a` /ICgY/4[յJs \"ݡK\1 {o 滻^yOo}6juӒLcx~)&+K7Y3)-|u۳j?Gܫ9K6oCQj'ʲ95,>ZҙI#T)_p*&C 1x$j( +`NI#WôD)].r(Gam}}#CBf}BXTPsT=yBQ"mT&Q|#b̪,EZz Gb _8ulPIQCѴ&m 4 Wbw&Hau<JƝvxT ?vr0udGΕw4+6ooIhEc6ɸ[ hd$题B.YW>]P1D} fc|YD(p` ѭ!E6*֬^Z܉R`1?.]|ظШH7w.@b/)Rf_{oTR<qeIA]B隽9JΪ"+s*`dM߃R2 AO۰n1% $j&Wi+>>ieG?<ߟauʑ pG] U.TǢ1Z@re+CַʕIµ(D9mg+UHޫߊ:CBx+Drgt ! [2ҰG|ΝO2s8o^prbySܭڀ8^9? nCN;Ҭ҈.~bx 1洅 ES4ޢ8'JK@_Ar!Nū8HK( ' }?Hxupg_g kՓㅇ{pkz!˻HHI d3$sIZ>¡9q,_EuG44ϙ'4ijh$&'0%EJ Atfʅ92NIfECo@qYO~$! * (ѾFy.fe8D!>(F>.׌Oi~$= \;2{tA}g{jʃ2 u @K h*e6x@.x>~i?8bإ'@ UV~ |`] Iͧ`5[ʝx'"4TU4Ш؅1T#$jM̝G>, NV'_Fڰk -WnqK G6*>pRiTᴱF]ӝ2:T0$%Hi|G4WOads\ 4Q(F{rǼ*fhfUlBSԗ&Üž#Fp @EYKr(N bћlzeJcwXYQEɧdZh䮟ll ײ4pg*q"giVh#Q3s<ÏlVYES"3jvQ"%X?wNRW`씃zTή'/u_ޞq>8hT"R{ ᐺH2 (j8zX1N!C'ÙlKj ~'gLISaQGfcz$5H/ zAnQg^u^D[Y 9*.?2N|*Ď!I@fU[:YoYiƀ& KӱwKPfEi~}j$@<ZO#*-ڲ<-ӬgQf:%HLj&r7PC( Dߐg& X( z':y!D^,M HiRyPR7ȚkBMʢsK Jyx@E\v诬GO+q\͗17[!9f6 qvK4OwwWyǵE g.]A% IwA4lr|s4S۴M$&ͻ/t"k-3dulLqrP-:ׯ|EMSٗt\TҽA>Lvhzs=۫<] }2(mdd7{ٺ`.\/T ;YҸ`Irs&H֏8OsjSЇp B0Tkbli+@p`leF+K$*GWdSƌ0ÇRɯx^a1у>. j\ \pbѰ܋VSx©P.B' 1(LX m~he>$B Yڢ Թx!ďM?H٫QyX }8gq* Mv{zxCwhx|xd(QQo^ǵb3}6|4+|_ҴAt$ R3eWbzfՅ;]—'T,W1J@Z<8H}KLJҚP8qFkZ2(Wt-` Ue%c~V֠dH}dDꟷc-DGB0V]HU@S]Hp*LʮJɬqJ٠s͆@*.;6uvAu4jQK+6g8E±4<`܍p2b+k ^5䠂!٪Q nRGQ@KdiSΉ~}Ǹ*mƦ;R%MUxSq.]p>>I?Ԛ~|np0:xE6t3>}U;*zݑ{:_}M~/t͏C)@iE^;Tr?F`he(ټlZ?|(^#+0^~4$;~Xr[?E{!؉~K 4;boޮ?h}_ 0H]%9E4^y~_:|rexWp-|S;~n^ԥM0@6D3m5{'?v2-}@s&Yb?3B? W^7?VWЁn\$O)b?pž0WuNR@E~w6*90q/NXarQKR*iA(8'aUq :^a>c Xp&-QG+5C1($j@@mڼkH%F?O%# 0xE4[&2*~{<+bXJw8^:$d7˥:eV!֙'|i}xl@~zDeAtaN: Yq5tnu T&d-9.!lKƠTx褑 |6 _+n\: HyIpn$_sBy<<'E^V>kZrqp|{d&Ά䦩b˻n@,[ X~]ǻﱂ:AR;fLJڡ1FpYZ#mljR'Wc3`DçYz~S$>~]+.0PqM'O(ƤDb PjU'F5ץO`6&L8bttȌ\n{o_7蚿}9cDsS jJIª0oIO^þ"#]d갎pr opI9%/^'rmeZͫh&̕+/"v_x igy2>aY3pNWc]uȓ\.36އuGy2xn[rX#0kgGw Y̦e_f"g O,F(E.wPd8!YYt[Vo*׆s]ެչ+]G5^ V/@燽sB>TBIƧ0$VFtu&wG:i&ʨ2#Ps$ n,")}IS¿$&)F|Ēό˟?3.f\qYj> ς ,H~ |$%gIğF9ԷIZ5M%XvjC;Ez<;Y}U!< rƟ$_K:RïVR\P1^G+0 0 WRɠ, 8ǰ ZSwbEVi,+ήQ E) AXQEx JqKΪhV& FH$_|y9{;,?ϢhEITgAY|$ɇ x_|/w@A< ãeoY@Ίd_hI1O5^7&*2|G\_t!"Lh.gN3 /!S0Ԝ)Rj/R[!*e RIh+|wMccQ >A: IУx PпW (b cp9B+2 nm1:TS*2>6J0:H 5,`S;'G;b+;L3rsеMJ"\4׮hY8+'DNt&NAY{(Fdu. 481KZhq\NJh=V~B s`\mI<)6І.VЬ/ &ie :,~ u=۷J,ـ.5@?٭Sf[`5wT唐r]Jpvcj~fX,9Zyv`|4&,_jp-'Ed6< {N[) +AK T{@5D8fsBF6M0J"c+@k$XNMX"4 VG`X:̡h r} p6 Tյ}v@_v R ɞJ*]Y#ET8y`z^YqGPo3|i9wVlme\ыF- .8) AQ*9O,AhݑFߧG?D=*氱j؍Jيv̒ƚʗP'"KYo5p_^҃XNuTf>oSESEW3}qV$`C6r:LqƴMZ4A1AɄMH>,C bxHy󥘊\CY>]M6E'SzZl7i|S!] l03f!żo[wa:kNNY;xۭ?c;ZMANv8c»/O&=246al6}5PJy{ݘxg"hZτQ P< z :پC0n/n~ I? @6 T XbcXnM+Gdxv\7! X&:q!&f#HϪY߭*b0\OJŒk_wϓG_篏o^;|N"w/;;ZxA/L SsRɾ9/jRڤ gZ>zд1/Qctazxk+*7!?W[0yެfuCđ`/tKK KvM(^_jQ١PFϬNeZ_H)H5JM_Jer V'dS.&TLk(|$9~xCG;!>/5T2 E5j㪭GReMrH:=N lM9dX.ͼtѫfk| A.}D^bvMigys 51nh:0,|sQsJ?MaR iDvm\|ޅ|Gr@zەKMLbRRGb6$[_05%רv96AuT Ӷp]=U]A\IKK +A{"OP}D% h{.ڋe>pjܟsJQՂ)04ڢܲ`{5PKym$45C ˣ\= 59J-<::x GTuZrI|IkIS⊼醅X YB(q1_@#[3H)9Dl)ep-AǐW 5SQ`OH[z=>CJdֱ!dY0h'J<ٴw%(]:0 Ђ4&EѦui&IAX*}o♪2 -<vj=YK9|TϿ^#1Sӓ5&T<\~R6$&r9+8Ɨ]Mw6;.T6js{E%e6œBA\18i-*۪e:vH'O ;CUVd`<9QǾ;TSGsEft0x(sD]v) ;?fmk"2jyKC>kI@.".Y2Sxr v^Nw=Y wg9R>pQTd/ׯ^Vٰ.=Evj:8( QK]s(kB"M<|0pktR9+V\H!ӇԘGbƴ}ŦRL!Af0p:LcΡI`~!|N"`,6.ѓ6\>_råכ6 G.ްnt׽ay MJY8-UŪ+ ddl'@*v92p>Sy&Ev-mHd\ .# w0tk;VDu^W̓۸honPn7wj zR/td'P4PdΗ';|W?W<~7';z2Mx&c (J-H56ٱ}A }0WXAC1`ޕۏߔ٧8m$s'(2il[ 4SMqrg7cq<+ L˂ -T66Zl>٩x?LO-]|BtMeOUFN_s!7w ߉z&fkփjuDQ+%}< NIF^-eǰ ƿSEW)k4WEyVn{Z4l;i ~9R$Rϔ1ᬏsU'*YlYNt຀3R#``@NɁNdKE26aNIpD%m:i1Jl:lM m⬐:rbWL4-xhfHۗC {ɢ%#6뻈{%EX! fJ/ϸ7Xv0(ɄITVfóu /Bŧ^1&rM8Ξڙ hIhh&_/^q 4) D:hwS(CI C59"$P %]bILU;v@33^c)0Ph!*WwSa^u6!-Ij klmeμoWAWx$`2ᗤ\"*o{rxc.S:шjA¨ڌ)lF7%/JmIJf)7M@Q6 4 S00|! O\SU/_  2ŷo^'E\Ί 2Yh.)n޸װxeOcĢrM.^Dži!<+BW&.0?РB)I=2!z<  K]迟2?}ѤLׯgg#_ d}tY1AJ}%kky%x?'M;Zd{~q -N&(7tk:\+a fTCٸS͉Lϔ3יqF{^  캣+^ox>_7Jͤ]g˘9V '$1pw,Àc9prtT3^iOtz МeIR8B?{W}LjQ uQN 6O; k f޹ϸp0z_LQy59]ߍOƧ7TgAbQsRv`]RNWK3ÿ˙{?H0 :7 _UG%OW3t±{i䚜yly4-id=t^:v.~r4:W!bWw䒚~pH6aWqmU* eV(X(&"x4ݸ"8^OvĩH [q+ ΝQ''̿IB,)a2BLRjVȩ) @\c9YxH`hOzwy-ޒXhHلfpH*]ԯvЫoG'G5?*qVuYz('ڒ-+d#(SʔD$ B] Qywyj=sza\s惝2o)r & d*雷=\C98Z PLSS PEI:P>Jm+G'==:ǧ#MI6\x+!8!r|AQ Xи?;DVft!N/n2 s0e3BeTI0H`o/><{PZ5T=4K)H.`A%YSlr0Lč]/>Z>dr(4 7Mh* 1AL[B]q?>{$R- LQ!sLe ޽?{C';&JgĊZQX4-S?^l EMA6qPlﱺQ&B6WV!ōu蕔pCd߈҇Ӫ(?/'mANmm+R{%3!$l :[>p^BG2q4K pGaz$؁un0=-H[S2кQki @r=ج#*  L €AFh"Wv\b2' *X4 bk$rTَeF1$<@^>YDKdRX7m>۝BF9(μ488φ7@ |"O("pl!X d-d2$Q)иcOs% p5('}9 Gת+ *woS#sHIj m _nN3aS bl k/(|y) zH])NД+kSQe<)(sT}a+b` 7j<5 e7 pL6vN/;={/Y Sm~Ӌç_ZB|t&B)R V%Z?7 ve"Qc3aBz cpu6RrʃiL27*5k/ u`$F0Ȝ&ki6tC<k3S9 1[}!:.yE5,'K;}&fUJ>bO\;-go+2i }y*Yo\ck\iZJ++Iq&H!dw0WBV+O@noU`J[ǪcĖ(䩶3 4,6"nLb->j9W=ܵnT G cV^*lW;:oiX\7[cs*;jPZݽfk(C0:<%n1Op='=gO >ui{݁<-|:*Fnx,{rXW21ܩ8NK.jT\OE % CA5?!0ij`[O#^ rG"IXx`i`+jBsb]B|2I];t U#x*ޝK+4\^"ltrҙ|j*at]tp ,27B t@&ɺkve  3kX1 _7B'%٧s6nȪG12"W~^YLp ZP`'ډb`z$׮|t D# T ɑVlaшX IԞ2L?v= ZQ CpTr$_@ÕludOEB׭c !Ô|ʮ dwbrr}(XY1` l <<@E}#~I_ )'-=T˰Wt> {QSAvtYm?uQM9Iӛg5wY^%3 FY> !杮j@I C W . F3lD9v܉r&s[\0'{߄T)sW? %ΤX(uN$2ɬ<S>,nqN\Cc:ٻ^m GZzVvt PJw0%i; hЬp-_mV+C&E- d VVڑ+ne 9`j &TۮtT(TI/bxBZVi}קvxSu܃Ɗť]&KD|SE.FQ  zժaF&Ԥ eNr%D ƀ)Jױ79J:[ U%Wy^>wCyr p +6Vlփ'8vBWqUF7\nE2-2q{LkN*6Z4i3wd!A*8.6aǦ|- R@[ ]CWZGe>SZb-~&MTaEQW<Ӕ>%ٕ] b7kVK &?Ά-İ5&<2L d\pT"g0 +5x`Y} hřwH!uZ,wE&ӜdJ6K[(KX&uw^쉁wOwPIA_Rʪ2't 9Sj7tmԗ9EO}q SSL!+&"m x]uCpO6>9$O&8GNنFjV 0Cnh?&b&&|2u*뜽[ `\7q wp[k!Ƿy{: þ'2Mgڒ+D\*($];&*;r`;WXC9*‹|.A蟠_Q sWz?"Nt,sE+SssO3U&k&Pbv- J|o/͕}uƣzNŽ HtwѪ#w!`~r(\7c)cJRgס*mfx=F11Vt"ߕC&r,٧<o2sZ*]},&+"@Ęؘ20,b$x*Y  !=ᨓ#cLF`Md8FIZh-pkSTY ݃[bWx j6riXcQ ݨEoTqVWkXusl&R%uʗ@̕Ks5ep贫 447*dyI]Ue2ClO2-Ruݰy} 8.1 Mc|/&4/ά6~79~8cBG`^PoIA?FB,wOޔ/L8po6Gإ5FY"l:Fn TEӻxCy5PkN+f<<"84jX]؃ j?TĩZm%">줠]b4*ʜnhSZ(B.T/(*.1Hbk P(UFB-zY[Qxu^_tV==i-57%eN+\_ñ)ozqa|q* g \Uѽ̑ ׫]It%@ůo\ՎONq!'Q+ W^`.P1:c $yNljّ5BqǶMgexz>o"RCw|*-3c6,6K>y'0xr+=*[{;)Gk֛O GI$wIҵ4 >{ lC*; ~^eP^;ƔMIe1.QAͫTo 5MHxmx3/:5*g欿,).նU1NO!0~<ζ` J3ED0c?.?03_i2;U_)?&*}CÝ寻*EAen,ԁ#Ad;r}:lݿ:!~uGdvTܫ'Dk`Sy~ nvG]* Ŀ}*X-T`5nB$G@qxe>&'M[xՄv0v*w-NL(",=|>auR&GZ+]`F/:Lcы wg7 mNpX%2GNEgCBvN['U\kMxqO4 ~~Cb NwA2Cxx!%$8v:<)|d1m0DѮUP냮]DHmj#kYr 6gX+Sna̧`fcu8ߐnf?wvߺ 5uuÄ;'q'r8iFze^Q1k[{FWn"%-˲lXamɰ$jRnC-+=:Ud[fxb]O/)5Pa1\ƬA8GCXI2!!ӇvvP?4]ъqLE7J nk%p41?@Qxc`/Z]XA @+`y+\\"B2PF#]V/#& `D4AxS4  E>ic5mZf<tͰN1,#7|a)"_ Ś6#i & 5Aϗp#6Yc'rv72*ddx\)f6WT4zO*A vdIIAӭ}_da 6t3}s<E3aqm,V&G:OGM#pLòn2iQa3bͣ@8T2@N/ۦ߽d oKĺ nM(q|Ykيg㗄{5Zp:#bCu2(..@퉊(~$~sýa\4>cGTdbiHaTv- 9;Io ն 2ǰ^׀>ЪB4AHݠ}' KЦplc\>5*I& bԟv?3ʙV&Q  DxYS<Xͨ&d~Z\"]f$5C"i499%i4:u 1mM NV(/"#^Z1} )"?LIN yI'ؑ$4J=}.,\Em zO1K(zZLsgɌtD8rײf%$ia8Qu5rcMi\JzG MOdv!Ed䡉H5L ŵAwP'ø/S5u<~m@6Y=. `ͅH(Ͳvy7C;" 'D#m-pEȱɷ!?yġEx]w}97 L71lQ[ z*7wi% ]#hjtϫ̪A02BaQ7:0aJ&z4i}|^MN0zȧ: dJ`{ch#pΙC)= qIs,CИ%eRa0Ќ1a軋5k)w֪hKSS&%"x^|U ޼ 3Qr@2P"GȬs&aK7YeAs*Y bt&J~,js@ lextA:9"J2˱De}FE34tDg( TWf_Us>r4h1~dLgg1ȭS7#rN4@D?d Iʼn7k#Bhp.S6R?5r1saY~ +8r0buUX&{5D׵Cak,$0'v.iJ&~>^an c[H=)79$i#:hRڧ'Ǖ lW4m.j0Ǫ܂SE|NC&}g6{5giZT/}lxɣ;NGy`/ZvW8>˲U- "MNgmqi=9o8`.(XvaYHlv/N%,\i]0 M%J9=e14_TDHr+;ЁcӸOxBR<h>oOML|y#S4-~ 1Tl+O\P]a8QPgM@ZV!ЏL'\O?VC@ _rp'6|gFtB}Eɡ!"aȹzҘYօú-϶rݖ"ѴrhRӠp sHvҀ@n9 iS͔Gh{?0D2.M>F!i<  [2x+PVLZtC+K:}2{5C@1qbuzy|uGS@aUW38|DLuIQ.3TtU}Mb,Bb.5'z{1V q)- ] H0̝+Y̋|7NwLp^!0jʊ M[lroˋAmP6Ȁ,BYΊ#0 0íi =/W3: ۜ1DwA,UkZ9Ww?z<q'[?k2~x2{N?GI<Ei>͈0"X̻aS.xiBLyߞ=:U:%#Ho ls6'$o3=hf!Wn'!`7Z>sxC19t=Y@B÷oGt r'q}qiD ,->#>x(3I̎VlѾOE=;7eh|R .+~d 2iq6E)QETuHx !L݁2pJk÷M!xl>1;] eRԌ`$j~ X U\YAf3u̗R%"^( 3Qt"EzV|Գh)T)Dm= Uxy{u2U:x+`Gb:MP^{AT/(!!7SDB'%,W'a:3˯i,dxK.´naAxΩCIWC6鯂ޫVwg@uNCVJ ӕKh0-.fˋ k7la>̧)G˙|G;.]h0acڐs@QЀbi!to=k7PH5O ~mW(qz8d)R9_*N١"KmxŸH^`Yčx,WH6ek) e2W_,J뫓Gr U0|'`ٳl5.Q[cs&xn0Xm'f)Z+d8ծxt8uc7+Mkֱ33)]XGU`iW$k5^`Ϊ+[ld:ia?9/Y(q`մi82$ lyvo 4]¤k=`\;'dLK{u6+LpTLH|R=z>}2R( R LQ5ZkS;w;; Yn㊦/`_`t`͈w~@npvg"2t d'Jwk{F %G8\}T.zb ]Wr^,'D# ^?D+l&ͱsW,-6pjL"!;DwVտ-1$Cqhpږw/*?;Lky y(}t|9+,D "$ {'漏T1B-K 7jv.)Kc4 f B?y̧J9J*WuŒgeR?Qf&{CoiLvmU (]-gU5>gg|R;?:J W9^ѧtJ,6pK[oVxFآiͫvj%wvs5HclRV\-r ܣSf*t+ܳAsTyvQ?lPuZXUe+OuGb:' -<~Y8T= %ںaZJ>[jpb)CAxl `MZH 4WڶL]ZNOz]-lIS(pQ!ָk1U :*8?ʎ^cM]2 yNtE7ˢ :-[BaB!|-Tß3^ ߽{Ӥ/D^}e ->w+:0R`!wb?D] }s_YX_F:`835T|ۥTax}|Ï0vYW$yvO瘏wͲL'kb~>Ύ0wb}jb o$CjnAd0s&>r?R?VL>.e}7P@g3LR }-gvK0uQNəGlRriE߹ʫޜjr"8iYoL_gi/P LdD7m }zl` h8n!>ЊS}F[eHP$=O/%AY,/-a.ڈc*wڢ>wmb$;rtݹ6ϝVlND|q Dgc2uaM)ezl @6B<1.D'Mtfn1IiOc)HVܰ+‰}Z{rl3(ky?xaFdsIaʌwMW pW<]y tB"V[G|.{r=98v޴:]w1Ra$K#G1}ܠ5l,?Pڕ 坑]3 D$\#{d1ɮ:L]u KO2#>R떼LN{NkQ!g)MӇf+Xo=iC0cEaW lI-b/c(#JgdeVYF-J׀FeZ96hΤ*ye!m$w$Dc1HG&)=Ƙz%y2aNX|*[K;G 3 _OPDw֫WY~U+~'b-)%)ָ'&hwrl Q\D4h e/ḽ%?WYNc!%yWs>o) yj+e)e#5xtyx&pBmpi'V:xȸ۽]K$Ĕ+K,N DuK/ YʸGs@Dw#,]"7t𴚰u{R"B.Z^avHD{P%t;B%p.x:dBնe%J9!Z"Υg8 P/o&۝&;`Յ%/2 Lx*ʞ۲n(*Dui X7Io8[i6ڸ:o'EٳhU6u/&qjՇ]yw-Įz9i;M _Z gBVZ\d% O|Z~A1ji[SJ5/ )\Z{a+#:ϟ,#IGH= }f7DhTtp8|tˆ;ov/$_b3 }Fh`GE$t6$7_6_!Z8e88m_%Q}/ʪ5DAC6 Gc`1]EwuwGEDΧHPuHU@CBJeֆyv-$dy텝 MI G@4d@[ۅ+-܍.Y.7x?c>䮪d/Y-y0`p$/TLX˦ Aϫv' oaTW}"eht)d=tl)d8@&}W1 W ZGك<0r{0΃w[Ø4ŻØ 5GQ% e٥cر[DifB1^\^)gEI SIcj˪8 _qT 2^)G5C` nj;ATtxGF?3@atB<+d{/_*Y)L#uבuZ.B@LeWqbV _zO2.G>M@K.D@chF Ej[nDGm뚜 ga'@f>X_(^HYʓe:)B&?`} Zs{#!ixJ / i&%7lfE py)wߺ6ΖwS3S(ue_)=bN(k_}<(z3վňd^QhS-?C{>Z /r.^cM=! Bg_!p#&`uoXt`ʜQWjdWDixh z3&}6(3$ϖ}|x7/[˼[@8GZw[NBuR`ɋ-C-gB\@jn 锺[.V:ǹj1(='M;r"n Yu w9|IW:$2/|<\ԬHw}#PV5]~sL޴)`d%!batj|npkr&o+V?/>v +]wH!J[`f=lF SW`̗~P;?63kzwKɇlU^Jo,;Qg`dgpJB1+lP kpT{/X`>?J*˰qkVYP@І5,J!<2~|˽CN8^Mi KNM:)AZ~c V4L?( m X%U-݅+>|!4Weł`xGO4AGȠ]¥agϧ,] M.kMJ PҡPe]~d)A4#/oXFqtn[m@APPH\T5| 2j\=S5O Y yFh˔J1;û)G9`r[)Bjz䮉!>[  q%PMqip8TNᗈ$%A9mQwcWBH _b"*1Pgvm=z`??<}Ów[?p!NK-rC+.O4 d 1b=U% %B4^8=^L­의m>{p'Gy(ٻ!CTň 2M+{2ME)}1?PiȢ)p>ù< F M]{cZ%HT/M `^P +R9#tVd;{Qq ? Qz&#Ps~ +Z$ 7U:dޖ_7q{*kӂ ?o2z|O|\n"XT}>}T9t.%IRr*Z)cO%>2$d}"DR鰱=aFߤ *ZZ:[+NI¡q6i#bàvX+;|e䗣7'қy?WywrfO)\m˓C^ mEoK7 ;dy1/N*JXzEim-!cYU@eFRrݗ4nY<%F>Jl+mݽ)pIbLB"!{a:?,J򧜃SЙ)l W]2Ь=`]_ɾYQ)7[P+ac  7Fđ67Vg#UV^!R `W*X^1_!6)ez"{y|ĝCή%H@ oy"+1G?)uLg3kɧ oTAUH%bi,gԼmæa C#24tNq=c 4lyQ[i$J~ sH;tp?^狰|H#LMʹ)_ƶpop/ێ9:דJSHf;|qjZZyWմm漇0.e^ ۆ3oyx|xOnPW07070100000008000081a400000000000000000000000162150c4300004c57000000fd0000000400000000000000000000002700000000./usr/share/man/sv/man5/sssd-ldap.5.gz\rɖǴ 4ݞ; 68,s#HUDUY2Kgb}x^/69I%%˵<']pkk}aXdzͬ˯?Vוfvgg&EuC2*fѣ,J(嬘~] 8xnێr;VCwKSd_<(SDM43se΀Ad/+HybgҌ 9Ƶ#3N?zsz;֗a(ߋC5F J̲ɡN-_QݎPK~|p8|_Dĥ8F#p{-0>ݻma؎8x o׶Uխݭ *'b5EDl$e\6ֽ7uz#+eLS/9|Lr-c*/NΏNE'8:;2=;kO-Ȩ[9w!?:==;wXڡ2F_*;͡y~prYz@h!mSxrkgO^=?8o^ؔoGX`X#%'7#8yW+ U<JS!=PH3/$@F6S~:cq`%~:p ʡf2`(zX"q!:I/ s=~77ϟ| $Kk%vSt@,W3Ldpk"`JY[fzW2 @]&n-LOu,}h !(RFIr Ӓ,^XJ Kl鋓'ǿ<;8?~q;xv~tvz8H si=6Çː2_ߒ1.2ɬ >  N ӥ_yR3ŢFݽ޿МZˢLnke ;dY{h}Mə6D &3ccSGj`d,] $#Iݦqcԥ;|;ՔUBhEqOo XTH!!}Mo>''{aJBx 1'x{ -'8핏*_nv{'dNOHM TQIsC+ X%zN(9W3Q>KrPr#"Eoo.x r"-!?qP]tM|:r5x0 hC| ݿZ22 J6WX JW|~$.b-NS( R\#6;RzXEq6|CYgUP\+əg6VrekL2Q82)(qИ&7NQ#-[yzlA-~o\ۇD035WXӼfëgY{G\`;A,."%5'mLpj v3VI'ג׾*f1*(I#iiѲÌ& mv{jŊ`-I|G**a|xǞb% +LV8Y /K0܌߹2[J*W܃ɢPMxO +R9RGxfP#ˆv>,v}׏Pw%$m zHm> >ӃzpX<$.ʳ)+$HRv'IֶFN}RbBgY:H:0'ev5j7C%hҡ_jM`ٜ?""Jī |}ꫦ:ׯ0ɣضu"ʽġUJ/ږ`vf] CuQ> ~`1'O8*A-9 N4|W6;uqWPϙVqtIEIXj{hf†D6 LDR@k+$q,ooTg 9cH/5LTA O@.Y{Aժ!|^MA<HRukS=Re6=ZXo˗LJ;BtnŞph>H 0m `kL4mU_} QA5&(L D0EZ- >P|s;:pč;*H:9S-wg*  (#)8F6,hyN(uZ(,Jr;!·2EdLrʵ-!ʕ {bS Ѽ'k u0iViKɛdwc3I]͏To@v0Ob$6W^~Rߌby 7NܣiQ,8+)Oj굑}OڽM8PrwOPg)91~d1QDODM<}`r$-p /1 ë9ՐeA9Ӌx_'K>t!P9y)Z?~_7;/)Ge<1 PEt~%'d|ќcv[͗i hy5D,SZ%D*$v+,""= mbOhzcI\%zhʣ+<6AE0UH$KhVc1πlW%a21Esgbžv-\| "jh_B]G^8$0xRRU7W}*I[*qYwDg? *_x3,Ɔe`XyzKׁt&銱GR{<oj;) j]H,V Gh6*P4٫*/2 !4 g5ŃZwp_FfQR UVwB'XaNΫ)Z2#n4'.xʸ4' FM6¼_F+n2 q< G eisjiI7qo_Wc+^V]^6זּ"toF]ůdO[ s`as=Ds^jS> u^NE82˳?SW<8B-a Z znY',I6ڥqj C 4/vmm-hVTPB)) ߓaiFwb2y-uj"9/ gF-^}E1}\h uAT&~+*OhߊyHp"4n4zJ߂䟥&ד%F4%U?EWKc|jgfʫ?Ҷ$M>Ao>UN4f05iY~7F(eR2>+fdf ͧ{5i M2)!ua3'`wI8g˽Ds'-7}ȴ;{}UQ?Ѱ*nE۩Z(T8B#߂ U>cvS?'%BW3ϟ%يy~MjUvsrCri|y,?XM}a6EXA&<~ZKDIV[XOUe 4vL񎳼DoѴ4Y蠛NĴgZpI$#ĸTafUY,F%T6['>.KNy g@*X--o{0}^spGM/3 T:=CƋydpu{ AUuuI8{t>M~\j{2ǀJ#_FDrG\$缐'SԤ9ŕ̡e@d7 Ɯ6Q \XZ2A2&+rvD-BM2$O В~12Jb]_MAs5Om`AaT6K.qk$41tɑcEngyA_6n=.M0z\oإZ k֞ENB2xً kwJϳ)T6;HU i`{ _`|7`UvY \{c[g*.A`}^%"QmhKDԄROWNN 'i/'n$XخT!#%J\L4x+D1U̼IMjc]::K5MDIKBfP<=%!X2bʆ5+gUxs$AhP 5ꯚ(W ;@J8Zi ܦg`4G?4r@&* [g ?OgӈQl" t%zs pc&U4EpG*[~;%'} K>FEN_w&0‹,zh:NJRD"]UFj&z=u9n+I&(ɗVvicRݳM,pUe)+ MI6<7\,5rLP(\뗇'{GtWg;?l=<[}燳=ZwZv5*/pۓ䫮{1l4 /NVXXJi )!2?|>D fTe%דOwv~'̯*0ܤ`ydF =-ρm k׊q[0}ZV 2 Um["t@4NSY>FYF^O{qYӒ N<94㜞$ްǤ4l(pԓ! ڵ :…]oJ>]nS8bC]I3*Sɭ`kxh X Ɲ5Y05> G2Jhtr7C8T^T4+Ge \@(%Y!E|À]Bl8(]nMl8`10mWna:JVۮzkI 侤[ 97SNluȿaKĽ'jӷj"xl<Y'-|]-ŁApVӵ(wKvqM#/5 lLU*=x-?ZEP:XF #g$''϶,ҙmXvhP;RWXm-:'!@]y{ ȼ$gI$d+Idg>d&(r Pk 3dm#Dnl}rB`)kZFl~}z5/\ݑ(kA)O%IQu+hNI+0r%SOfgZ]&k(|)#&I#3k(u %VqMf^,̆QZ\>ZoB (%7oG.%~ra>1Tr(`kW[=BpD?q~O᯵Vh/7WP`UsiRn$@C,ʘkDtP) IN583>)m9cUtqc>2~bK_"N.\r>ĄA9o:Ĉ}'%yD5T,5}4z;:wxkЃYҨdat.7a6iS+M~65Ii|1YQR_z\dIǵj>q9W+:"pcBŗ%#` ́e̤W뽬yb:|"-]Uyc4fl1>VNͅeQ]<jRy=j-47tG,lH>߆RQ\go׼`XTX˒V 6KYle8M=VBF< !9qtH'Uu heNYFE>nOΛKVtz=a}N:+dʨٮj^K^cqaBORٖ%c8$TFugGJ5z{1ɤ+d"Ջuzzg,,7_>7}`X6XNp(!h#(*PVMSK\6^D2HѠAw1,5a`pQeMy?Rn -z+D6*Vxh(Dm#ocoqN^N. ؐ,;#%inZТ%,8r\nMLa ^^\2e , ?!;iކ`vEtX L˧7ʜ!emPקN%&u% !U T] 4V1dū_qD!I'F[5I0WK- %lnl=ARHؿI5R.[vA'vf@>y Z9j).;DN((:x[yig.#H|C4 ^bga5RB쇅-U6c1D=ܗe#YSqo;otv 6+?-@j.*BS $WS <\c{B0+1Ţb{r@p,Pabi +qL O% {K,Lc.zcR=ӦP5B5g{_ol\,/C*|W0/4|YL6l(J-T1`j&t-B%,u;]0乁1+ѵAӗERMѪr ҝm9 P1xBˡ{{"? tňG[Ϩu> d|7hZ*@_jYf\1$pmFg.4@0R׺g֮ Rzf6b Fy_tH!k<J\==FH Hb#9:xZS-}3`Qn˱fMZ= &s{YbA1UYOVbz-('"M U}xdck/4)M:`78YTR7E ")"i{\EPM60ܢ6نը[Sur$zӰ8=nX3kwxm*FpʖOl4Ʋy3^An|FL&FsOl\,C/q媊.G1ͳڶ0ʁlSK6Eؤ5%gupC1Guy\sY{dž9Ķ} Judᬽ1!T eb=ȌI?x` b{Emd矯5-t`^iM"^h #SЅ!1 A Cޒl=f  F2v;XU;Fqb*e/#P|*֤PZ Ky5NI9_Wy_Í}Ȗ:%hrsr@L.'4,t̮YuUqYBd,-Y6LKnl? O1S>`QJiWQGRpTrlSvN 潹\"QMbÌ.6Z2~'2,4q[OEgH՚]K\E4t E`Ylt5B'˗v5-d{_ƒf[FQG5MGc!-q(89`|Z/W 7W`ڰl CQT#oeeornqRQj,$>s!%A"'qv?D0Б+)H4#:2ac"j[7hi%K c. 56{WKO]CawYi/j *e y N= sv/2"d',X/?6)g%"©}`u|TJ5ao9>rmiYB*S'K 7ݜw!UTeQ^x`]u`=y c^ӏYفFv& e]a! *k+67q,5iu+DkN. isEpfxvk _:yC-*֮{ϋޗbӬ6 D&B9_>w.<7c8ӌ x\XhT=uIąD5xh 08 :( J$Me8D0LC~;cO jo^9@9٢ ~iUeH| nș"30kmGONqPy+̗q7f]3@3*)* hʁa 6ԸpbT9ƿ6QC0P.bًHq.bto4`H,ܢ:Cv9v4ːsۅ lKڭ6Nj @cԽI>UF>b9).$'J"iHZu@1KN=I<VF#ʦ*y\A]oxHfDU 4.nm[N˞⤰h_.1ᒞdmU'R۴ e1ۃI ,-O쀑A$ 2n jm\H%iyCmUòpX[TVcRzYNDEOؚ8F#2@D] VM6:1|K9V:$΂R$5d~z'?~zv Gre3u9vEP#ze'A.`ۻ'P؇:o<Ưh@pYJ0$?39 PB=9mî*?_Bj4`S~0ﮃc@ĭ<ɓZ#VhGz8U;/1OR-#B~jdhq.ty?9?res'|W쉅7h8ț.nG'$h8-;Q88Š  W3S7G!PkuH܀XF+ Gέ$ _hRІu庰ĺ&zJֵ[m"5>"ܵNO֐wU/q:pYjY:hpQRaxDފPOK O2jѾ.`Q8zP„P6#p*GyKuvp$mY ]9bhiKt.#,BN]N,A}0l0 :rpFۖqv_{OזsWJŕʰ0aVuL5ӑc sauռ :DؕF-ҰB]ŲNȯ5-B[9TEύ}#u~cE5,ㅌ˧Z=忊܌S ;x_[9'~Z.a" ^*5^+[Q\3d$6TvYMd HgR&i#[nPi:|?D"Y7jnt`oeB}0_vWOVEػ/UwR gMfCL Uk֬ M }`*M`ۏUsOPMw9YJ2ٖ8׸c+RYLGGٗI曬(0z2I3|z1SSL `^[[7p&9* sܾ%6]OXVMle9Vަ r?e"8A!ZG׻Qe jp6 6tm]AÝ 6|HV׸oWAwJz&hh:Ѧ R .y"DzQ/QQrhRs7e%0 |S2yGBB `Pӈt7>q%7E8\?N !Ao3FV Bn;:*QpMXxQ$єCZ ŪG8& !"׺|^M`n g䅻[l8oɤyъ48ۚ\d 'v+6!5a`덕9L>JtA͑-&zΨ }jqqo<֣NA],t#FwVM)HwNBϛN;3$;EA/ uC/v/TfDjvC+X拄VAс`j)=Jn#'671RXAj+K8/Dxf=?OVQz Ƕpa#ё8X1d ƶ+g9ȡLWєdwD!^qݏU>VXC',8~<~ȏ=$W njk/\NR׭%H#/+\ز .?B Dr uzrBcee< v<ِԳe*S2l$ZêzS%Е7f2 Jn&J1K}|h:bkdguhⷰvq?:s+I ,8 "k$@:#L"-g!Q~R^r̅2[MqvˠF|SBX+=HGce:Ho*f%`E1%$L-,hk b`D8 1]d[ym'DQÃ`2 l8`B1~ Vl-)WAL㄂>۶8rO>I,D774f;(M`%Ͳ1V2nnwb){8t}K26L?nRNB*90v H<ˋb?DU2Cr1[t 9v*#5IYPwRu!>r>GFNW Yg*Ӣɣ!LUΕv('R2_ں%KĈу'S4GNZnxbswcv \qywg2569ocvLmꊓ_0Ǜpjl;ՙG8j5<1UvIN (ʼnp@Z{I在 9Ik$L!q B?&EeW/R\y킦m/)KX#HSMJ,sC6c㈎ϕqA%hBnY4'gH_6MrR;LN0B }5cQjYY6;"gv0cV^j9[.<@<s!!iOQ.I9ARVzf,j~xKKMsAl&Be4jqi|]9g 8v\22jf%-&מWs= D+*H)TWjF]1j`6\YnutV% $w3:m4^%R?_=K~C}w_<:8Z+5LE9,G30\nN&V} Dm#dp%+l'M^89[$ .Qms)I6kX";X_>S@ zj[*d^04ȕ-UQ2 k)zJZZw?uk}V+ ?!$A0Iy[ˉGu7'Ƕ8"}/hOLb!:hBX`Yff!, $_fbbu8*5^ƕߺ<iN7OnVN*#Yp&oi'q)f\wΠعZ"UU`+mW:WW<ŊG<od>uge<W@QaqEnN"!OJ7xD}W4+ە]1VogF*.ܧw|&t ^4i#ےf0\{U V@$7! +۳G!s7Cu]~^KO?fWc[~2O%5烽GQV6.ji_S@Ů8x.T_,,ˆǾ ]\>YѸKܪ;,Sn3:Fknd9h9>#w]q|)\mS]uTZr@NfX^d{ T!)V42'H>bfN4hm1ONyBtNTӹ} Ԛ>,jj,]\ 5t?)j^#=`OLucKDh Z`?}ixMK>Q9^[Z NQk `s"/ HTB >Oj<{.IVªL壐4@%; 8H68E$-h^%埛 -,*B1-?zq$9eEK6Ƭ=dH!lu-D梾~u({ l SOcYdu:QaӅXϬnyaRRRCHz,%RnpLqH^s,/z2[f]Dr/(vÀltZ&NG%롤Φ+HMqX6s.K3B AAS?臑B ܫ)I?Ye*e{/wvkpM9dCl*sv&HNfGi6ݡ.V MN{Β0sJpf錅BOO*ь9|Ϯ-hҞ,Bge5momm%U{PqXQM{?o~*@3SNɾ# I620\x-xEawDYdC*ᖳ*(.` h .Y:2|/e>%HTs6iN8JYBrԥ@E/Uj@T>LXNVx W)C45Ռvr42 䥞 VJFn(},Y7J#BL*jElklӳ;ߧ=ߟGq<~yL{C {^,O]'KIpsV?';dGbXA`:5}Br)1:X`¾2BKba) 1NF_ѸLU#JEG,#AWh ۔UŎ3_ZԲueY+7Pqk[%΀ X]TW/ƺ`%x.aЮIs5j<Ӽus/ړP%sqјbAܶ&.[Q>0F[жd'ց&_p"n9R̋L={ݪ2m|-;*4<^h_D]:mzE&Rl]I6i{? k]+.9 M!AFƅVX>MS#ⷚ9 a7=8']$Oo8{lN}qxrt >ZV.4zVT|{ H3 )T%"~x0p9"`TV8jĪ%p/H⣋(ǎ9䅌W%fmyLlV_|~FrJ?uuKFQNјSa :]ˆ!,/VS$nb0}7_=xŻ4v[.&+ͱc?bIUjZ/{8˹Z^HN}mdc.mDis3r:865U OE2CH~Sυᢙ֗f=h$'mnV ^x0YI e\W4ty2&o|lgtěj?/^OIjCdG#407070100000009000081a400000000000000000000000162150c43000062b4000000fd0000000400000000000000000000002700000000./usr/share/man/uk/man5/sssd-ldap.5.gz{s[ǵ'??̄t ,ьb9*ɹcX Ib06G-IRI/CeΜS5U)Bף߽76HyX.K"ݽzͼƎ+V5>%IR>R-3by*ߝl?nkⅭhzzl43/EV#959(.J}ޛL~f8[/^hu'qJkǎcXziN|h2&I :[lL<.:~\sXkb 4w;bw/;b!xE,x#V%֑_%10L^;_- j J/a|hg.qRy 97Gft6(/Ql*Jf#|wpBrUɩw~ BʵxrT\hL؍dajj؉ިfZхh9|&ѸJ)_H72[Q9/h\*ZQ$Źj-l,ƵbR`寍-ZvҪWJn4^, Q+!Gx- ZTUoN-Hp̹]+3LG~pQ=fZg.|Ƙ̑G!6}Po?{7YP_4=q_DrA/ B܊_7`(⅗b8z*$;b"{Bt/ Tpⵝc3?e_wb?[-> #P%S)߆o΢]=1 CuK,B*~FPIO W'⭒Ec|ȅ-k󰺓:]b6w`1ޔQE: bz nP+Vt [=;e)>'VS!Yydꊡ\`/abbKMm1|wH.o۸2XF'' xK5ث^|KK8I&f+M؂9wp/-6sRs ,`>O홴⡚/% ! Bnb`= ,"r~Zh#5t4;gω!)4s>`~@ <=gbZ"qj`n1vt&$(BCeQ\<˞p7ϐOtYp#5YA`j)^͹xrU\o 0wYbB;ح' gIkR NZ^dQ-/' >eTK`I+ :[6ސӂyH@qSW`@Nb>S#~ĪR誅-{AMU_Doũ-99i1^*mJ{˴DC\wN?τ3I+\JBEON1f]cNS_]vd~[MWlo unt}~;)$ɍTy11&Ff-3c3?:2֏fOLi1NRts"Pt |S뽂*>w=sViRJNv4XŠj 8g&\nX$} Mm8Q淌Nl(؎ ԋuӽ M-|;Wc3⥹qCˆdΜ-@= o. ZkqtҌKzft|j%}ԸT/WoΊ\ JWu8 |9KFAVq[u{bx4G n-# AvuHKlNb\7htdW(dҪb6hO=oxĿ_ͼ9~jg 8:FMV?iDh!DO*O>F=#tH)/;Had=M!91ż^ u2/%!!WU1\qoƔɄ9N[Ʊ4;Wg˵ϰS3 XWFU YU:ۺpfMlH\0(KE%Y5Е~['`>_sTlY̡?A aVmʪ"a)*~5c %7QmyXl}UdTt 8qk"X^A88?>w6.ĥz2 %<.֗ٲ&K/h2Կ: {r9}vJ:+%qzHth@{1v}XS/TjӰ̀W!N\:!#5uB^go"Ph$Ϝ(~\|֎PqC҉FN(bM,{IMt%(.I~X=L!s\ 9tV)ժ,I8ѻ:WUnU353#,=IPZ)g:-bm!~a@fSmCQZ)yL >I/ST?XV a55WDh{Kj"d^:]h.yQ'WmS|W BqLt t/N@T;'j  N(UNfѥ7` QP \Hq௕ko9pgyTЗb̓ x~ewCR:vvAg(d?dmd-E>mвvGjJx8/X>cFԘqʼn L0f`!V8[la]p*QzYWU˪rm*Unf Iqz0ηU7|cπ˔G<+)]Vk_YXaLM-H<*z ؉כxhI<یUL@AK:(N@P~?I R]\A J,"dM]6t*}Es#備qUVO(UIPKFwSAV+ ߋK.2VЀ{TI.҂LIKK5dM}=˄%p9vXME0bt|3z%N=yV^zT 浊P 쎠3 )e6clM0ï/k QIVrZͅXb|0#]O鳼Uk`k9kڌPSjf)z؍Ö&c%K^+$ M<<u G&<-<4эd]=WYD󸩿w]4dQm,K ǟ w8ʫ|ǰ7nҬjgݵL s}zYK( Oe4-|5:\|Ju.LJ%ꨒ_Zء}r. Pl}>V<Yh2eV$Ӈ%Ma¹~4r#fyWqYe$Ѭ_i2$Mx7Q] ;5!JOeaVUCjy48ۭf=\PCr4 Ĩ#^Wt/^[Ufĕ8> Х=|2=o{P.-yLB".EB{g -UCW7r`-j 'wuw`'{`u6|WaOZه9h~On^ ֻGzjq>uC?k~_9kR^a}K]LG.OԊxXp9i^N坃E{ogOV0Ȃrl~L%5%PI #;¦vNDy SDWkz0\u;$PYJ˘\08?Gb>6,ed%aGrFzL'۳";{\Ί+jlr3~;"TشחڇjGXmPUu5VRzaRM&F9z,*ts6N i_=yŞDxbUVxz!Uuu'#{r ?tj @ 83J>J˰ø{ym\TMH㷵DCR%Q'H!<(vKe xRb8ڄ6)$\4g84 F+n֊աoOe*H.gݡ:,것Mzy`DM2%ѫ~50q[q}[pv ?/gfpI"kBVj ݟ-1e#g*ظĶZ6L[5PpT>~gK+A0 zL4kcC`?\2 +@@ B;e&+{& ɤvZ ꊄIVm-#nW`闄eVƤB&w ^!k̳]^,Í=.1W8W~8].fqdgEYN=hd7lEr|5|uZCPIm'gniT(Unanc7εA1̗lȇ*j~OFRRԼ!"e^؁ v;!l9Mbsn 8 ChȁCsD-p4| WmM]~doڳnKۧlƕ0s[<.]?|/GNXgcj$|:4n,}2Wmǟkܖ轣Z]>{qʅ xɧ3y&9r|ɱOg3ɏ^UZ?ܫĮt{U%uS\/,'F2rD~-G"cT<չ27ƲܓQPQ`iyd>=*;0IUop<j-n:mA!]Y^Rwv)}J3\ȡN!`Q +oMj%_O!+ȡIWL!HU&j9opk٬լ4AlZqnSƚ0"[!@vsݛʱ)+H4{Nxf^g͢ćL4/8W \$)k&R+1$m2? &!O&0RC>2upxYnOdMpf(ƮR_X4++F^xn"60~(2>0xsYI5۴3t^`ˡN>W&8We?*Ւ9FS<,  ͉ߑOܣXC0T75F:zryBFK %vݠKb)h[í1P˃c\Xn].V_,B nVP-Df0xł aо@v5Z@N ! {L`XL#O5koe[r\[3h{IވdRmOMOt|gELMrߪ|p=+QXn z^1C~@!øiJyJsf,GE'ܓMx%iI0l'/u=""u%%?)G2Zl&'[z\95/7&[K|魓ǎl6=AX$Q,lxRp=MX09Yyׯ_g.& ? oh!,=ƾ/T^LjZ{d cVHxb'"^f֓.l^9h$3ɺcXk ۣ^ &zC \ MݕqIhŎXq1)|5T:^Mr2]Z:yy堂ipЎ,'LAq"/0ӂ8 fȶt&oi&k!`E.FHzq0R}Lȼnq([YsɺeSpω\`'B ݩ{YBW>`j&h7FnA29@Z{ ʆ,#)bw XV'POW l3M>_lJ3R@gҀ |̦p;OVٺr~`g>76Y9w4 Q۹HtSGXU-KcepljB@ W͌"7坳srהz`Eug.3ҡ\4j v-qJ NVj]Jh?ƏNȬ=DQ\gʯr W]_7o;l}cv0_UT@r/ 93UƬlɱ)4N`|8ۈN%u %mQ뢖 jImCϊ)? OC!3aj{*z2ktpc'{[GƱB27xGw]MW"Cx[رߗGvkxa:s&SDۜIi,߉όD-ߵRƫҎ?PߊNc'ŭi_eƥLC|W}s͊^N`3bA CR$rVڜys(iW%ڭuۢ=4J^dy~_uCa%?I1B;$ci| 'Tݯ/]n*m^hOV@~:<_^9wɖ4 OsL<6FSt&f#?o ?Tjx!nb\Jv )A^i-Fm.ME!=iĥͨGbʒnVZ7#*fo$E![檕db؎+q$ϋ+v.6Wjq9wEr܌g["^-20 }1!PlW+ɲ+3\}IGQ}E6'쥘mODD{-ղTlXFp(K)MÉ+Xng^Qm"žР S4^ԫlxw aQzVj1ˮSCa[kng9ßyHVȗij;g5,Qd%Φnݑ5ctݰ,oso ]MkkhE˶kx@̞gI_,?v.Ŭ3R>s&ڶӧ/[(D3[=`Æy LlSgh6];c(+2)r,ح jVNGi@ÐzataT7Rd3.Q3ƽAɊ O͆F\7,e8Dvܷ/&G>Y5zcn80?Dp]W,.x>:<׫" iʄPdW+Mw :!$$g! meme|\h4: i]hU? Jd9R8Fz$\J%<Q  2J#jG0n3;`x BhN h.#GK\/jY4-)jkzX`UhhXXpfQTFK{1`/PZ>s" ږbE^+ddA!ۥH}qǘpruCJV5.c'$-[Of!' V'VQ$2"n}tMw訂ٯh.<6JuyHۀro`|jlv]㤁Yikud\cL8d^HBOn9C!jՑp;FSx51:h+ MHaΓ"-EqfsO;<w6ZB5Z1a`bp!K/˭:˸`iUr gZ4yҹW{Bi,R-!XE~wgv>ЭM)&sYJ'aa%E-Ca+"),m>"[CɉcX)#73m<ʍ_LApڈ^28bPP5=e7+# nVKN7֑h3oο*N]/x]&J,ϱe$KuSW<7U~Eԍ =;h6 jEs8:]X_IiB'v&B I<kjk'+yvaSP \ r¥ x3&}ҙB=7z{!)Տ1~c:n^/pZܚx?K8coZoi2e 1}3^ήUM 6* F?bR0=He2}CFAH{٤vj@m'oH' qO{1fY5X&0Z/p~@Ӑv9wnM'AhC]dtܓz{\*ꐕZŪ| }פ4 ض%ȯ!?0Itł s1H+/̈́'i(70^hjr*}BkU0ޏbof8O0#K* {޸f+'ɐ> LݓGD;usg #j߳f\>6lyƜIi)sPA(U"kC5yW}ÄyMQ qQLeՒ##Se(n4!V;Զe4.7æem|Clpkl!ƅZ X*s= eLDp'b{ئ83 [ET\BBcbH!X6J Ɔ+|nm_<`|X~2ZRUo6J wbh{f dX|zߢj\hZ)̟( p\#Yx[lɢeju|A5ďz3]>de|Nοu{&+fvL+g=FyX,S 6hHL\,Gb̄;l0Ί.UZWxҖdϚco ^˜rNx &tQZ\7`fwad BN)*1tLٴ֪sYv":Owee@b ;R'!E<u3a3rR079.cp-yIÔQA Pu1 wv ZzJU- N Gc%Uary^. D-kwըZ[º*<Q&!֠E+?FO a?*%!PE 8N wFX&p4.Ԇ(1ZBMeQCjWZSdJT RFhƢ(W RMXS* ]i#tm]}QՓ4#1-֤EMϟ7([l9"Ƈ - %њ3gȦ#@3{pxb fKs'qSmCC-m@a&RܨG"rA!) RRNYCR d\)=@\*~qsD ԯ{:YqL;jx0CrtI*Kjl쿰`]X<~3lħJmb y~y-**^c~6Ǚl\|Jh@ yK h\d^&VmzC,]taWgXEchmz7:Y^I;I!Bv[Uqh!!~˕l@V6ܘzJztT jj5z֒2\f;n84fa$x{ln}.[ةSږ @׫#úD$4G絥U(>.Bbs"if:6 H7LeE9OEGGqN0UW)]g|/GaM,!­H0Q4㴞#mc:u*XeO|^k5HB:-uKHn5 1T([OՕԵ/E&ْԾ(2*;uml.!T+Ļ?b9hWs, Wz1|~ hO_f:..cW!(.?y'>i;iᩂmcd$  Ɔԑ8lC͢IPG.VqZ3We{2J"c1MlrjrQ\h7a *I[f`]O}D xO JFbPt6_VB7RHמ^];!J&Η)ed:0 #|U¬n咠kXiEnRi5;F݄·(?w?ڸ^>Cu^,:._Fr\OǦyW93i)$X:a_&V͖k)t Uvј)6 Lt.;Y&gE `3@{CͯHwfw0ck@+[+bi4Є4J &]y^lNcD}edY [{<'Ҋ߰Qxv%Ӓq4RfLO2^@Tg%oAG@2R6b<9څ(O- ra4|;^8S`}y$8kyC$l3Bsج^oƵ)^9–~j]ݠQMљ@&f~y:8{ض P<8̯3ti @J QԺ?|)p;V)_b }T#&XŞTƄԃ"+<0(Z{Wxq0?-M vG[k~캃x %Zq栯1| 2*ՋKjJF׾ސ @ɬ z8U;ˊe_G^"0'T$f`v`-n-֛_e66/FߛmIL8{=a8GưcY1?9-j$Gh|v:*yb gۤ_&-6Q\ T{ `+Q$_/4 d_P8jύ?` 8r:{ri'MÖ[v_c[N*(/^jeH4IGp*''RCr91}SjZTKRchdheh›Q;|I q aN|#LLZ1~b%쬹Ϻilpz/kg}գ6b11ϑmS3^ ~KL,ꭹxɍAb1IB](IJ73}). }h8<>/cdpug[&5zhAc,sgU-H LO0;߮BWf,Vjb׊l{k)@h&3Ei-lpm]J]`/PY#fNI ,, &˰.*TӍ h䨍`8qWlAU/v8Y~ʈl9~m0O6'l,>~=(KZ9-],&Q]/ eb|#.[is"~NT'fc(닕bT_UE1`ZZŖZ}<}1Z,,+^b=PoJf\kUoFWkbh&Nvk62zhBp>r=re&$&RF0_#)ê[X\M:&mH, {+۴Ev^7;rیn7Bpz^d~~ػ &ْv-SzfsaWΥXWu@4&ni!zMO݆ŷqt*%v+lZݺM5 Wy^{A-\/AvcU;.!}L2jv>"-f5dptǷҮB]stGi"^׺jBQHN+Dl_[ ]Vw0l&Ip722pARĵV搌S$nC݀ouf=:!8~~23{5FUtڨf)NLGEUHi.P{`XwV ӐcJ8ndpj39!k["3Gd" 5S=ٙ>m/( d!Pxx:КJ+/OE2Z3'!C)_eszn)#S93\01r9 sC݈;ʗx m , R_H6uiK|a+ًӚݒ`Ʒ6s[6?Ŋw3a`w6AOKJF'd~*~o:}Y+X"y3  baӣXDIؓ `FIJVF^+#ked.__/z7*|l@GYJ$D*%6O%Ljuw"F jlfO1  8=[&J)$((?;.ِ35QWŝs(lf!;Y8:n'Y Q-Q%zWzK6I"&a&)EۼY+YuШTp;XŻAN#Jc?%+ܵ> ~;]%uglOE:HYLcގogu$ 2|)]qi XYA! `2\ko>&;U-% " tRĊY P@JN[W>;yPZu|'p7",thbҟ:3ҟezaOFpnw{UuJl]M X/}0E$<Z2یzZܜ7$\O#xQ`iƍ#bBiB?b1m׮̠5af1-d-WTu`cэ[% 9P(#vdh5e!G*8|3 W(dZ[y3qd73>S %>Ǵ_n"JFAǪ܇}^[ں[iOUIn,D;=:[f4XXo$dV7λHEBG2yHs)CЂa|w/@a[GSpŒ[g@LĀUNXF,ԶC t$v}& C{Pp[\LF w;zaFEoVSJ'KIj T6=̆ї 0 cNWoWp}4[7E~VpOfm Lwf;pˎ=0ט(ЩQ(f6i^Vbn*ڏAu%}tٖ@ߥ,=dAr8m|m2C%l<Ӣ$dܜ9n>8PPxNFрGrW[^GS ON~ծ85'$כ ;\IJu-ח57O1Q]x:nerr\8SjH0 0mܗ|KӮa[e!^+=OwkV$hV C+ZvDܵf܀uN{\& O'' ߉(xOLk?">}x:_?g鸏+mN̸n !ART."\E9;ȧuh{]i׮/)zAj43dzʎ[̳il&jUҶdZKp?XC6&wB,_u޽ Ĭ X{:gūB b-8 zl Vy+vOiyN ʭ̩ĞЩHrptKIœ8raA&-yțk6-庴~!\uƁ;tkh~A(7˱}2Sn+ba˦;GTϧUj*.d'JocRWoZ9wŒTjlXZw' F9oQ2fgeGd+ucYё~43>?xďfJTWe/VុGOBǢz >~m0psdK9>xEű:l^7Ls8U,]K'[zCސ+6HJ늁p3Ʊ1Ow[AP x8uKV8 м;yzC(jyבHgiq=8Ⱦ f:\13=ȳR 5rFzq!`D$emrnW#*/ c?2r 3V5Yum\/;;P'8@*- 5R}xYL2bsFwuaGsVd4[SȖ›|M*?R(pzYKwr]@jޮݾg[0!]T`2ќFnrxqxy& SȾN-5uO|j ,,[Nn̩=ʋ9@ӺUC=X]yeM`)oTJ"}8Ci/_\*[̙߿k+N9==K"EP㥞/ItTg?dφg2TR8͖!s7y"~)3UZdjSKJT',DI&q(9@YuKڌgk2v2ɧ@GF5PL:՜.S"{4dҍӁ?ۆokNNbҪ\@ 5%:FLKrFOI*?;-0ʶ0/6䍺&6e,BNP$ך0ԢǺco7{DAFkK[ gZ(I"&$.It G>$JA,a:~6*3)1zU#G  ,0ۦR> hl{:/KrrLW1Z FMm6EǦ(Lrf<8ܑM'S8`,^>җ"J'xG78PwI*Jub2ja㓩EFDM蛋"~Sjg*5gۂg 0wP)[@ׁG 24-[ع,c\q |8q$thxoEh//e=hHQ=x&lT tp ͛q$]OR,VQ-:?KpJ~ ,VxM'/: d U1ѣׇo$x#^>.o sx3Ѓ|QNkYQkN@T9gJPU9yel%֯NU1.4LO:5l'oknCo|)UZUA]rz 6HJ0Έf_]vmHD{P X-wfwGlq]vʁ}! RkT%z25n_IILݔAJ̑c3GN9~ &`Z8Nf:#XY!WPZZè\OnБ.Y#?H%=3xY6 X<_WP֠a f4{ -G+!X `=Skp{#|qkLTc0$Ex51͒ c1%8v{kA7$Fv '*p:}W|2VgV^(.U6+R)H?XX*T/ Zc,@bU`nx'Y2=MUu4peØrbhq+I8\NnU'={פAvYܚe W:j<}knl$GB/H/KXjSb|Qޢ~@n˅BqnQL;g>~]FgڭEnNgƵsb7W;?Xn3;_/_1͞( Ӓsn70F^3Ws]y?):OەjkHG.7iA4%QG \d*{:Kw]g [k ; #ٮw/]l:JٷNQM6]ܦ@863 ˼ `=:@2/[cqyI-|P{F [Zb~ smB6 dWY%5{:;21@< $ZSљ|sWgCo3o3W>z *YO?>wʹ:ˌ0W^b p[-IePWa~Jf yqO]GeJy7e̦ 8-df9ħclYV)4%cE!ݽe¿ijn2PsӈϗK gV >+|*^*cX8[j֪S^Ղ6Q}n#LoO"PCF*eb'l)t^ YdIA0go<2>[7KӍFZ),ۧJou栯X 1{m7±ULAσ#!IalԀ4@8fhяq @.@|!h a_B!1o8^;v9w}-,5jQt_*u~M h%ޫIR׎4Jm*5r9r9d~=RMlx^GͷR'cwfa?fʼndQm/s|+YH X W㛉67>pTzJĹq?rQ\_Axf4cq7VԒDJĴHT%t8'JY(١KjZ'Ix$& ó.~txrވ}^>6.L8~t@'nkG*f=ϷaYkGd2,6oN^d9Nb~띓N_K+~bҸMak07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!0>JC("C 9H YZ