diff --git a/.gitignore b/.gitignore
index a7e4b94..94f98f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@ openLdap
 *.zip
 Thumbs.db
 Desktop.ini
+.DS_Store
 
diff --git a/ldap_authentication/LdapAuthenticationConf.class.php b/ldap_authentication/LdapAuthenticationConf.class.php
index ae0f7fd..8e5d45c 100644
--- a/ldap_authentication/LdapAuthenticationConf.class.php
+++ b/ldap_authentication/LdapAuthenticationConf.class.php
@@ -108,9 +108,21 @@ class LdapAuthenticationConf {
    */
   public $emailUpdate = LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DEFAULT;
 
+
+   /**
+   * Password handling option
+   *   LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW -- show field disabled on user forms
+   *   LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE (default) -- disable password on user forms
+   *   LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW -- allow editing of password on user forms
+   *
+   * @var int
+   */
+  public $passwordOption = LDAP_AUTHENTICATION_PASSWORD_FIELD_DEFAULT;
+
   public $ssoEnabled = FALSE;
   public $ssoRemoteUserStripDomainName = FALSE;
   public $ssoExcludedPaths = NULL;
+  public $ssoExcludedHosts = NULL;
   public $seamlessLogin = FALSE;
   public $ldapImplementation = FALSE;
   public $cookieExpire = LDAP_AUTHENTICATION_COOKIE_EXPIRE;
@@ -167,12 +179,14 @@ class LdapAuthenticationConf {
     'ldapUserHelpLinkText',
     'emailOption',
     'emailUpdate',
+    'passwordOption',
     'allowOnlyIfTextInDn',
     'excludeIfTextInDn',
     'allowTestPhp',
     'excludeIfNoAuthorizations',
     'ssoRemoteUserStripDomainName',
     'ssoExcludedPaths',
+    'ssoExcludedHosts',
     'seamlessLogin',
     'ldapImplementation',
     'cookieExpire',
@@ -235,7 +249,7 @@ class LdapAuthenticationConf {
    * @todo.  this function should simply invoke hook_ldap_authentication_allowuser_results_alter
    *   and most of this function should go in ldap_authentication_allowuser_results_alter
    */
-  public function allowUser($name, $ldap_user, $account_exists = NULL) {
+  public function allowUser($name, $ldap_user) {
 
     /**
      * do one of the exclude attribute pairs match
@@ -243,9 +257,6 @@ class LdapAuthenticationConf {
     $ldap_user_conf = ldap_user_conf();
     // if user does not already exists and deferring to user settings AND user settings only allow
     $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
-    if (!$account_exists && $ldap_user_conf->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP && $user_register == USER_REGISTER_ADMINISTRATORS_ONLY) {
-      return FALSE;
-    }
 
     foreach ($this->excludeIfTextInDn as $test) {
       if (stripos($ldap_user['dn'], $test) !== FALSE) {
diff --git a/ldap_authentication/LdapAuthenticationConfAdmin.class.php b/ldap_authentication/LdapAuthenticationConfAdmin.class.php
index 2c2ccd7..6da4422 100644
--- a/ldap_authentication/LdapAuthenticationConfAdmin.class.php
+++ b/ldap_authentication/LdapAuthenticationConfAdmin.class.php
@@ -5,7 +5,7 @@
  * This classextends by LdapAuthenticationConf for configuration and other admin functions
  */
 
-module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConf.class');
+ldap_servers_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConf.class');
 
 class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
 
@@ -29,7 +29,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
      until each is exhausted.  In most cases only one server configuration is selected.');
 
     /**
-     * 1.  User Login Interface
+     * User Login Interface
      */
     $values['loginUIUsernameTxtDescription'] = t('Text to be displayed to user below the username field of
      the user login screen.');
@@ -45,7 +45,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
 
 
     /**
-     * 2.  LDAP User Restrictions
+     * LDAP User Restrictions
      */
 
     $values['allowOnlyIfTextInDnDescription'] = t('A list of text such as ou=education
@@ -65,7 +65,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
       enabled for this to work.');
 
     /**
-    * 4. Email
+    * Email
     */
 
     $values['emailOptionOptions'] = array(
@@ -82,7 +82,17 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
 
 
     /**
-     * 5. Single Sign-On / Seamless Sign-On
+    * Password
+    */
+
+    $values['passwordUpdateOptions'] = array(
+      LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW => t('Display password field disabled (Prevents password updates).'),
+      LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE => t('Don\'t show password field on user forms except login form.'),
+      LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW => t('Display password field and allow updating it. In order to change password in LDAP, LDAP provisioning for this field must be enabled.'),
+      );
+
+    /**
+     *  Single Sign-On / Seamless Sign-On
      */
 
       $values['ldapImplementationOptions'] = array(
@@ -90,9 +100,8 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
         'mod_auth_kerb' => t('mod_auth_kerb'),
         );
 
-      $values['cookieExpirePeriod'] = array(0 => t('Immediately')) +
-        drupal_map_assoc(array(3600, 86400, 604800, 2592000, 31536000, 315360000), 'format_interval')
-        + array(-1 => t('Never'));
+      $values['cookieExpirePeriod'] = array(-1 => t('Session'), 0 => t('Immediately')) +
+        drupal_map_assoc(array(3600, 86400, 604800, 2592000, 31536000, 315360000, 630720000), 'format_interval');
 
       $values['ssoEnabledDescription'] = '<strong>' . t('Single Sign on is enabled.') .
         '</strong> ' . t('To disable it, disable the LDAP SSO Module on the') . ' ' . l(t('Modules Form'), 'admin/modules') . '.<p>' .
@@ -111,6 +120,12 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
           array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '<front>'));
         '</p>';
 
+      $values['ssoExcludedHostsDescription'] = '<p>' .
+        t('If your site is accessible via multiple hostnames, you may only want
+          the LDAP SSO module to authenticate against some of them. To exclude
+          any hostnames from SSO, enter them here. Enter one host per line.');
+        '</p>';
+
       $values['ssoRemoteUserStripDomainNameDescription'] = t('Useful when the ' .
         'WWW server provides authentication in the form of user@realm and you ' .
         'want to have both SSO and regular forms based authentication ' .
@@ -376,6 +391,20 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
       );
 
 
+    $form['password'] = array(
+      '#type' => 'fieldset',
+      '#title' => t('Password'),
+      '#collapsible' => TRUE,
+      '#collapsed' => FALSE,
+    );
+    $form['password']['passwordOption'] = array(
+      '#type' => 'radios',
+      '#title' => t('Password Behavior'),
+      '#required' => 1,
+      '#default_value' => $this->passwordOption,
+      '#options' => $this->passwordUpdateOptions,
+    );
+
     /**
      * Begin single sign-on settings
      */
@@ -443,6 +472,14 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
       '#disabled' => (boolean)(!$this->ssoEnabled),
     );
 
+    $form['sso']['ssoExcludedHosts'] = array(
+      '#type' => 'textarea',
+      '#title' => t('SSO Excluded Hosts'),
+      '#description' => t($this->ssoExcludedHostsDescription),
+      '#default_value' => $this->arrayToLines($this->ssoExcludedHosts),
+      '#disabled' => (boolean)(!$this->ssoEnabled),
+    );
+
     $form['submit'] = array(
       '#type' => 'submit',
       '#value' => 'Save',
@@ -504,7 +541,9 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
     $this->excludeIfNoAuthorizations = ($values['excludeIfNoAuthorizations']) ? (int)$values['excludeIfNoAuthorizations'] : NULL;
     $this->emailOption  = ($values['emailOption']) ? (int)$values['emailOption'] : NULL;
     $this->emailUpdate  = ($values['emailUpdate']) ? (int)$values['emailUpdate'] : NULL;
+    $this->passwordOption  = ($values['passwordOption']) ? (int)$values['passwordOption'] : NULL;
     $this->ssoExcludedPaths = $this->linesToArray($values['ssoExcludedPaths']);
+    $this->ssoExcludedHosts = $this->linesToArray($values['ssoExcludedHosts']);
     $this->ssoRemoteUserStripDomainName = ($values['ssoRemoteUserStripDomainName']) ? (int)$values['ssoRemoteUserStripDomainName'] : NULL;
     $this->seamlessLogin = ($values['seamlessLogin']) ? (int)$values['seamlessLogin'] : NULL;
     $this->cookieExpire = ($values['cookieExpire']) ? (int)$values['cookieExpire'] : NULL;
diff --git a/ldap_authentication/ldap_authentication.inc b/ldap_authentication/ldap_authentication.inc
index faf254f..d2708de 100644
--- a/ldap_authentication/ldap_authentication.inc
+++ b/ldap_authentication/ldap_authentication.inc
@@ -34,29 +34,10 @@ function _ldap_authentication_login_form_alter(&$form, &$form_state, $form_id) {
    *    array('user_login_name_validate', 'user_login_authenticate_validate', 'user_login_final_validate')
    */
 
-  if (@in_array('user_login_authenticate_validate', $form['#validate'])) {
-    $new_validation_sequence = array();
-    foreach ($form['#validate'] as $validate_function_name) {
-      if ($validate_function_name == 'user_login_authenticate_validate') {
-        if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_MIXED) {
-         // if mixed mode, allow drupal authentication first
-          $new_validation_sequence[] = 'user_login_authenticate_validate';
-          $new_validation_sequence[] = 'ldap_authentication_user_login_authenticate_validate';
-        }
-        elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
-         // see drupal.org/node/1009990 and drupal.org/node/1022362 change back when fixed.
-          $new_validation_sequence[] = 'user_login_authenticate_validate';
-          $new_validation_sequence[] = 'ldap_authentication_user_login_authenticate_validate';
-        }
-        else { // misconfigured ldap authentication, restore to original validation sequence
-        $new_validation_sequence[] = 'user_login_authenticate_validate';
-        }
-      }
-      else {
-        $new_validation_sequence[] = $validate_function_name;
-      }
-    }
-  $form['#validate'] = $new_validation_sequence;
+  if (@in_array('user_login_authenticate_validate', $form['#validate']) && $auth_conf->authenticationMode) {
+    $key = array_search('user_login_authenticate_validate', $form['#validate']);
+    $form['#validate'][$key] =  'ldap_authentication_core_override_user_login_authenticate_validate';
+    array_splice($form['#validate'], $key + 1, 0, 'ldap_authentication_user_login_authenticate_validate');
   }
 
   if ($form_id == 'user_login_block') {
@@ -123,18 +104,17 @@ function _ldap_authentication_form_user_profile_form_alter(&$form, $form_state)
 
 /**
   * user form validation will take care of username, pwd fields
-  * this function validates ldap autentication specific issues
-  * ldap authentication exclusively
+  * this function validates ldap authentication specific
   *
   * @param array $form_state array from user logon form
-  * @return NULL (form_set_error() calls throw validation errors)
+  * @return null, but success or failure is indicated by:
+  * -- form_set_error() to invalidate authentication process
+  * -- setting $form_state['uid'] to indicate successful authentication
   */
-function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
+function _ldap_authentication_user_login_authenticate_validate(&$form_state, $return_user) {
 
   $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
   $authname = $form_state['values']['name']; // $authname is the name the user is authenticated with from the logon form // patch 1599632
-  $accountname = $authname; // $accountname is used as the drupal account name $account->name property.
-  $pass = $form_state['values']['pass'];
 
   /*
    * If a fake form state was passed into this function from
@@ -145,68 +125,266 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
    */
   $sso_login = (isset($form_state['sso_login']) && $form_state['sso_login']) ? TRUE : FALSE;
 
-  $watchdog_tokens = array('%username' => $authname); // $watchdog_tokens = array('%username' => $name); // patch 1599632
+  $watchdog_tokens = array('%username' => $authname, '%authname' => $authname); // $watchdog_tokens = array('%username' => $name); // patch 1599632
   if ($detailed_watchdog_log) {
     watchdog('ldap_authentication', '%username : Beginning authentification....', $watchdog_tokens, WATCHDOG_DEBUG);
   }
-
+  
   if (!$auth_conf = ldap_authentication_get_valid_conf()) {
     watchdog('ldap_authentication', 'Failed to get valid ldap authentication configuration.', array(), WATCHDOG_ERROR);
     form_set_error('name', 'Server Error: Failed to get valid ldap authentication configuration.' . $error);
-    return FALSE;
+    return;
   }
 
- // if already succeeded at authentication, see if LDAP Exclusive is set
+ /**
+  * I. Test for previous module authentication success.
+  *
+  * if already succeeded at authentication, $form_state['uid'] will be set by other authentication module.
+  * - if LDAP Mixed mode is set, return and don't disrupt authentication process
+  * - otherwise override other authenication by setting $form_state['uid'] = NULL
+  */
   if (isset($form_state['uid']) && is_numeric($form_state['uid'])) {
     if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_MIXED || $form_state['uid'] == 1) {
       if ($detailed_watchdog_log) {
       watchdog('ldap_authentication', '%username : Previously authenticated in mixed mode or uid=1', $watchdog_tokens, WATCHDOG_DEBUG);
       }
-      return;  // already passed previous authentication validation
+      return;  // already passed a previous module's authentication validation
     }
     elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
       if ($detailed_watchdog_log) {
         watchdog('ldap_authentication', '%username : Previously authenticated in exclusive mode or uid is not 1.  Clear uid
         in form_state and attempt ldap authentication.',  $watchdog_tokens, WATCHDOG_DEBUG);
       }
-      $form_state['uid'] = NULL;  // passed previous authentication, but only ldap should be used
+      $form_state['uid'] = NULL;  // passed previous authentication, but only ldap should be used so override
     }
   }
 
+ /**
+  * II. Exit if no authentication servers.
+  */
   if (!$auth_conf->hasEnabledAuthenticationServers()) {
     watchdog('ldap_authentication',  'No LDAP servers configured.', array(), WATCHDOG_ERROR);
     form_set_error('name', 'Server Error:  No LDAP servers configured.');
+    return;
   }
 
-  if ($detailed_watchdog_log) {
-    watchdog('ldap_authentication', '%username : user_load_by_name(%username)', $watchdog_tokens, WATCHDOG_DEBUG);
+  /**
+   * III. determine if corresponding drupal account exists for $authname
+   */
+  $drupal_account_is_authmapped = FALSE;
+  list($drupal_account, $drupal_account_is_authmapped) = ldap_authentication_corresponding_drupal_user($authname, $auth_conf, $watchdog_tokens);
+  $drupal_account_exists = is_object($drupal_account);
+  if ($drupal_account_exists && $drupal_account->uid == 1) {
+    return; // user 1 is not allowed to ldap authenticate
   }
 
-  if (!($account = user_load_by_name($authname))) {
-    $uid = db_query("SELECT uid FROM {authmap} WHERE authname = :authname AND module = 'ldap_user'", array(':authname' => $authname))->fetchColumn();
-    $account = $uid ? user_load($uid) : FALSE;
+  /**
+   * IV. test credentials and if available get corresponding ldap user and ldap server
+   */
+  list($authentication_result, $ldap_user, $ldap_server_authenticated_on) = ldap_authentication_test_credentials($auth_conf, $sso_login, $authname, $form_state['values']['pass'], $watchdog_tokens);
+  if ($authentication_result != LDAP_AUTHENTICATION_RESULT_SUCCESS) {
+    ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, $watchdog_tokens);
+    return;
   }
 
-  if (is_object($account)) {
-    if ($account->uid == 1) {
-      if ($detailed_watchdog_log) {
-        watchdog('ldap_authentication',  '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
+  /**
+   * V. if account_name_attr is set, drupal username is different than authname
+   */
+  if ($ldap_server_authenticated_on->account_name_attr != '') {
+    $watchdog_tokens['%account_name_attr'] = $ldap_server_authenticated_on->account_name_attr;
+    $drupal_accountname = $ldap_user['attr'][ldap_server_massage_text($ldap_server_authenticated_on->account_name_attr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)][0];
+    if (!$drupal_accountname) {
+      watchdog('ldap_authentication',  'Derived drupal username from attribute %account_name_attr returned no username for authname %authname.', $watchdog_tokens, WATCHDOG_ERROR);
+      return;
+    }
+  }
+  else {
+    $drupal_accountname = $authname; 
+  }
+  $watchdog_tokens['%drupal_accountname'] = $drupal_accountname;
+  
+  /**
+   * VI. Find or create corresponding drupal account and set authmaps
+   *
+   * at this point, the following are know:
+   * - a corresponding ldap account has been found
+   * - user's credentials tested against it and passed
+   * - their drupal accountname has been derived
+   * 
+   */
+
+      
+  /**
+   * VI.A: Drupal account doesn't exist with $authname used to logon,
+   *  but puid exists in another Drupal account; this means username has changed
+   *  and needs to be saved in Drupal account
+   *
+   */
+  if (!$drupal_account_exists && $ldap_server_authenticated_on) {
+    $puid = $ldap_server_authenticated_on->userPuidFromLdapEntry($ldap_user['attr']);
+    if ($puid) {
+      $drupal_account = $ldap_server_authenticated_on->userUserEntityFromPuid($puid);
+      if ($drupal_account) {
+        $drupal_account_exists = TRUE;
+        $user_edit = array('name' => $drupal_accountname);
+        $drupal_account = user_save($drupal_account, $user_edit, 'ldap_user');
+        user_set_authmaps($drupal_account, array("authname_ldap_user" => $authname));
+        $drupal_account_is_authmapped = TRUE;
       }
-      return FALSE;  // user 1 must use drupal authentication
     }
-    else {
-      $account_exists = TRUE;
-      $user_data = $account->data;
-      $authmaps = user_get_authmaps($authname); // $authmaps = user_get_authmaps($name); // patch 1599632
-      $ldap_authentication_authmap = isset($authmaps['ldap_user']);
-      $no_authmaps = (boolean)(count($authmaps));
+  }
+
+  /**
+   * VI.B: existing Drupal account but not authmapped to ldap modules,
+   *   ldap authmap or disallow
+   *
+   */
+
+  if ($drupal_account_exists && !$drupal_account_is_authmapped) {  // account already exists
+    if ($auth_conf->ldapUser->loginConflictResolve == LDAP_USER_CONFLICT_LOG) {
+      if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
+        $watchdog_tokens['%conflict_name'] = $account_with_same_email->name;
+        watchdog('ldap_authentication', 'LDAP user with DN %dn has a naming conflict with a local drupal user %conflict_name', $watchdog_tokens, WATCHDOG_ERROR);
+      }
+      drupal_set_message(t('Another user already exists in the system with the same login name. You should contact the system administrator in order to solve this conflict.'), 'error');
+      return;
+    }
+    else { // LDAP_authen.AC.disallow.ldap.drupal
+    // add ldap_authentication authmap to user.  account name is fine here, though cn could be used
+      user_set_authmaps($drupal_account, array('authname_ldap_user' => $authname));
+      $drupal_account_is_authmapped = TRUE;
       if ($detailed_watchdog_log) {
-        watchdog('ldap_authentication',  '%username : Drupal User Account found.  Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
+        watchdog('ldap_authentication', 'set authmap for %username authname_ldap_user', $watchdog_tokens, WATCHDOG_DEBUG);
+      }
+    }
+  }
+  
+  /**
+   * VI.C: existing Drupal account with incorrect email.  fix email if appropriate
+   *
+   */
+  if ($drupal_account_exists && $drupal_account->mail != $ldap_user['mail'] && (
+          $auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ||
+          $auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE
+          ))  {
+    $user_edit = array('mail' => $ldap_user['mail']);
+
+    $watchdog_tokens['%username'] = $drupal_account->name;
+    if (!$updated_account = user_save($drupal_account, $user_edit)) {
+      watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens,  WATCHDOG_ERROR);
+    }
+    elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) {
+      if (isset($user_edit['mail'])) {
+        $watchdog_tokens['%mail'] = $user_edit['mail'];
+        drupal_set_message(t('Your e-mail has been updated to match your current account (%mail).', $watchdog_tokens), 'status');
+      }
+      if (isset($user_edit['name'])) {
+        $watchdog_tokens['%new_username'] = $user_edit['name'];
+        drupal_set_message(t('Your old account username %username has been updated to %new_username.', $watchdog_tokens), 'status');
       }
     }
   }
+  
+  /**
+   * VI.C: no existing Drupal account.  consider provisioning Drupal account.
+   *
+   */
+  if (!$drupal_account_exists) {
+  
+    // VI.C.1 Do not provision Drupal account if another account has same email.
+    if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
+      /**
+       * username does not exist but email does.  Since user_external_login_register does not deal with
+       * mail attribute and the email conflict error needs to be caught beforehand, need to throw error here
+       */
+      $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
+      watchdog('ldap_authentication', 'LDAP user with DN %dn has email address
+        (%mail) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
+      drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
+      return;
+    }
+
+    // VI.C.2 Do not provision Drupal account if provisioning disabled
+    if (!$auth_conf->ldapUser->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE)) {
+      watchdog('ldap_user', 'Drupal account for authname=%authname account name=%account_name_attr does not exist and provisioning of Drupal accounts on authentication is not enabled', $watchdog_tokens, WATCHDOG_INFO);
+      return;
+    }
+    
+    // VI.C.3 Provision Drupal account
+    /**
+     *
+     * new ldap_authentication provisioned account could let user_external_login_register create the account and set authmaps, but would need
+     * to add mail and any other user->data data in hook_user_presave which would mean requerying ldap
+     * or having a global variable.  At this point the account does not exist, so there is no
+     * reason not to create it here.
+     *
+     * @todo create patch for core user module's user_external_login_register to deal with new external accounts
+     *       a little tweak to add user->data and mail etc as parameters would make it more useful
+     *       for external authentication modules
+     */
+
+    if ($auth_conf->ldapUser->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP &&
+        variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
+      $user_edit = array('name' => $drupal_accountname, 'status' => 0); // if admin approval required, set status to 0.
+    }
+    else {
+      $user_edit = array('name' => $drupal_accountname, 'status' => 1);
+    }
+
+    // don't pass in ldap user to provisionDrupalAccount, because want to requery with correct attributes needed
+    // this may be a case where efficiency dictates querying for all attributes
+    $drupal_account = $auth_conf->ldapUser->provisionDrupalAccount(NULL, $user_edit, NULL, TRUE);
+    
+    if ($drupal_account === FALSE) {
+      watchdog('ldap_user', 'Failed to find or create %drupal_accountname on logon.', $watchdog_tokens, WATCHDOG_ERROR);
+      form_set_error('name', t('Server Error: Failed to create Drupal user account for %drupal_accountname', $watchdog_tokens));
+      return;
+    }
+  }
+ 
+  /**
+  * we now have valid, ldap authenticated username with an account authmapped to ldap_authentication.
+  * since user_external_login_register can't deal with user mail attribute and doesn't do much else, it is not
+  * being used here.
+  * 
+  * without doing the user_login_submit,
+  * [#1009990],[#1865938]
+  */
+  
+  $form_state['uid'] = $drupal_account->uid;
+ // $fake_form_state = array('uid' => $drupal_account->uid);
+ // user_login_submit(array(), $fake_form_state);
+ // global $user;
+ // $form_state['uid'] = $user->uid;
+ 
+ 
+  // the uid is returned so that special login modules, namely ldap sso, can manually call this function.
+  return ($return_user) ? $drupal_account : null;
+}
+
+/**
+ * given authname, determine if corresponding drupal account exists and is authmapped
+ */
+function ldap_authentication_corresponding_drupal_user($authname, $auth_conf, &$watchdog_tokens) {
+  $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+  if (!($drupal_account = user_load_by_name($authname))) {
+    $uid = db_query("SELECT uid FROM {authmap} WHERE authname = :authname AND module = 'ldap_user'", array(':authname' => $authname))->fetchColumn();
+    $drupal_account = $uid ? user_load($uid) : FALSE;
+  }
+
+  if (is_object($drupal_account)) {
+    $authmaps = user_get_authmaps($authname); // $authmaps = user_get_authmaps($name); // patch 1599632
+    $drupal_account_is_authmapped = isset($authmaps['ldap_user']);
+    $user_data = $drupal_account->data;
+    if ($drupal_account->uid == 1 && $detailed_watchdog_log) {
+      watchdog('ldap_authentication',  '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
+    }
+    elseif ($detailed_watchdog_log) {
+      watchdog('ldap_authentication',  '%username : Drupal User Account found.  Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
+    }
+  }
   else {  // account does not exist
-    $account_exists = FALSE;
+    $drupal_account_is_authmapped = FALSE;
     if ($auth_conf->ldapUser->createLDAPAccounts == FALSE) {
       if ($detailed_watchdog_log) {
         watchdog('ldap_authentication', '%username : Drupal User Account not found and configuration is set to not create new accounts.', $watchdog_tokens, WATCHDOG_DEBUG);
@@ -216,7 +394,14 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
       watchdog('ldap_authentication', '%username : Existing Drupal User Account not found.  Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
     }
   }
+  return array($drupal_account, $drupal_account_is_authmapped);
+}
 
+function ldap_authentication_test_credentials($auth_conf, $sso_login, $authname, $password, &$watchdog_tokens) {
+  $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+  $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC;
+  $ldap_user = FALSE;
+  $ldap_server = NULL;
   foreach ($auth_conf->enabledAuthenticationServers as $sid => $ldap_server) {
     $watchdog_tokens['%sid'] = $sid;
     $watchdog_tokens['%bind_method'] = $ldap_server->bind_method;
@@ -261,12 +446,11 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
   */
 
     $bind_success = FALSE;
-    if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT ||
-        $ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER
-        ) {
-      $bind_success = ($ldap_server->bind() == LDAP_SUCCESS);
+    if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT) {
+      $bind_success = ($ldap_server->bind(NULL, NULL, FALSE) == LDAP_SUCCESS);
     }
-    elseif ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON) {
+    elseif ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON ||
+        $ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
       $bind_success = ($ldap_server->bind(NULL, NULL, TRUE) == LDAP_SUCCESS);
     }
     elseif ($sso_login) {
@@ -279,7 +463,7 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
         $transformname =  $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens);
         $replace = array($basedn, $transformname);
         $userdn = str_replace($search, $replace, $ldap_server->user_dn_expression);
-        $bind_success = ($ldap_server->bind($userdn, $pass) == LDAP_SUCCESS);
+        $bind_success = ($ldap_server->bind($userdn, $password, FALSE) == LDAP_SUCCESS);
         if ($bind_success) {
           break;
         }
@@ -337,9 +521,7 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
     * #4 CHECK ALLOWED AND EXCLUDED LIST AND PHP FOR ALLOWED USERS
     */
 
-    $allow = $auth_conf->allowUser($authname, $ldap_user, $account_exists);
-
-    if (!$allow) {
+    if (!$auth_conf->allowUser($authname, $ldap_user)) {
       $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED;
       break;  // regardless of how many servers, disallowed user fails
     }
@@ -362,7 +544,7 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
       $credentials_pass = (boolean)($ldap_user);
     }
     else {
-      $credentials_pass = ($ldap_server->bind($ldap_user['dn'], $pass) == LDAP_SUCCESS);
+      $credentials_pass = ($ldap_server->bind($ldap_user['dn'], $password, FALSE) == LDAP_SUCCESS);
     }
     if (!$credentials_pass) {
       if ($detailed_watchdog_log) {
@@ -379,11 +561,6 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
         $ldap_user = $ldap_server->userUserNameToExistingLdapEntry($authname); // after successful bind, lookup user again to get private attributes
         $watchdog_tokens['%mail'] = $ldap_user['mail'];
       }
-      if ($ldap_server->account_name_attr != '') {
-        $accountname = $ldap_user['attr'][ldap_server_massage_text($ldap_server->account_name_attr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)][0];
-      }
-      $watchdog_tokens['%account_name_attr'] = $accountname;
-
       if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT ||
           $ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
           $ldap_server->disconnect();
@@ -399,21 +576,24 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
   if ($detailed_watchdog_log) {
     watchdog('ldap_authentication',  '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
   }
+  
+  return array($authentication_result, $ldap_user, $ldap_server);
+}
 
-  if ($authentication_result != LDAP_AUTHENTICATION_RESULT_SUCCESS) {
-    $watchdog_tokens['%err_text'] =  _ldap_authentication_err_text($authentication_result);
-  // fail scenario 1.  ldap auth exclusive and failed  throw error
-    if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
-      if ($detailed_watchdog_log) {
-        watchdog('ldap_authentication', '%username : setting error because failed at ldap and
-          LDAP_AUTHENTICATION_EXCLUSIVE is set to true.  So need to stop authentication of Drupal user that is not user 1.
-          error message: %err_text', $watchdog_tokens, WATCHDOG_DEBUG);
-      }
-      form_set_error('name', $watchdog_tokens['%err_text']);
+function ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, &$watchdog_tokens) {
+  $watchdog_tokens['%err_text'] =  _ldap_authentication_err_text($authentication_result);
+ // fail scenario 1.  ldap auth exclusive and failed  throw error so no other authentication methods are allowed
+  if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+    if ($detailed_watchdog_log) {
+      watchdog('ldap_authentication', '%username : setting error because failed at ldap and
+        LDAP_AUTHENTICATION_EXCLUSIVE is set to true.  So need to stop authentication of Drupal user that is not user 1.
+        error message: %err_text', $watchdog_tokens, WATCHDOG_DEBUG);
     }
-    else {
-   // fail scenario 2.  simply fails ldap.  return false.
-   // don't show user message, may be using other authentication after this that may succeed.
+    form_set_error('name', $watchdog_tokens['%err_text']);
+  }
+  else {
+ // fail scenario 2.  simply fails ldap.  return false, but don't throw form error
+ // don't show user message, may be using other authentication after this that may succeed.
     if ($detailed_watchdog_log) {
       watchdog('ldap_authentication',
         '%username : Failed ldap authentication.
@@ -422,159 +602,10 @@ function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
         $watchdog_tokens,
         WATCHDOG_DEBUG
         );
-      }
-    }
-    return FALSE;
-  }
-
-  /**
-   * case 0: account doesn't exist with $name used to logon,
-   *  but puid exists in another user; that is username has changed
-   *
-   */
-
-  $user_edit = array(); // array of attributes that are changing for existing users
-  if (!$account_exists && isset($auth_conf->enabledAuthenticationServers[$ldap_user['sid']])) {
-    $ldap_server = $auth_conf->enabledAuthenticationServers[$ldap_user['sid']];
-    $puid = $ldap_server->userPuidFromLdapEntry($ldap_user['attr']);
-    if ($puid) {
-      $account = $ldap_server->userUserEntityFromPuid($puid);
-      if ($account) {
-        $account_exists = TRUE;
-        $user_edit['name'] = $accountname;
-        $account = user_save($account, $user_edit, 'ldap_user');
-        user_set_authmaps($account, array("authname_ldap_user" => $authname));
-      }
-    }
-  }
-
-  /**
-   * case 1: previously drupal authenticated user authenticated successfully on ldap
-   *
-   */
-  if (!$account_exists && ($account = user_load_by_name($accountname))) {
-    user_set_authmaps($account, array('authname_ldap_user' => $authname));
-    $account_exists = TRUE;
-  }
-  if (!$account_exists) {
-
-    if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
-      // dpm('account with same email');
-      /**
-       * username does not exist but email does.  Since user_external_login_register does not deal with
-       * mail attribute and the email conflict error needs to be caught beforehand, need to throw error here
-       */
-      $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
-      watchdog('ldap_authentication', 'LDAP user with DN %dn has email address
-        (%mail) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
-      drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
-      return FALSE;
-    }
-
-    if (!$auth_conf->ldapUser->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE)) {
-      watchdog('ldap_user', 'Drupal account for authname=%authname account name=%account_name_attr does not exist and provisioning of Drupal accounts on authentication is not enabled', $watchdog_tokens);
-      return FALSE;
-    }
-    /**
-     *
-     * new ldap_authentication provisioned account could let user_external_login_register create the account and set authmaps, but would need
-     * to add mail and any other user->data data in hook_user_presave which would mean requerying ldap
-     * or having a global variable.  At this point the account does not exist, so there is no
-     * reason not to create it here.
-     *
-     * @todo create patch for user_external_login_register to deal with new external accounts
-     *       a little tweak to add user->data and mail etc as parameters would make it more useful
-     *       for external authentication modules
-     */
-    ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
-
-    // $ldap_user['sid'] = $sid;
-    $account = NULL;
-    $user_edit = array('name' => $accountname, 'status' => 1);
-    $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
-    if ($auth_conf->ldapUser->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP && $user_register == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
-      $user_edit['status'] = 0; // if admin approval required, set status to 1.
-    }
-
-    // don't pass in ldap user, because want to requery with correct attributes needed
-    // this may be a case where efficiency dictates querying for all attributes
-    $account = $auth_conf->ldapUser->provisionDrupalAccount($account, $user_edit, NULL, TRUE);
-    if ($account === FALSE) {
-      // need to throw error that account was not created so logging in is not happenning via ldap
-    }
-  }
-  else {  // account already exists
-    if ($ldap_authentication_authmap == FALSE) {
-      if ($auth_conf->ldapUser->loginConflictResolve == LDAP_USER_CONFLICT_LOG) {
-        if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
-          $watchdog_tokens['%conflict_name'] = $account_with_same_email->name;
-          watchdog('ldap_authentication', 'LDAP user with DN %dn has a naming conflict with a local drupal user %conflict_name', $watchdog_tokens, WATCHDOG_ERROR);
-        }
-        drupal_set_message(t('Another user already exists in the system with the same login name. You should contact the system administrator in order to solve this conflict.'), 'error');
-        return FALSE;
-      }
-      else { // LDAP_authen.AC.disallow.ldap.drupal
-      // add ldap_authentication authmap to user.  account name is fine here, though cn could be used
-        user_set_authmaps($account, array('authname_ldap_user' => $authname));
-        if ($detailed_watchdog_log) {
-          watchdog('ldap_authentication', 'set authmap for %username authname_ldap_user', $watchdog_tokens, WATCHDOG_DEBUG);
-        }
-      }
-    }
-
-
-    /**
-     * @todo.  mail, name, and all other attributes should be synched in this case.  need to
-     * generalise this instead of dealing with mail and name individually.
-     *
-     *  $account = ldap_user_synch_drupal_account($ldap_user);
-     */
-
-    if ($account->mail != $ldap_user['mail'] && (
-          $auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ||
-          $auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE
-          ))  {
-      $user_edit['mail'] = $ldap_user['mail'];
-    }
-
-    if (count($user_edit)) {
-      $watchdog_tokens['%username'] = $account->name;
-      if (!$updated_account = user_save($account, $user_edit)) {
-        watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens,  WATCHDOG_ERROR);
-      }
-      elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) {
-        if (isset($user_edit['mail'])) {
-          $watchdog_tokens['%mail'] = $user_edit['mail'];
-          drupal_set_message(t('Your e-mail has been updated to match your current account (%mail).', $watchdog_tokens), 'status');
-        }
-        if (isset($user_edit['name'])) {
-          $watchdog_tokens['%new_username'] = $user_edit['name'];
-          drupal_set_message(t('Your old account username %username has been updated to %new_username.', $watchdog_tokens), 'status');
-        }
-      }
     }
   }
-
-  /**
-  * we now have valid, ldap authenticated username with an account authmapped to ldap_authentication.
-  * since user_external_login_register can't deal with user mail attribute and doesn't do much else, it is not
-  * being used here.
-  */
-
-  /**
-   * without doing the user_login_submit,
-   * [#1009990]
-   *
-   */
-  $fake_form_state = array('uid' => $account->uid);
-  user_login_submit(array(), $fake_form_state);
-  global $user;
-  $form_state['uid'] = $user->uid;
-  return $user;
-
 }
-
-
+    
 /**
  * get human readable authentication error string
  *
diff --git a/ldap_authentication/ldap_authentication.module b/ldap_authentication/ldap_authentication.module
index f262f26..0678c26 100644
--- a/ldap_authentication/ldap_authentication.module
+++ b/ldap_authentication/ldap_authentication.module
@@ -29,6 +29,11 @@ define('LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE',      3);
 define('LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW',        4);
 define('LDAP_AUTHENTICATION_EMAIL_FIELD_DEFAULT',      3);
 
+define('LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW',       2);
+define('LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE',       3);
+define('LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW',      4);
+define('LDAP_AUTHENTICATION_PASSWORD_FIELD_DEFAULT',    2);
+
 define('LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT',      1);
 define('LDAP_AUTHENTICATION_RESULT_FAIL_BIND',         2);
 define('LDAP_AUTHENTICATION_RESULT_FAIL_FIND',         3);
@@ -246,12 +251,25 @@ function ldap_authentication_show_reset_pwd($user = NULL) {
   }
 
   if ($user->uid == 0) {
-    // hide reset password for anonymous users if ldap only authentication, otherwise show
-    return ($auth_conf->authenticationMode != LDAP_AUTHENTICATION_EXCLUSIVE);
+    // hide reset password for anonymous users if ldap only authentication and password updates are disabled, otherwise show
+    if ($auth_conf->authenticationMode != LDAP_AUTHENTICATION_EXCLUSIVE) {
+      if ($auth_conf->passwordOption == LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) {
+        return TRUE;
+      }
+      return FALSE;
+    }
+    return TRUE;
   }
   else {
-    // authenticated user.  hide if ldap authenticated otherwise show.
-    return (!ldap_authentication_ldap_authenticated($user));
+    // authenticated user.  hide if ldap authenticated and updating password is
+    // not allowed, otherwise show.
+    if (ldap_authentication_ldap_authenticated($user)) {
+      if ($auth_conf->passwordOption == LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) {
+        return TRUE;
+      }
+      return FALSE;
+    }
+    return TRUE;
   }
 
 }
@@ -275,6 +293,21 @@ function ldap_authentication_form_user_pass_alter(&$form, $form_state) {
 }
 
 
+/**
+ * A validate handler on the login form. Check supplied username/password
+ * against local users table. If successful, $form_state['uid']
+ * is set to the matching user ID.
+ */
+function ldap_authentication_core_override_user_login_authenticate_validate($form, &$form_state) {
+  // No additional validation of user credentials is needed when
+  // $form_state['uid'] is set.
+  if (!empty($form_state['uid'])) {
+    return;
+  }
+  user_login_authenticate_validate($form, $form_state);
+}
+
+
 function ldap_authentication_user_pass_validate(&$form_state) {
   $name_or_mail = trim($form_state['name']['#value']);
   if ($account = user_load_by_mail($name_or_mail)) {
@@ -289,7 +322,15 @@ function ldap_authentication_user_pass_validate(&$form_state) {
       'account' => $account,
       'auth_conf' => ldap_authentication_get_valid_conf(),
     );
-    form_set_error('name', theme('ldap_authentication_user_pass_validate_ldap_authenticated', $vars));
+    $error = TRUE;
+    if (is_object($vars['auth_conf'])) {
+      if ($vars['auth_conf']->passwordOption == LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) {
+        $error = FALSE;
+      }
+    }
+    if (!empty($error)) {
+      form_set_error('name', theme('ldap_authentication_user_pass_validate_ldap_authenticated', $vars));
+    }
   }
 }
 
@@ -325,9 +366,9 @@ function ldap_authentication_form_user_login_block_alter(&$form, &$form_state) {
 /**
  * validate function for user logon forms.
  */
-function ldap_authentication_user_login_authenticate_validate($form, &$form_state) {
+function ldap_authentication_user_login_authenticate_validate($form, &$form_state, $return_user = FALSE) {
   ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
-  return _ldap_authentication_user_login_authenticate_validate($form_state);
+  return _ldap_authentication_user_login_authenticate_validate($form_state, $return_user);
 }
 
 
diff --git a/ldap_authentication/ldap_authentication.theme.inc b/ldap_authentication/ldap_authentication.theme.inc
index 500133e..15bd646 100644
--- a/ldap_authentication/ldap_authentication.theme.inc
+++ b/ldap_authentication/ldap_authentication.theme.inc
@@ -44,7 +44,7 @@ function theme_ldap_authentication_user_login_block_links($variables) {
  */
 function theme_ldap_authentication_user_pass_message($variables) {
   extract($variables);
-  if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+  if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE && $auth_conf->passwordOption != LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) {
     $msg = t('This page is only useful for the site administrator.  All other users
       need to reset their passwords');
     if ($auth_conf->ldapUserHelpLinkUrl) {
diff --git a/ldap_authentication/tests/ldap_authentication.test b/ldap_authentication/tests/ldap_authentication.test
index 30565e9..a606c50 100644
--- a/ldap_authentication/tests/ldap_authentication.test
+++ b/ldap_authentication/tests/ldap_authentication.test
@@ -6,7 +6,7 @@
  *
  */
 module_load_include('php', 'ldap_test', 'LdapTestCase.class');
-module_load_include('module', 'ldap_authentication', 'ldap_authentication');
+module_load_include('module', 'ldap_authentication');
 
 class LdapAuthenticationTestCase extends LdapTestCase {
   public static function getInfo() {
@@ -28,7 +28,8 @@ class LdapAuthenticationTestCase extends LdapTestCase {
     parent::setUp(array(
       'ldap_authentication',
       'ldap_authorization',
-      'ldap_authorization_drupal_role'
+      'ldap_authorization_drupal_role',
+      'ldap_test',
       )); // don't need any real servers, configured, just ldap_servers code base
     variable_set('ldap_simpletest', 2);
   }
@@ -63,7 +64,7 @@ class LdapAuthenticationTestCase extends LdapTestCase {
     $testid = 'MixedModeUserLogon3';
     $sids = array($sid);
     $this->prepTestData(
-      'hogwarts',
+      LDAP_TEST_LDAP_NAME,
       $sids,
       'provisionToDrupal',
       'MixedModeUserLogon3',
@@ -181,7 +182,7 @@ class LdapAuthenticationTestCase extends LdapTestCase {
     $testid = 'ExclusiveModeUserLogon3';
     $sids = array($sid);
     $this->prepTestData(
-      'hogwarts',
+      LDAP_TEST_LDAP_NAME,
       $sids,
       'ad_authentication',
       'ExclusiveModeUserLogon3',
@@ -330,7 +331,7 @@ class LdapAuthenticationTestCase extends LdapTestCase {
     $testid = 'SSOUserLogon3';
     $sids = array($sid);
     $this->prepTestData(
-      'hogwarts',
+      LDAP_TEST_LDAP_NAME,
       $sids,
       'ad_authentication',
       'SSOUserLogon'
@@ -655,13 +656,13 @@ class LdapAuthenticationTestCase extends LdapTestCase {
         module_exists('ldap_user') &&
         module_exists('ldap_servers') &&
         module_exists('ldap_authentication') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) > 0)
       );
     $this->assertTrue($setup_success, ' ldap_authentication UI setup successful',  $this->testId('user interface tests'));
 
     $sid = 'activedirectory1';
     $sids = array('activedirectory1');
-    $this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default');
+    $this->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default');
 
     $this->privileged_user = $this->drupalCreateUser(array(
       'administer site configuration',
diff --git a/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php b/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
index 79d0172..42079dc 100644
--- a/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
+++ b/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
@@ -169,6 +169,10 @@ class LdapAuthorizationConsumerAbstract {
     // method must be overridden
   }
 
+  public function authorizationDiff($initial, $current) {
+    return array_diff($initial, $current);
+  }
+
 
   /**
    * grant authorizations to a user
@@ -190,6 +194,7 @@ class LdapAuthorizationConsumerAbstract {
    */
 
   public function authorizationGrant(&$user, &$user_auth_data, $consumers, $ldap_entry = NULL, $user_save = TRUE) {
+    $this->filterOffPastAuthorizationRecords($user, $user_auth_data);
     $this->grantsAndRevokes('grant', $user, $user_auth_data, $consumers, $ldap_entry, $user_save);
   }
 
@@ -213,9 +218,31 @@ class LdapAuthorizationConsumerAbstract {
    */
 
   public function authorizationRevoke(&$user, &$user_auth_data, $consumers, $ldap_entry, $user_save = TRUE) {
+    $this->filterOffPastAuthorizationRecords($user, $user_auth_data);
     $this->grantsAndRevokes('revoke', $user, $user_auth_data, $consumers, $ldap_entry, $user_save);
   }
 
+
+
+  /**
+   * this is a function to clear off
+   */
+  public function filterOffPastAuthorizationRecords(&$user, &$user_auth_data, $time = NULL) {
+    if ($time != NULL || variable_get('ldap_help_user_data_clear', 0)) {
+      $clear_time = ($time) ? $time : variable_get('ldap_help_user_data_clear_set_date', 0);
+      if ($clear_time > 0 && $clear_time < time()) {
+        foreach ($user_auth_data as $consumer_id => $entry) {
+          if ($entry['date_granted'] < $clear_time) {
+            unset($user_auth_data[$consumer_id]);
+            if (isset($user->data['ldap_authorizations'][$this->consumerType][$consumer_id])) {
+              unset($user->data['ldap_authorizations'][$this->consumerType][$consumer_id]);
+            }
+          }
+        }
+      }
+    }
+  }
+
   /**
    * some authorization schemes such as organic groups, require a certain order.  implement this method
    * to sort consumer ids/authorization ids
@@ -255,7 +282,6 @@ class LdapAuthorizationConsumerAbstract {
 
     $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
     $this->sortConsumerIds($op, $consumers);
-
     $results = array();
     $watchdog_tokens = array();
     $watchdog_tokens['%username'] = $user->name;
@@ -283,13 +309,14 @@ class LdapAuthorizationConsumerAbstract {
           $results[$consumer_id] = TRUE;
           $user_auth_data[$consumer_id] = array(
             'date_granted' => time(),
-            'consumer_id' => $consumer_id,
+            'consumer_id_mixed_case' => $consumer_id,
           );
         }
         elseif (!$user_has_authorization && $consumer['exists']) {
           // grant case 2: consumer exists, but user is not member. grant authorization
-          $results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data);  // allow consuming module to add additional data to $user_auth_data
-          $user_auth_data[$consumer_id] = array(
+          $results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save);  // allow consuming module to add additional data to $user_auth_data
+          $existing = empty($user_auth_data[$consumer_id]) ? array() : $user_auth_data[$consumer_id];
+          $user_auth_data[$consumer_id] = $existing + array(
             'date_granted' => time(),
             'consumer_id_mixed_case' => $consumer_id,
           );
@@ -315,7 +342,7 @@ class LdapAuthorizationConsumerAbstract {
         if ($user_has_authorization) {
           // revoke case 1: user has authorization, revoke it.  revokeSingleAuthorization will remove $user_auth_data[$consumer_id]
           //debug("op=revoke, consumer_id=$consumer_id, calling revokeSingleAuthorization");
-          $results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data);  // defer to default for $user_save param
+          $results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save);  // defer to default for $user_save param
           $log .= t(',result=') . (boolean)($results[$consumer_id]);
         }
         elseif ($user_has_authorization_recorded)  {
@@ -337,6 +364,7 @@ class LdapAuthorizationConsumerAbstract {
       $watchdog_tokens['%consumer_ids_log'] = (count($consumer_ids_log)) ? join('<hr/>', $consumer_ids_log) : t('no actions');
     }
 
+   // debug("user->data and user_auth_data"); debug($user->data); debug($user_auth_data);
     if ($user_save) {
       $user = user_load($user->uid, TRUE);
       $user_edit = $user->data;
@@ -360,7 +388,7 @@ class LdapAuthorizationConsumerAbstract {
    * @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc.
    * @param mixed $consumer.  depends on type of consumer.  Drupal roles are strings, og groups are ??
    * @param array $user_auth_data array of $user data specific to this consumer type.
-   *   stored in $user->data['ldap_authorization'][<consumer_type>] array
+   *   stored in $user->data['ldap_authorizations'][<consumer_type>] array
    * @param boolean $reset signifying if caches associated with $consumer_id should be invalidated.
    *
    * return boolen TRUE on success, FALSE on fail.  If user save is FALSE, the user object will
@@ -368,7 +396,7 @@ class LdapAuthorizationConsumerAbstract {
    *   $user_auth_data should have successfully revoked consumer id removed
    */
 
-  public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) {
+  public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
      // method must be overridden
   }
 
@@ -384,7 +412,7 @@ class LdapAuthorizationConsumerAbstract {
    * @param boolean $reset signifying if caches associated with $consumer_id should be invalidated.
    *  @return boolean FALSE on failure or TRUE on success
    */
-  public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) {
+  public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
      // method must be overridden
   }
 
diff --git a/ldap_authorization/LdapAuthorizationConsumerConf.class.php b/ldap_authorization/LdapAuthorizationConsumerConf.class.php
index d1b6d87..589650c 100644
--- a/ldap_authorization/LdapAuthorizationConsumerConf.class.php
+++ b/ldap_authorization/LdapAuthorizationConsumerConf.class.php
@@ -99,34 +99,13 @@ class LdapAuthorizationConsumerConf {
         }
         else {
           $this->{$property_name} = $server_record->$db_field_name;
-
         }
       }
     }
     $this->numericConsumerConfId = isset($server_record->numeric_consumer_conf_id)? $server_record->numeric_consumer_conf_id : NULL;
     $this->server = ldap_servers_get_servers($this->sid, NULL, TRUE);
-
     return TRUE;
 
-   // $this->sid = $consumer_conf->sid;
-   // $this->consumerType = $consumer_conf->consumer_type;
-
-  //  $this->status = ($consumer_conf->status) ? 1 : 0;
-  //  $this->onlyApplyToLdapAuthenticated  = (@$consumer_conf->only_ldap_authenticated);
-
-  //  $this->useFirstAttrAsGroupId  = (@$consumer_conf->use_first_attr_as_groupid);
-
-   // $this->mappings = unserialize($consumer_conf->mappings);
-   // dpm($this->mappings); dpm($consumer_conf->mappings);
-  //  $this->useMappingsAsFilter = (@$consumer_conf->use_filter);
-
- //   $this->synchToLdap = (@$consumer_conf->synch_to_ldap);
- //   $this->synchOnLogon = (@$consumer_conf->synch_on_logon);
- //   $this->regrantLdapProvisioned = (@$consumer_conf->regrant_ldap_provisioned);
-  //  $this->revokeLdapProvisioned = (@$consumer_conf->revoke_ldap_provisioned);
-  //  $this->createConsumers = (@$consumer_conf->create_consumers);
-
-
   }
 
   // direct mapping of db to object properties
@@ -136,8 +115,8 @@ class LdapAuthorizationConsumerConf {
       'consumer_type' => 'consumerType',
       'numeric_consumer_conf_id'  => 'numericConsumerConfId' ,
       'status'  => 'status',
-      'only_ldap_authenticated'  => 'useFirstAttrAsGroupId',
-      'use_first_attr_as_groupid'  => 'address',
+      'only_ldap_authenticated'  => 'onlyApplyToLdapAuthenticated',
+      'use_first_attr_as_groupid'  => 'useFirstAttrAsGroupId',
       'mappings'  => 'mappings',
       'use_filter'  => 'useMappingsAsFilter',
       'synch_to_ldap' => 'synchToLdap',
diff --git a/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php b/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
index da3b200..6dd1b13 100644
--- a/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
+++ b/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
@@ -41,8 +41,14 @@ class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
           $values->$property = $value;
         }
       }
-      $values->export_type = ($this->numericConsumerConfId) ? EXPORT_IN_DATABASE : NULL;
-      $result = ctools_export_crud_save('ldap_authorization', $values);
+      try {
+        $values->export_type = NULL;
+        $result = ctools_export_crud_save('ldap_authorization', $values);
+      } catch (Exception $e) {
+        //  debug($e); Integrity constraint violation: 1062 Duplicate entry
+        $values->export_type = EXPORT_IN_DATABASE;
+        $result = ctools_export_crud_save('ldap_authorization', $values);
+      }
       ctools_export_load_object_reset('ldap_authorization'); // ctools_export_crud_save doesn't invalidate cache
     }
     else {
@@ -62,21 +68,6 @@ class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
       }
     }
 
-    // revert mappings to array and remove temporary properties from ctools export
-    //$this->mappings = $this->pipeListToArray($values->mappings, FALSE);
-    //foreach (array(
-    //  'consumer_type',
-    //  'consumer_module',
-    //  'only_ldap_authenticated',
-    //  'use_filter',
-    //  'synch_to_ldap',
-    //  'synch_on_logon',
-    //  'revoke_ldap_provisioned',
-    //  'create_consumers',
-    //  'regrant_ldap_provisioned'
-    //  ) as $prop_name) {
-    //  unset($this->{$prop_name});
-    //}
   }
 
   public $fields;
diff --git a/ldap_authorization/ldap_authorization.admin.test.inc b/ldap_authorization/ldap_authorization.admin.test.inc
index a3390e8..1090daa 100644
--- a/ldap_authorization/ldap_authorization.admin.test.inc
+++ b/ldap_authorization/ldap_authorization.admin.test.inc
@@ -113,8 +113,25 @@ function ldap_authorization_test_form($form, &$form_state, $consumer_type) {
        '#markup' => theme('item_list', array('items' => $_SESSION['ldap_authorization_test_query']['post mappings'], 'type' => 'ul', 'title' => "Results after any filtering and mappings applied")),
       );
     }
+
   }
 
+  if (isset($_SESSION['ldap_authorization_test_query']['setting_data'])) {
+    foreach ($_SESSION['ldap_authorization_test_query']['setting_data'] as $title => $data) {
+      $form[$title] = array(
+        '#type' => 'fieldset',
+        '#title' => $title,
+        '#collapsible' => TRUE,
+        '#collapsed' => TRUE,
+      );
+      $form[$title]['overview'] = array(
+       '#type' => 'item',
+       '#markup' => "<pre>" . print_r($data, TRUE) . "</pre>",
+      );
+    }
+  }
+
+
   $form['intro'] = array(
       '#type' => 'item',
       '#markup' => t('<h1>Test LDAP to !consumer_name Configuration</h1>
@@ -142,6 +159,21 @@ function ldap_authorization_test_form($form, &$form_state, $consumer_type) {
     '#title' => t('Use 10 random users', $consumer_tokens),
   );
 
+  $form['execute_authorizations'] = array(
+    '#type' => 'checkbox',
+    '#default_value' => @$_SESSION['ldap_authorization_test_form']['execute_authorizations'],
+    '#title' => t('Actually grant or revoke example authorizations.
+      This will grant and revoke based on the ldap authorization configuration
+      options such as whether to revoke or regrant manually applied authorizations.
+      Try with this unchecked first, then check to see how authorizations are applied.', $consumer_tokens),
+  );
+
+  $form['user_data_clear'] = array(
+    '#type' => 'checkbox',
+    '#default_value' => @$_SESSION['ldap_authorization_test_form']['user_data_clear'],
+    '#title' => t('Clear <pre>$user->data[ldap_authorization][<consumer type>]</pre> data for test users.', $consumer_tokens),
+  );
+
   $form['submit'] = array(
     '#type' => 'submit',
     '#value' => 'test',
@@ -209,14 +241,21 @@ function ldap_authorization_test_form_submit($form, &$form_state) {
           dpm("user: $username"); dpm($user);
         }
       }
-      list($results[$username], $notifications[$username]) = ldap_authorizations_user_authorizations($user, 'test_query', $consumer_type, 'logon');
+
+      if ($form_state['values']['user_data_clear'] == 1) {
+        $user_data = $user->data;
+        unset($user_data['ldap_authorizations'][$consumer_type]);
+        $user = user_save($user, array('data' => $user_data));
+      }
+
+      $action = ($form_state['values']['execute_authorizations'] == 1) ? "test_query_set" : 'test_query';
+      list($results[$username], $notifications[$username]) = ldap_authorizations_user_authorizations($user, $action, $consumer_type, 'logon');
       // remove authorizations from other consumer types
       $results[$username] = array($consumer_type => $results[$username][$consumer_type]);
       $i++;
       if ($i == 10) {
         break;
       }
-
     }
   }
 
diff --git a/ldap_authorization/ldap_authorization.inc b/ldap_authorization/ldap_authorization.inc
index 6fb1f14..6c3ed58 100644
--- a/ldap_authorization/ldap_authorization.inc
+++ b/ldap_authorization/ldap_authorization.inc
@@ -37,6 +37,7 @@ function ldap_authorization_help_watchdog() {  // remove after testing
  * @param string $op =
  *   set -- grant authorizations (store in db) and return authorizations
  *   test_query -- don't grant authorization, just query and return authorizations.  assume user is ldap authenticated and exists
+ *   test_query_set -- do grant authorizations, but also log data for debugging
  *   query -- don't grant authorization, just query and return authorizations
  *
  * @param string $consumer_type e.g. drupal_roles
@@ -83,17 +84,15 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
   /**
    * determine if user is ldap authenticated
    */
-  if ($context == 'test_if_authorizations_granted' || ($op == 'test_query' && @$user->ldap_test == TRUE)) {
+  if ($context == 'test_if_authorizations_granted' || (($op == 'test_query_set' || $op == 'test_query') && @$user->ldap_test == TRUE)) {
     $ldap_authenticated = $user->ldap_authenticated;  // property 'ldap_authenticated' only exists for fake user objects submitted from testing form
   }
   else {
     $ldap_authenticated = (boolean)(module_exists('ldap_authentication') && ldap_authentication_ldap_authenticated($user));
   }
- // debug("_ldap_authorizations_user_authorizations" . $user->name .",ldap_authenticated=$ldap_authenticated");
   $watchdog_tokens['%ldap_authenticated'] = ($ldap_authenticated) ? 'yes' : 'no';
 
   foreach ($consumers as $consumer_type => $consumer) {
-  //  dpm($consumer);
     $authorizations[$consumer_type] = array();
     /**
     * each consumer type has only one consumer conf and each consumer conf has only one ldap server id (sid)
@@ -104,9 +103,7 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
     *
     */
 
-
     $consumer = ldap_authorization_get_consumer_object($consumer_type);
-   // debug("$consumer_type consumer->consumerConf->status"); debug($consumer->consumerConf->status); //$debug = TRUE;
     if (!$consumer->consumerConf->status) {
       continue;
     }
@@ -128,9 +125,9 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
     }
     if ($debug) {
       debug(t('%username : testing with consumer type %consumer_type. ldap authenticated=%ldap_authenticated'), $watchdog_tokens);
+      debug("op=$op,ldap_authenticated=$ldap_authenticated $consumer_type context=$context, consumer->consumerConf->synchOnLogon=". (int)$consumer->consumerConf->synchOnLogon); //$debug = TRUE;
     }
-   // dpm("context=$context,ldap_authenticated=$ldap_authenticated");
- //   debug("op=$op,ldap_authenticated=$ldap_authenticated $consumer_type context=$context, consumer->consumerConf->synchOnLogon=". (int)$consumer->consumerConf->synchOnLogon); //$debug = TRUE;
+
     if ($context == 'logon' && !$consumer->consumerConf->synchOnLogon) {
       $notifications[$consumer_type][] = LDAP_AUTHORIZATION_MAP_NOT_CONF_FOR_LOGON;
       if ($detailed_watchdog_log) {
@@ -139,7 +136,7 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
       continue;
     }
 
-    if ($consumer->consumerConf->onlyApplyToLdapAuthenticated && !$ldap_authenticated  && $op != 'test_query') {
+    if ($consumer->consumerConf->onlyApplyToLdapAuthenticated && !$ldap_authenticated  && $op != 'test_query' && $op != 'test_query_set') {
       if ($detailed_watchdog_log) {
         watchdog('ldap_authorization', '%username : not used because it is set to be applied only to ldap authenticated users.
             %username  is not ldap authenticated.', $watchdog_tokens, WATCHDOG_DEBUG);
@@ -183,6 +180,7 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
     /** make sure keys of array are lower case and values are mixed case
       and strip to first attribute is configured
     */
+
     foreach ($proposed_ldap_authorizations as $key => $authorization_id) {
       if ($consumer->consumerConf->useFirstAttrAsGroupId) {
         $attr_parts = ldap_explode_dn($authorization_id, 0);
@@ -192,14 +190,18 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
             $authorization_id = ldap_pear_unescape_dn_value(trim($first_part[1]));
           }
         }
+        $new_key = drupal_strtolower($authorization_id);
       }
-      $proposed_ldap_authorizations[drupal_strtolower($key)] = $authorization_id;
-      if ($key != drupal_strtolower($key)) {
+      else {
+        $new_key = drupal_strtolower($key);
+      }
+      $proposed_ldap_authorizations[$new_key] = $authorization_id;
+      if ($key != $new_key) {
         unset($proposed_ldap_authorizations[$key]);
       }
     }
 
-    if ($op == 'test_query') {
+    if ($op == 'test_query' || $op == 'test_query_set') {
       $_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'] = $proposed_ldap_authorizations;
     }
 
@@ -216,8 +218,6 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
         $watchdog_tokens));
     }
 
-
-
     /**
      * 2.  filter can be both a whitelist and a mapping of an ldap results to an authorization id.
      * goal of this step is to generate $filtered_ldap_authorizations[$consumer_type]
@@ -225,7 +225,6 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
      */
 
     $filtered_ldap_authorizations = array();
-
     if ($consumer->consumerConf->useMappingsAsFilter) { // filter + map
       foreach ($consumer->consumerConf->mappings as $mapping_filter) {
         $map_from = $mapping_filter['from'];
@@ -239,9 +238,6 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
       $_authorizations = array_values($proposed_ldap_authorizations);
       if (is_array($consumer->consumerConf->mappings) && is_array($proposed_ldap_authorizations)) {
         foreach ($consumer->consumerConf->mappings as $mapping_filter) {
-          if (!isset($mapping_filter['from'])) {
-            //debug('unset mapping'); debug($mapping_filter); debug('all mappings');  debug($consumer->consumerConf->mappings);
-          }
           $map_from = $mapping_filter['from'];
           $map_to = $mapping_filter['normalized'];
           $map_from_key = array_search(drupal_strtolower($map_from), array_keys($proposed_ldap_authorizations));
@@ -265,7 +261,6 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
     }
 
     $consumer->populateConsumersFromConsumerIds($filtered_ldap_authorizations, $consumer->consumerConf->createConsumers); // set values of $filtered_ldap_authorizations to consumers
-
     /**
      * now that we have list of consumers that are to be granted, give other modules a chance to alter it
      *
@@ -277,6 +272,7 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
       'ldap_server' => $ldap_server,
       'consumer' => $consumer,
     );
+
     drupal_alter('ldap_authorization_authorizations', $filtered_ldap_authorizations, $params);
 
     $watchdog_tokens['%filtered_ldap_authorizations'] = join(', ', array_keys($filtered_ldap_authorizations));
@@ -289,23 +285,26 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
         $watchdog_tokens));
     }
 
-    if ($op == 'test_query') {
+    if ($op == 'test_query' || $op == 'test_query_set') {
       $display_authorizations = array();
-      foreach ($filtered_ldap_authorizations as $consumer_id => $consumer) {
-        $display_authorizations[] = $consumer['map_to_string'];
+      foreach ($filtered_ldap_authorizations as $consumer_id => $_consumer) {
+        $display_authorizations[] = $_consumer['map_to_string'];
       }
       $_SESSION['ldap_authorization_test_query']['post mappings'] = $display_authorizations;
+      $data = property_exists($user, 'data') ? $user->data['ldap_authorizations'][$consumer->consumerType] : array();
+      $_SESSION['ldap_authorization_test_query']['user data'] = $data;
     }
 
     /**
      * 3. third, grant any proposed authorizations not already granted
      */
 
-    if ($op == 'test_query') {
+    if ($op == 'test_query' || $op == 'test_query_set') {
       $_SESSION['ldap_authorization_test_query']['tokens'] = $watchdog_tokens;
     }
-    if ($op == 'set') {
-      _ldap_authorizations_user_authorizations_set($user, $consumer, $filtered_ldap_authorizations, $ldap_user, $watchdog_tokens);
+    if ($op == 'set' || $op == "test_query_set") {
+      $test = ($op == "test_query_set");
+      _ldap_authorizations_user_authorizations_set($user, $consumer, $filtered_ldap_authorizations, $ldap_user, $watchdog_tokens, $test);
     }
 
     $authorizations[$consumer_type] = $filtered_ldap_authorizations;
@@ -327,7 +326,7 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
  * returns nothing
  */
 
-function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filtered_ldap_authorizations, &$ldap_entry, $watchdog_tokens) {
+function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filtered_ldap_authorizations, &$ldap_entry, $watchdog_tokens, $test) {
 
   $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
   ldap_authorization_cleanse_empty_og_fields($user);
@@ -346,19 +345,28 @@ function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filter
     $initial_existing_ldap_authorizations = array();
   }
 
+  if ($test) {
+    $_SESSION['ldap_authorization_test_query']['setting_data']['Pre Grant/Revokes $user->data[ldap_authorizations][' . $consumer->consumerType. ']'] = $user_auth_data;
+    $_SESSION['ldap_authorization_test_query']['setting_data']['Pre Grant/Revokes authorizations user has'] = $consumer->usersAuthorizations($user);
+  }
+
   $watchdog_tokens['%initial'] = join(', ', $initial_existing_ldap_authorizations);
   $watchdog_tokens['%filtered_ldap_authorizations'] = join(', ', array_keys($filtered_ldap_authorizations));
    /**
    * B. if regrantLdapProvisioned is false, $grants_lcase array should only be new authorizations
    */
 
-  if ($consumer->consumerConf->regrantLdapProvisioned === FALSE) {
+  if (!$consumer->consumerConf->regrantLdapProvisioned) {
     // if regranting disabled, filter off previously granted roles
     $grants = array_diff(array_keys($filtered_ldap_authorizations), $initial_existing_ldap_authorizations);
+    if ($test) {
+      $_SESSION['ldap_authorization_test_query']['setting_data']['Grants after regrantLdapProvisioned filter'] = $grants;
+    }
   }
   else {
     $grants = array_keys($filtered_ldap_authorizations);
   }
+
   $watchdog_tokens['%grants1'] = join(', ', $grants);
 
    /**
@@ -378,6 +386,7 @@ function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filter
   $consumer->authorizationGrant($user, $user_auth_data, $existing_grants, $ldap_entry, FALSE);
   $watchdog_tokens['%user_auth_data_post_grants'] = print_r($user_auth_data, TRUE);
   $watchdog_tokens['%user_data_post_grants'] = print_r($user->data, TRUE);
+
   /**
    *  3.F take away any authorizations not in proposed authorization,
    *      but previously granted by ldap
@@ -385,8 +394,7 @@ function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filter
   $watchdog_tokens['%revokes'] = t('none');
 
   if ($consumer->consumerConf->revokeLdapProvisioned) {
-    $revokes_lcase = array_diff($initial_existing_ldap_authorizations, array_keys($filtered_ldap_authorizations));
-
+    $revokes_lcase = $consumer->authorizationDiff($initial_existing_ldap_authorizations, array_keys($filtered_ldap_authorizations));
     if (count($revokes_lcase)) {
       $revokes = array(); // keys are lcase, values are mixed case
       foreach ($revokes_lcase as $i => $revoke_lcase) {
@@ -396,6 +404,9 @@ function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filter
           'exists' => TRUE,
         );
       }
+      if ($test) {
+        $_SESSION['ldap_authorization_test_query']['setting_data']['Revokes'] = $revokes;
+      }
       $consumer->authorizationRevoke($user, $user_auth_data, $revokes, $ldap_entry, FALSE);
       $watchdog_tokens['%revokes'] = join(', ', array_keys($revokes));
     }
@@ -410,6 +421,9 @@ function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filter
    */
 
   $uid = $user->uid;
+  $user_edit = array('data' => $user->data);
+  $user_edit['data']['ldap_authorizations'] = empty($user->data['ldap_authorizations']) ? array() : $user->data['ldap_authorizations'];
+  $consumer->sortConsumerIds('grant', $user_auth_data);  // keep in good display order
   $user_edit['data']['ldap_authorizations'][$consumer->consumerType] = $user_auth_data;
   $watchdog_tokens['%user_edit_presave'] = print_r($user_edit, TRUE);
   $user = user_save($user, $user_edit);
@@ -439,6 +453,11 @@ function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filter
       $watchdog_tokens, WATCHDOG_DEBUG);
   }
 
+  if ($test) {
+    $_SESSION['ldap_authorization_test_query']['setting_data']['Post Grant/Revokes authorizations user has'] = $consumer->usersAuthorizations($user);
+    $_SESSION['ldap_authorization_test_query']['setting_data']['Post Grant/Revokes $user->data[ldap_authorizations][' . $consumer->consumerType. ']'] = $user->data['ldap_authorizations'][$consumer->consumerType];
+  }
+
 }
 
 function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) {
@@ -454,19 +473,20 @@ function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_e
   else {
     $derive_from_dn_authorizations = array();
   }
-  if ($op == 'test_query') {
+  if ($op == 'test_query' || $op == 'test_query_set') {
     $_SESSION['ldap_authorization_test_query']['maps']['Derive from DN'] = ($rdn_values) ? $derive_from_dn_authorizations : t('disabled');
   }
 
   // traditional groups (dns)
   $group_dns = $consumer_conf->server->groupMembershipsFromUser($user, 'group_dns');
+ // debug("groupMembershipsFromUser, group_dns"); debug($group_dns);
   if (!$group_dns) {
     $group_dns = array();
   }
   elseif (count($group_dns)) {
     $group_dns = array_unique($group_dns);
   }
-  if ($op == 'test_query') {
+  if ($op == 'test_query' || $op == 'test_query_set') {
     $_SESSION['ldap_authorization_test_query']['maps']['Groups DNs'] = $group_dns;
   }
 
diff --git a/ldap_authorization/ldap_authorization.install b/ldap_authorization/ldap_authorization.install
index ae3cfe1..9af28ec 100644
--- a/ldap_authorization/ldap_authorization.install
+++ b/ldap_authorization/ldap_authorization.install
@@ -100,7 +100,7 @@ function ldap_authorization_schema() {
 
   module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
   module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
-  
+
   $fields = LdapAuthorizationConsumerConfAdmin::fields();
   foreach ($fields as $name => $props) {
     if (isset($props['schema'])) {
@@ -352,8 +352,12 @@ function ldap_authorization_update_7203() {
   $schema = ldap_authorization_schema();
   $field_schema = $schema['ldap_authorization']['fields']['use_first_attr_as_groupid'];
   if (db_field_exists('ldap_authorization', 'useFirstAttrAsGroupId')) {
-    db_change_field('ldap_authorization', 'useFirstAttrAsGroupId', 'use_first_attr_as_groupid', $field_schema);
+    if (db_field_exists('ldap_authorization', 'use_first_attr_as_groupid')) {
+      db_drop_field('ldap_authorization', 'useFirstAttrAsGroupId');
+    }
+    else {
+      db_change_field('ldap_authorization', 'useFirstAttrAsGroupId', 'use_first_attr_as_groupid', $field_schema);
+    }
   }
 
-
 }
\ No newline at end of file
diff --git a/ldap_authorization/ldap_authorization.module b/ldap_authorization/ldap_authorization.module
index 39ba3c4..0faa848 100644
--- a/ldap_authorization/ldap_authorization.module
+++ b/ldap_authorization/ldap_authorization.module
@@ -90,7 +90,6 @@ function ldap_authorization_menu() {
  * Implements hook_user_login() login operation.
  */
 function ldap_authorization_user_login(&$edit, $user) {
-
   list($authorizations, $notifications) = ldap_authorizations_user_authorizations($user, 'set', NULL, 'logon');
   if (variable_get('ldap_help_watchdog_detail', FALSE)) {
     foreach ($authorizations as $consumer_type => $authorization_ids) {
@@ -98,10 +97,6 @@ function ldap_authorization_user_login(&$edit, $user) {
       watchdog('ldap_authentication', 'ldap_authorization_user_login.authorizations' . $ul , array(), WATCHDOG_DEBUG);
     }
   }
-
-
- // dpm('ldap_authorization_user_login'); dpm($user); dpm($authorizations);
-
 }
 
 /**
@@ -140,10 +135,8 @@ function ldap_authorization_ldap_server_in_use($sid, $server_name) {
  * Implements hook_ldap_attributes_needed_alter().
  */
 function ldap_authorization_ldap_attributes_needed_alter(&$attribute_maps, $params) {
- // dpm('ldap_authorization_ldap_attributes_needed_alter'); dpm($params);
 
   if (isset($params['ldap_context'])) {
-    //  'ldap_authorization__' . $consumer_type
     $parts = explode('__', $params['ldap_context']);
     if (count($parts) == 2 && $parts[0] == 'ldap_authorization') {
       $consumer_type = $parts[1];
@@ -154,7 +147,6 @@ function ldap_authorization_ldap_attributes_needed_alter(&$attribute_maps, $para
           $attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); //array($attribute_name, 0, NULL);
         }
       }
-     // dpm('ldap_authorization_ldap_attributes_needed_alter, consumer_conf'); dpm($consumer_conf); dpm($attribute_maps);
     }
   }
 
@@ -251,7 +243,7 @@ function ldap_authorization_get_consumers($consumer_type = NULL, $reset = FALSE,
  * so it can be called from a batch synchronization process for example
  *
  * @param drupal user object $user
- * @param string $op indicateing operation such as query, set, test_query, etc.
+ * @param string $op indicating operation such as query, set, test_query, etc.
  * @param string $consumer_type e.g. drupal_role, or og_groups
  * @param string $context
  *
diff --git a/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php b/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php
index d6a2dd6..104a0fb 100644
--- a/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php
+++ b/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php
@@ -55,6 +55,7 @@ class LdapAuthorizationConsumerDrupalRole extends LdapAuthorizationConsumerAbstr
       return FALSE;
     }
     else {
+      $roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); // flush existingRolesByRoleName cache after creating new role
       watchdog('user', 'created drupal role %role in ldap_authorizations module', array('%role' => $new_role->name));
     }
     return TRUE;
@@ -95,7 +96,7 @@ class LdapAuthorizationConsumerDrupalRole extends LdapAuthorizationConsumerAbstr
   }
 
 
-  public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) {
+  public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
 
     $role_name_lcase = $consumer_id;
     $role_name = empty($consumer['value']) ? $consumer_id : $consumer['value'];
@@ -135,12 +136,11 @@ class LdapAuthorizationConsumerDrupalRole extends LdapAuthorizationConsumerAbstr
    * extends grantSingleAuthorization()
    */
 
-  public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) {
+  public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
 
     $role_name_lcase = $consumer_id;
     $role_name = empty($consumer['value']) ? $consumer_id : $consumer['value'];
     $rid = $this->getDrupalRoleIdFromRoleName($role_name);
-
     if (is_null($rid)) {
       watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.grantSingleAuthorization()
       failed to grant %username the role %role_name because role does not exist',
diff --git a/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php b/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php
index bb6d1ad..1c9aaa0 100644
--- a/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php
+++ b/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php
@@ -8,14 +8,20 @@
  *
  */
 
-module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
+if (function_exists('ldap_servers_module_load_include')) {
+  ldap_servers_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
+}
+else {
+  module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
+}
 
 class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
 
   public $consumerType = 'og_group';
   public $allowConsumerObjectCreation = FALSE;
   public $ogVersion = NULL; // 1, 2, etc.
-
+  public $defaultMembershipRid;
+  public $anonymousRid;
   public $defaultConsumerConfProperties = array(
       'onlyApplyToLdapAuthenticated' => TRUE,
       'useMappingsAsFilter' => TRUE,
@@ -26,45 +32,41 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
       );
 
   function __construct($consumer_type) {
+
     $this->ogVersion = ldap_authorization_og_og_version();
+    if ($this->ogVersion == 1) {
+      $this->defaultMembershipRid = ldap_authorization_og1_role_name_to_role_id(OG_AUTHENTICATED_ROLE);
+      $this->anonymousRid = ldap_authorization_og1_role_name_to_role_id(OG_ANONYMOUS_ROLE);
+    }
+    else {
+      //@todo these properties are not used in ldap og 2, but when they are their derivation needs to be examined and tested
+      // as they may be per entity rids, not global.
+      $this->defaultMembershipRid = NULL; // ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
+      $this->anonymousRid = NULL; //ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
+    }
+
     $params = ldap_authorization_og_ldap_authorization_consumer();
     parent::__construct('og_group', $params['og_group']);
   }
 
+  public function og1ConsumerIdParts($consumer_id) {
+    if (!is_scalar($consumer_id)) {
+      return array(NULL, NULL);
+    }
+    $parts = explode('-', $consumer_id);
+    return (count($parts) != 2) ? array(NULL, NULL) : $parts;
+  }
+
   /**
    * @see LdapAuthorizationConsumerAbstract::createConsumer
+   *
+   * this function is not implemented for og, but could be
+   * if a use case for generating og groups and roles on the
+   * fly existed.
    */
 
   public function createConsumer($consumer_id, $consumer) {
-
-    list($entity_type, $group_name, $rid) = explode(':', $consumer_id);
-
-    $group = @ldap_authorization_og2_get_group_from_name($entity_type, $group_name);
-    if ($group) {
-      return FALSE;
-    }
-
-    // create og group with name of $group_name of entity type $entity_type
-    $entity_info = entity_get_info($entity_type);
-
-    $new_group_created = FALSE;
-
-    /**
-     *
-     * @todo
-     * need to create new entity with title of $group_name here
-     *
-     */
-
-    if ($new_group_created === FALSE) {
-      // if role is not created, remove from array to user object doesn't have it stored as granted
-      watchdog('user', 'failed to create og group %group_name in ldap_authorizations module', array('%group_name' => $group_name));
-      return FALSE;
-    }
-    else {
-      watchdog('user', 'created  og group %group_name in ldap_authorizations module', array('%group_name' => $group_name));
-    }
-    return TRUE;
+    return FALSE;
   }
 
   /**
@@ -76,11 +78,9 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
     if ($this->ogVersion == 2) {
       $group_entity_types = og_get_all_group_bundle();
       foreach ($mappings as $i => $mapping) {
-
         $from = $mapping[0];
         $to = $mapping[1];
         $to_parts = explode('(raw: ', $to);
-
         $user_entered = $to_parts[0];
         $new_mapping = array(
           'from' => $from,
@@ -139,7 +139,7 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
         }
         else {
           $role_id = is_numeric($role) ? $role : ldap_authorization_og2_rid_from_role_name($entity_type, $group_entity->type, $group_entity_id, $role);
-          $roles = og_roles($entity_type,  $group_entity->type, 0, FALSE, TRUE);
+          $roles = og_roles($entity_type,  isset($group_entity->type) ? $group_entity->type : NULL, 0, FALSE, TRUE);
           $role_name = is_numeric($role) ? $roles[$role] : $role;
           $to_normalized = join(':', array($entity_type, $group_entity_id, $role_id));
           $to_simplified = ($to_simplified) ? $to_simplified . ':' . $role_name : $to_normalized;
@@ -159,11 +159,9 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
 
 
         }
-       // dpm("convert $to, to: $to_simplified ($to_normalized)");
 
         $new_mappings[] = $new_mapping;
       }
-    //  dpm($new_mappings);
     }
     else { // og 1
       foreach ($mappings as $i => $mapping) {
@@ -193,7 +191,7 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
           $new_mapping['error_message'] = $incorrect_syntax;
           continue;
         }
-        $new_mapping['simplified'] = $group_target_and_value;
+
         list($group_target, $group_target_value) = $group_target_and_value;
 
         $role_target_and_value = explode('=', $targets[1]);
@@ -204,6 +202,8 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
         }
         list($role_target, $role_target_value) = $role_target_and_value;
 
+
+        $og_group = FALSE;
         if ($group_target == 'gid') {
           $gid = $group_target_value;
         }
@@ -232,25 +232,29 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
             $entities = array_keys($result[$entity_type]);
             $gid = ldap_authorization_og1_entity_id_to_gid($entities[0]);
           }
+
+        }
+        if (!$og_group && $gid) {
+          $og_group = og_load($gid);
         }
 
+
         if ($role_target == 'rid') {
+          $role_name = ldap_authorization_og1_role_name_from_rid($role_target_value);
           $rid = $role_target_value;
         }
         elseif ($role_target == 'role-name') {
           $rid = ldap_authorization_og_rid_from_role_name($role_target_value);
+          $role_name = $role_target_value;
         }
 
-        if ($gid && $rid) {
-          $new_mapping['normalized'] = ldap_authorization_og_authorization_id($gid, $rid);
-        }
-        else {
-          $new_mappings['normalized'] = FALSE;
-        }
+        $new_mapping['simplified'] = $og_group->label . ', '. $role_name;
+        $new_mapping['normalized'] = ($gid && $rid) ? ldap_authorization_og_authorization_id($gid, $rid) : FALSE;
+
         $new_mappings[] = $new_mapping;
       }
-    }
 
+    }
     return $new_mappings;
   }
 
@@ -263,10 +267,10 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
 
   public function sortConsumerIds($op, &$consumers) {
     if ($op == 'revoke') {
-      arsort($consumers, SORT_STRING);
+      krsort($consumers, SORT_STRING);
     }
     else {
-      asort($consumers, SORT_STRING);
+      ksort($consumers, SORT_STRING);
     }
   }
 
@@ -275,19 +279,20 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
    */
 
   public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) {
-    //debug('populateConsumersFromConsumerIds'); debug($consumers);
+
     // generate a query for all og groups of interest
     $gids = array();
     foreach ($consumers as $consumer_id => $consumer) {
       if (ldap_authorization_og_og_version() == 1) {
-        list($gid, $rid) = explode('-', $consumer_id);
+        list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
         $gids[] = $gid;
       }
       else  {
         //debug("populateConsumersFromConsumerIds.consumer_id=$consumer_id");
         list($entity_type, $gid, $rid) = explode(':', $consumer_id);
+        $gids[$entity_type][] = $gid;
       }
-      $gids[$entity_type][] = $gid;
+
     }
     if (ldap_authorization_og_og_version() == 1) {
       $og_group_entities = og_load_multiple($gids);
@@ -300,7 +305,7 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
 
     foreach ($consumers as $consumer_id => $consumer) {
       if (ldap_authorization_og_og_version() == 1) {
-        list($gid, $rid) = explode('-', $consumer_id);
+        list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
         $consumer['exists'] = isset($og_group_entities[$gid]);
         if ($consumer['exists']) {
           $consumer['value'] = $og_group_entities[$gid];
@@ -341,30 +346,251 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
   }
 
 
-
-
   public function hasAuthorization(&$user, $consumer_id) {
 
     if ($this->ogVersion == 1) {
-      list($gid, $rid) = @explode('-', $consumer_id);
-      $roles = og_get_user_roles($gid, $uid);
-      $result = (!empty($roles[$rid]));
+      $result = FALSE;
+      list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
+      return ldap_authorization_og1_has_membership($gid, $user->uid) && ldap_authorization_og1_has_role($gid, $user->uid, $rid);
     }
     else {
-      $result = ldap_authorization_og2_has_consumer_id($consumer_id, $user->uid);
+      return ldap_authorization_og2_has_consumer_id($consumer_id, $user->uid);
     }
-    return $result;
   }
 
   public function flushRelatedCaches($consumers = NULL) {
     if ($this->ogVersion == 1) { // og 7.x-1.x
-      og_invalidate_cache();
+      og_group_membership_invalidate_cache();
+      if ($consumers) {
+        $gids_to_clear_cache = array();
+        foreach ($consumers as $i => $consumer_id) {
+          list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
+          $gids_to_clear_cache[$gid] = $gid;
+        }
+        og_invalidate_cache(array_keys($gids_to_clear_cache));
+      }
+      else {
+        og_invalidate_cache();
+      }
     }
     else { // og 7.x-2.x
       og_invalidate_cache(); //gids could be passed in here, but not implemented within og
     }
   }
 
+ /**
+   * @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids
+   * @param drupal user object $object
+   * @param array $user_auth_data is array specific to this consumer_type.  Stored at $user->data['ldap_authorizations'][<consumer_type>]
+   * @param $consumers as associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds
+   * @param array $ldap_entry, when available user's ldap entry.
+   * @param boolean $user_save indicates is user data array should be saved or not.  this depends on the implementation calling this function
+   */
+  public function authorizationDiff($existing, $desired) {
+    if ($this->ogVersion != 1) {
+      return parent::authorizationDiff($existing, $desired);
+    }
+
+    /**
+     * for og 1.5, goal is not to recognize X-2 consumer ids if X-N exist
+     * since X-2 consumer ids are granted as a prerequisite of X-N
+     */
+
+    $diff = array_diff($existing, $desired);
+    $desired_group_ids = array();
+    foreach ($desired as $i => $consumer_id) {
+      list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
+      $desired_group_ids[$gid] = TRUE;
+    }
+    foreach ($diff as $i => $consumer_id) {
+      list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
+      // if there are still roles in this group that are desired, do
+      // not remove default mambership role id
+      if ($rid == $this->defaultMembershipRid && !empty($desired_group_ids[$gid])) {
+        unset($diff[$i]);
+      }
+    }
+   // dpm("diff"); dpm($diff); dpm("existing"); dpm($existing);  dpm("desired"); dpm($desired); dpm("final diff"); dpm($diff);
+    return $diff;
+  }
+
+  protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) {
+    //dpm("grantsAndRevokes, op=$op, user_save=$user_save"); dpm($user_auth_data); dpm($consumers);
+    if ($this->ogVersion != 1) { // only override for og 7.x-1.x
+      parent::grantsAndRevokes($op, $user, $user_auth_data, $consumers, $ldap_entry, $user_save);
+      return;
+    }
+    $user_save = TRUE; // override for og 1.5
+    if (!is_array($user_auth_data)) {
+      $user_auth_data = array();
+    }
+
+    $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+    $this->sortConsumerIds($op, $consumers);
+
+    $results = array();
+    $watchdog_tokens = array();
+    $watchdog_tokens['%username'] = $user->name;
+    $watchdog_tokens['%action'] = $op;
+    $watchdog_tokens['%user_save'] = $user_save;
+
+    /**
+     * get authorizations that exist, regardless of origin or ldap_authorization $user->data
+     * in form $users_authorization_consumer_ids = array('3-2', '3,3', '4-2')
+     */
+    $users_authorization_consumer_ids = $this->usersAuthorizations($user);
+
+    $watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_consumer_ids);
+    if ($detailed_watchdog_log) {
+      watchdog('ldap_authorization', "on call of grantsAndRevokes: user_auth_data=" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
+    }
+
+    /**
+     * step #1:  generate $og_actions = array of form $og_actions['revokes'|'grants'][$gid] = $rid
+     *  based on all consumer ids granted and revokes
+     */
+    $og_actions = array('grants' => array(), 'revokes' => array());
+    //dpm('consumers');dpm($consumers); dpm('users_authorization_consumer_ids'); dpm($users_authorization_consumer_ids);
+    foreach ($consumers as $consumer_id => $consumer) {
+      if ($detailed_watchdog_log) {
+        watchdog('ldap_authorization', "consumer_id=$consumer_id, user_save=$user_save, op=$op", $watchdog_tokens, WATCHDOG_DEBUG);
+      }
+
+      $user_has_authorization = in_array($consumer_id, $users_authorization_consumer_ids); // does user already have authorization ?
+      $user_has_authorization_recorded = isset($user_auth_data[$consumer_id]);  // is authorization attribute to ldap_authorization_og in $user->data ?
+      list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
+      if ($rid == $this->anonymousRid) {
+        continue;
+      }
+
+      /** grants **/
+      if ($op == 'grant') {
+        if ($user_has_authorization && !$user_has_authorization_recorded) {
+        // grant case 1: authorization id already exists for user, but is not ldap provisioned.  mark as ldap provisioned, but don't regrant
+          $results[$consumer_id] = TRUE;
+          $user_auth_data[$consumer_id] = array(
+            'date_granted' => time(),
+            'consumer_id_mixed_case' => $consumer_id,
+          );
+        }
+        elseif (!$user_has_authorization && $consumer['exists']) {
+        // grant case 2: consumer exists, but user is not member. grant authorization
+          $og_actions['grants'][$gid][] = $rid;
+        }
+        elseif ($consumer['exists'] !== TRUE) {
+        // grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes
+          $results[$consumer_id] = FALSE;
+        }
+        elseif ($consumer['exists'] === TRUE) {
+        // grant case 4: consumer exists and user has authorization recorded. do nothing
+          $results[$consumer_id] = TRUE;
+        }
+        else {
+        // grant case 5: $consumer['exists'] has not been properly set before calling function
+          $results[$consumer_id] = FALSE;
+          watchdog('ldap_authorization', "grantsAndRevokes consumer[exists] not properly set. consumer_id=$consumer_id, op=$op, username=%username", $watchdog_tokens, WATCHDOG_ERROR);
+        }
+      }
+      /** revokes **/
+      elseif ($op == 'revoke') {
+        if ($user_has_authorization) {
+          // revoke case 1: user has authorization, revoke it.  revokeSingleAuthorization will remove $user_auth_data[$consumer_id]
+          $og_actions['revokes'][$gid][] = $rid;
+        }
+        elseif ($user_has_authorization_recorded)  {
+          // revoke case 2: user does not have authorization, but has record of it. remove record of it.
+          unset($user_auth_data[$consumer_id]);
+          $results[$consumer_id] = TRUE;
+        }
+        else {
+          // revoke case 3: trying to revoke something that isn't there
+          $results[$consumer_id] = TRUE;
+        }
+      }
+      if ($detailed_watchdog_log) {
+        watchdog('ldap_authorization', "user_auth_data after consumer $consumer_id" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
+      }
+    }
+
+    /**
+     * Step #2: from array of form:  $og_actions['grants'|'revokes'][$gid][$rid]
+     * - generate $user->data['ldap_authorizations'][<consumer_id>]
+     * - remove and grant og memberships
+     * - remove and grant og roles
+     */
+    //dpm("og_actions"); dpm($og_actions); dpm("user_auth_data"); dpm($user_auth_data);
+
+    // grants
+    foreach ($og_actions['grants'] as $gid => $rids) {
+      $existing_roles = og_get_user_roles($gid, $user->uid);
+      if (!in_array($this->defaultMembershipRid, array_values($existing_roles))) {
+        $user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][] = array('gid' => $gid);
+        og_entity_presave($user, 'user');
+        $consumer_id = ldap_authorization_og_authorization_id($gid, $this->defaultMembershipRid);
+        $user_auth_data[$consumer_id] = array(
+          'date_granted' => time(),
+          'consumer_id_mixed_case' => $consumer_id,
+        );
+      }
+      foreach ($rids as $rid) {
+        if ($rid != $this->defaultMembershipRid && $rid != $this->anonymousRid) {
+          og_role_grant($gid, $user->uid, $rid);
+          $consumer_id = ldap_authorization_og_authorization_id($gid, $rid);
+          $user_auth_data[$consumer_id] = array(
+            'date_granted' => time(),
+            'consumer_id_mixed_case' => $consumer_id,
+            );
+        }
+      }
+    }
+
+    // revokes
+    $group_audience_gids = empty($user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE]['gid']) ? array() : $user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE]['gid'];
+    foreach ($og_actions['revokes'] as $gid => $rids) {
+      $existing_roles = og_get_user_roles($gid, $user->uid);
+      if (in_array($this->defaultMembershipRid, array_values($existing_roles))) {
+        // ungroup and set audience
+        foreach ($group_audience_gids as $i => $_audience_gid) {
+           if ($_audience_gid == $gid) {
+             unset($user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][$i]);
+           }
+        }
+        og_entity_presave($user, 'user');
+        $user = og_ungroup($gid, 'user', $user, TRUE);
+        foreach (array_values($existing_roles) as $rid) {
+          $consumer_id = ldap_authorization_og_authorization_id($gid, $rid);
+          if (isset($user_auth_data[$consumer_id])) {
+            unset($user_auth_data[$consumer_id]);
+          }
+        }
+      }
+      else {
+        foreach ($existing_roles as $rid) {
+          if ($rid != $this->defaultMembershipRid && $this->defaultMembershipRid != 1) {
+            og_role_revoke($gid, $user->uid, $rid);
+            unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid)]);
+          }
+        }
+      }
+    }
+
+    if ($user_save) {
+      $user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data;
+      $user = user_save($user, $user_edit);
+      $user_auth_data = $user->data['ldap_authorizations'][$this->consumerType];  // reset this variable because user save hooks can impact it.
+    }
+
+    $this->flushRelatedCaches($consumers);
+
+    if ($detailed_watchdog_log) {
+      watchdog('ldap_authorization', '%username:
+        <hr/>LdapAuthorizationConsumerAbstract grantsAndRevokes() method log.  action=%action:<br/> %consumer_ids_log
+        ',
+        $watchdog_tokens, WATCHDOG_DEBUG);
+    }
+
+  }
+
 /**
   * revoke an authorization
   *
@@ -372,23 +598,26 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
   *
   */
 
-  public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) {
+  public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $discarded_user_save_flag = TRUE, $reset = FALSE) {
+
+    if ($this->ogVersion == 1) {
+      return false; // not implemented for og 7.x-1.x
+    }
+    $watchdog_tokens =  array('%consumer_id' => $consumer_id, '%username' => $user->name,
+      '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()');
+
+    list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
+
     if (!$this->hasAuthorization($user, $consumer_id)) {
-      og_invalidate_cache(); // if trying to revoke, but thinks not granted, flush cache
+      og_invalidate_cache(array($gid)); // if trying to revoke, but thinks not granted, flush cache
       if (!$this->hasAuthorization($user, $consumer_id)) {
+        if (isset($user_auth_data[$consumer_id])) {
+          unset($user_auth_data[$consumer_id]);
+        }
         return TRUE;
       }
     }
 
-    $watchdog_tokens =  array('%consumer_id' => $consumer_id, '%username' => $user->name,
-      '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()');
-
-    if ($this->ogVersion == 1) {
-      list($gid, $rid) = @explode('-', $consumer_id);
-    }
-    else {
-      list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
-    }
     // make sure group exists, since og doesn't do much error catching.
     if (!empty($consumer['value'])) {
       $og_group = $consumer['value'];
@@ -400,51 +629,31 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
       }
     }
 
-    if ($this->ogVersion == 1) { // og 7.x-1.x
-      $users_group_roles = og_get_user_roles($gid, $user->uid);
-    }
-    else { // og 7.x-2.x
-      $users_group_roles = og_get_user_roles($group_entity_type, $gid, $user->uid);
-    }
-    // CASE: revoke
+    $users_group_roles = og_get_user_roles($group_entity_type, $gid, $user->uid);
+
     if (count($users_group_roles) == 1) {  // ungroup if only single role left
-      if ($this->ogVersion == 1) { // og 7.x-1.x
-        $entity = og_ungroup($gid, 'user', $user->uid, TRUE);
-        if ($reset) {
-          og_invalidate_cache();
-        }
-      }
-      else { // og 7.x-2.x
-        $entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
-        if ($reset) {
-          og_invalidate_cache(array($gid));
-        }
-      }
+      $entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
       $result = (boolean)($entity);
       $watchdog_tokens['%action'] = 'og_ungroup';
     }
     else { // if more than one role left, just revoke single role.
-      if ($this->ogVersion == 1) { // og 7.x-1.x
-        og_role_revoke($gid, $user->uid, $rid);
-        if ($reset) {
-          og_invalidate_cache();
-        }
-      }
-      else { // og 7.x-2.x
-        og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
-        if ($reset) {
-          og_invalidate_cache(array($gid));
-        }
-      }
+      og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
       $watchdog_tokens['%action'] = 'og_role_revoke';
       $result = TRUE;
     }
-    $watchdog_tokens['%result'] = '$result';
+
+
+    if ($reset) {
+      og_invalidate_cache(array($gid));
+    }
+    $watchdog_tokens['%result'] = (int)$result;
     if ($this->detailedWatchdogLog) {
       watchdog('ldap_authorization_og', '%function revoked: result=%result, gid=%gid, rid=%rid, action=%action for username=%username',
         $watchdog_tokens, WATCHDOG_DEBUG);
     }
-
+    if ($result && isset($user_auth_data[$consumer_id])) {
+      unset($user_auth_data[$consumer_id]);
+    }
     return $result;
 
   }
@@ -455,7 +664,12 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
    * @see ldapAuthorizationConsumerAbstract::grantSingleAuthorization()
    *
    */
-  public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) {
+  public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $discarded_user_save_flag = TRUE, $reset = FALSE) {
+
+    if ($this->ogVersion == 1) {
+      return false; // not implemented for og 7.x-1.x
+    }
+
     $watchdog_tokens =  array(
       '%consumer_id' => $consumer_id,
       '%username' => $user->name,
@@ -463,8 +677,11 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
       '%function' => 'LdapAuthorizationConsumerOG.grantSingleAuthorization()'
     );
 
+    list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
+    $watchdog_tokens['%entity_type'] = $group_entity_type;
+
     if ($this->hasAuthorization($user, $consumer_id)) {
-      og_invalidate_cache(); // if trying to grant, but things already granted, flush cache
+      og_invalidate_cache(array($gid)); // if trying to grant, but things already granted, flush cache
       if ($this->hasAuthorization($user, $consumer_id)) {
         return TRUE;
       }
@@ -477,17 +694,9 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
       return FALSE;
     }
 
-    if ($this->ogVersion == 1) {
-      list($gid, $rid) = @explode('-', $consumer_id);
-    }
-    else {
-      list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
-      $watchdog_tokens['%entity_type'] = $group_entity_type;
-    }
     $watchdog_tokens['%gid'] = $gid;
     $watchdog_tokens['%rid'] = $rid;
     $watchdog_tokens['%uid'] = $user->uid;
-    $watchdog_tokens['%entity_type'] = $group_entity_type;
 
     // CASE:  grant role
     if ($this->detailedWatchdogLog) {
@@ -495,33 +704,19 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
         $watchdog_tokens, WATCHDOG_DEBUG);
     }
 
-    if ($this->ogVersion == 1) {
-      $values = array(
-        'entity type' => 'user',
-        'entity' => $user,
-        'state' => OG_STATE_ACTIVE,
-        'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT,
-      );
-      $user_entity = og_group($gid, $values);
-      og_role_grant($gid, $user->uid, $rid);
-      if ($reset) {
-        og_invalidate_cache();
-      }
-    }
-    else {
-      $values = array(
-        'entity_type' => 'user',
-        'entity' => $user->uid,
-        'field_name' => FALSE,
-        'state' => OG_STATE_ACTIVE,
-      );
-      $og_membership = og_group($group_entity_type, $gid, $values);
-      og_role_grant($group_entity_type, $gid, $user->uid, $rid);
-      if ($reset) {
-        og_invalidate_cache(array($gid));
-      }
-    }
+    //@todo.  is 'entity' param in og2 supposed to point to entity id?
+    $values = array(
+      'entity_type' => 'user',
+      'entity' => $user->uid,
+      'field_name' => FALSE,
+      'state' => OG_STATE_ACTIVE,
+    );
+    $og_membership = og_group($group_entity_type, $gid, $values);
+    og_role_grant($group_entity_type, $gid, $user->uid, $rid);
 
+    if ($reset) {
+      og_invalidate_cache(array($gid));
+    }
 
     if ($this->detailedWatchdogLog) {
       watchdog('ldap_auth_og', '%function <hr />granted: entity_type=%entity_type gid=%gid, rid=%rid for username=%username',
@@ -536,14 +731,21 @@ class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
    */
 
   public function usersAuthorizations(&$user) {
+
     $authorizations = array();
+
     if ($this->ogVersion == 1) {
-      $groups = og_load_multiple(og_get_all_group());
+      $gids = og_get_groups_by_user($user);
       $authorizations = array();
-      if (is_object($user) && is_array($groups)) {
-        foreach ($groups as $gid => $discard) {
-          $roles = og_get_user_roles($gid, $user->uid);
-          foreach ($roles as $rid => $discard) {
+      foreach ($gids as $i => $gid) {
+        $roles = og_get_user_roles($gid, $user->uid);
+        if (!empty($roles[$this->defaultMembershipRid])) { // if you aren't a member, doesn't matter what roles you have in og 1.5
+          if (isset($roles[$this->anonymousRid])) {
+            unset($roles[$this->anonymousRid]);
+          } // ignore anonymous role
+          $rids = array_values($roles);
+          asort($rids, SORT_NUMERIC); // go low to high to get default memberships first
+          foreach ($rids as $rid) {
             $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid);
           }
         }
diff --git a/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module b/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module
index 56882e2..a60eb41 100644
--- a/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module
+++ b/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module
@@ -29,7 +29,6 @@ function ldap_authorization_og_ldap_authorization_consumer() {
       <code>
       Student Accounts|group-name=students,role-name=member<br/>
       cn=honors students,ou=groups,dc=hogwarts,dc=edu|gid=7,rid=28<br/>
-      cn=gryffindor,ou=groups,dc=hogwarts,dc=edu|node.house=gryffindor,role-name=administrator member<br/>
       </code>';
   }
   else {
@@ -85,6 +84,25 @@ function ldap_authorization_og1_entity_id_to_gid($entity_id) {
 }
 
 /**
+ * Convert entity id to group id
+ *
+ * @param int $entity_id as id of entity associated with organic group
+ * @return int og group id
+ */
+function ldap_authorization_og1_group_name_to_gid($group_name) {
+
+  $gid = db_select('og', 'og')
+        ->fields('og', array('gid'))
+        ->condition('og.label', $group_name, '=')
+        ->range(0, 1)
+        ->execute()
+        ->fetchField();
+  return ($gid && is_scalar($gid)) ? $gid : FALSE;
+
+}
+
+
+/**
  * Generic function to convert between query values and organic groups structures and attributes
  *
  * @param mixed $value signifies query value e.g. 'bakers', 7 etc.
@@ -94,32 +112,25 @@ function ldap_authorization_og1_entity_id_to_gid($entity_id) {
  */
 function ldap_authorization_og1_get_group($value, $value_type = 'group_name', $return = 'object') {
 
-  $groups = og_load_multiple(og_get_all_group());
-  $group = NULL;
-  $node = NULL;
-
   if ($value_type == 'gid') {
-    $group = $groups[$value];
+    $group = og_load($value);
   }
   elseif ($value_type == 'group_name') {
-    foreach ($groups as $gid => $discard) {
-      $group_obj = og_load($gid);
-      $group_node = node_load($group_obj->etid);
-      if ($group_node && $group_node->type == $value) {
-        $group = $group_obj;
-        $node = $group_node;
-        break;
-      }
-    }
+    $gid = ldap_authorization_og1_group_name_to_gid($value);
+    $group = ($gid) ? og_load($gid) : FALSE;
   }
 
-  if ($return == 'object' && is_object($group) && is_object($node)) {
-    return array($group, $node);
+  if (!$group || !is_object($group)) {
+    return FALSE;
+  }
+  if ($return == 'object' && is_object($group)) {
+    $group_entity = node_load($group->etid);
+    return array($group, $group_entity);
   }
-  elseif ($return == 'label' || $return == 'name' && is_object($group)) {
+  elseif ($return == 'label' || $return == 'name') {
     return $group->label;
   }
-  elseif ($return == 'gid' && is_object($group)) {
+  elseif ($return == 'gid') {
     return $group->gid;
   }
   else {
@@ -136,7 +147,7 @@ function ldap_authorization_og1_get_group($value, $value_type = 'group_name', $r
  * @return mixed organic group object, gid, label, etc.
  */
 function ldap_authorization_og2_get_group_from_name($entity_type, $group_name) {
- // dpm("ldap_authorization_og2_get_group_from_name( $entity_type,  $group_name)");
+
   require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
   $group_entity = FALSE;
   $group_entity_id = FALSE;
@@ -144,7 +155,6 @@ function ldap_authorization_og2_get_group_from_name($entity_type, $group_name) {
   $query->entityCondition('entity_type', $entity_type)
     ->propertyCondition('title', $group_name);
   $result = $query->execute();
- // dpm($result);
   if (isset($result[$entity_type])) {
     $group_ids = array_keys($result[$entity_type]);
     if (count($group_ids) == 1) {
@@ -158,18 +168,35 @@ function ldap_authorization_og2_get_group_from_name($entity_type, $group_name) {
 }
 
 
+function ldap_authorization_og1_has_membership($gid, $uid) {
+  return (boolean)og_get_group_membership($gid, 'user', $uid);
+}
 /**
  * Test if a user has a particular group role
  *
  * @param int $gid as og group id
  * @param int $uid as user id
- * @param string $role_name as og role name
+ * @param string $rid as og role id
  *
  * @return boolean signifying if user has group x role
  */
-function ldap_authorization_og1_has_role($gid, $uid, $role_name) {
+function ldap_authorization_og1_has_role($gid, $uid, $rid) {
   $roles = og_get_user_roles($gid, $uid);
-  return (is_array($roles) && in_array($role_name, array_values($roles)));
+  return (is_array($roles) && in_array($rid, array_values($roles)));
+}
+
+/** avoid excessive calls to og_roles() **/
+function ldap_authorization_og1_roles($reset = false) {
+  static $roles;
+  if ($reset || !is_array($roles)) {
+    $roles = og_roles();
+  }
+  return $roles;
+}
+
+function ldap_authorization_og1_role_name_to_role_id($role_name) {
+  $roles = ldap_authorization_og1_roles();
+  return array_search($role_name, $roles); //empty($roles[$role_name]) ? FALSE : $roles[$role_name];
 }
 
 function ldap_authorization_og2_has_consumer_id($consumer_id, $uid) {
@@ -204,19 +231,7 @@ function ldap_authorization_og2_has_role($group_type, $gid, $uid, $role_name) {
   return (is_array($roles) && in_array($role_name, array_values($roles)));
 }
 
-/**
- * Derive og role id from role name
- *
- * @param string $role_name as og role name
- * @return int og role id
- */
-function ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $gid, $role_name) {
 
-  $roles = og_roles($entity_type, $bundle, 0, FALSE, TRUE);
-  $roles_flipped = array_flip($roles);
- // debug("ldap_authorization_og2_rid_from_role_name,role_name=$role_name, og_roles"); debug($roles_flipped);
-  return (empty($roles_flipped[$role_name])) ? NULL : $roles_flipped[$role_name];
-}
 
 /**
  * Derive og role id from role name
@@ -224,12 +239,24 @@ function ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $gid,
  * @param string $role_name as og role name
  * @return int og role id
  */
+
 function ldap_authorization_og_rid_from_role_name($role_name) {
   $roles = og_roles(0);
   $rids = array_flip($roles);
   return isset($rids[$role_name]) ? $rids[$role_name] : FALSE;
 }
 
+function ldap_authorization_og1_role_name_from_rid($rid) {
+  $roles = og_roles(0);
+  return isset($roles[$rid]) ? $roles[$rid] : FALSE;
+}
+
+function ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $gid, $role_name) {
+  $roles = og_roles($entity_type, $bundle, 0, FALSE, TRUE);
+  $roles_flipped = array_flip($roles);
+  return (empty($roles_flipped[$role_name])) ? NULL : $roles_flipped[$role_name];
+}
+
 function ldap_authorization_og_get_all_group_entities() {
   $entities = array();
   $group_entity_types = og_get_all_group_bundle();
diff --git a/ldap_authorization/tests/BasicTests.test b/ldap_authorization/tests/BasicTests.test
index d663ad9..a8e58df 100644
--- a/ldap_authorization/tests/BasicTests.test
+++ b/ldap_authorization/tests/BasicTests.test
@@ -24,7 +24,11 @@ class LdapAuthorizationBasicTests extends LdapTestCase {
   protected $ldap_test_data;
 
   function setUp() {
-    parent::setUp(array('ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role')); // don't need any real servers, configured, just ldap_servers code base
+    parent::setUp(array(
+      'ldap_authentication',
+      'ldap_authorization',
+      'ldap_authorization_drupal_role',
+      'ldap_test')); // don't need any real servers, configured, just ldap_servers code base
     variable_set('ldap_simpletest', 2);
   }
 
@@ -45,7 +49,7 @@ class LdapAuthorizationBasicTests extends LdapTestCase {
         module_exists('ldap_servers') &&
         module_exists('ldap_authorization') &&
         module_exists('ldap_authorization_drupal_role') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) > 0)
       );
     $this->assertTrue($setup_success, ' ldap_authorizations setup successful', 'LDAP Authorization: Test Setup Success');
 
@@ -80,13 +84,13 @@ class LdapAuthorizationBasicTests extends LdapTestCase {
     $sid = 'activedirectory1';
     $testid = 'ExclusiveModeUserLogon3';
     $sids = array($sid);
-    $this->prepTestData('hogwarts', $sids, 'provisionToDrupal', 'default', 'drupal_role_default');
+    $this->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default', 'drupal_role_default');
 
-    $edit = array(
+    $hpotter_logon_edit = array(
       'name' => 'hpotter',
       'pass' => 'goodpwd',
     );
-    $this->drupalPost('user', $edit, t('Log in'));
+    $this->drupalPost('user', $hpotter_logon_edit, t('Log in'));
     $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP Authorization: Test Logon');
     $this->assertTrue(
       $this->testFunctions->ldapUserIsAuthmapped('hpotter'),
@@ -94,9 +98,9 @@ class LdapAuthorizationBasicTests extends LdapTestCase {
       'LDAP Authorization: Test Logon'
     );
 
-    $hpotter = user_load_by_name('hpotter');
+    $hpotter = $this->testFunctions->userByNameFlushingCache('hpotter');
     $roles = array_values($hpotter->roles);
-    $desired_roles = array('students', 'authenticated user', 'gryffindor', 'honors students');
+    $desired_roles = array('students', 'authenticated user', 'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu', 'cn=honors students,ou=groups,dc=hogwarts,dc=edu');
     $diff1 = array_diff($roles, $desired_roles);
     $diff2 = array_diff($desired_roles, $roles);
     $correct_roles = (count($diff1) == 0 && count($diff2) == 0);
@@ -112,6 +116,80 @@ class LdapAuthorizationBasicTests extends LdapTestCase {
 
     $this->drupalGet('user/logout');
 
+    /**
+     * test revoking of no longer deserved roles when revokeLdapProvisioned=1
+     */
+    $this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1;
+    $this->consumerAdminConf['drupal_role']->save();
+
+    // setup:  remove hpotter from honors members
+    $test_data_pre_test = variable_get('ldap_test_server__' . $sid, NULL);
+    $test_data = variable_get('ldap_test_server__' . $sid, NULL);
+
+    $this->removeUserFromGroup($test_data, 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'cn=honors students,ou=groups,dc=hogwarts,dc=edu', "dc=hogwarts,dc=edu");
+
+    variable_set('ldap_test_server__' . $sid, $test_data);
+
+    $hpotter_dn = 'cn=hpotter,ou=people,dc=hogwarts,dc=edu';
+    $this->drupalPost('user', $hpotter_logon_edit, t('Log in'));
+    $hpotter = $this->testFunctions->userByNameFlushingCache('hpotter');
+    $roles = array_values($hpotter->roles);
+
+    $this->assertFalse(
+      in_array('cn=honors students,ou=groups,dc=hogwarts,dc=edu', $roles),
+      'when revokeLdapProvisioned=1, removed role from user',
+      'LDAP Authorization: Test Logon'
+    );
+
+    $this->assertTrue(
+      empty($hpotter->data['ldap_authorizations']['drupal_role']['cn=honors students,ou=groups,dc=hogwarts,dc=edu']),
+      'when revokeLdapProvisioned=1, removed user->data[ldap_authorizations][drupal_role][<role>]',
+      'LDAP Authorization: Test Logon'
+    );
+
+    // return test data to original state
+    variable_set('ldap_test_server__' . $sid, $test_data_pre_test);
+    $this->drupalGet('user/logout');
+
+
+    /**
+     * test regranting of removed roles (regrantLdapProvisioned = 0)
+     */
+    $hpotter = $this->testFunctions->userByNameFlushingCache('hpotter');
+    $roles = array_values($hpotter->roles);
+    $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 0;
+    $this->consumerAdminConf['drupal_role']->save();
+    $this->testFunctions->removeRoleFromUser($hpotter, "cn=gryffindor,ou=groups,dc=hogwarts,dc=edu");
+    $this->drupalPost('user', $hpotter_logon_edit, t('Log in'));
+    $hpotter = $this->testFunctions->userByNameFlushingCache('hpotter');
+    $roles = array_values($hpotter->roles);
+
+    $this->assertFalse(
+      in_array("cn=gryffindor,ou=groups,dc=hogwarts,dc=edu", $roles),
+      'when regrantLdapProvisioned=0, did not regrant role on logon',
+      'LDAP Authorization: Test Logon'
+    );
+    $this->assertTrue(
+      !empty($hpotter->data['ldap_authorizations']['drupal_role']['cn=gryffindor,ou=groups,dc=hogwarts,dc=edu']),
+      'when regrantLdapProvisioned=0, role is not regranted, but initial grant still remains in user->data[ldap_authorizations][drupal_role][<role>]',
+      'LDAP Authorization: Test Logon'
+    );
+    $this->drupalGet('user/logout');
+
+    /**
+     * test regranting of removed roles (regrantLdapProvisioned = 1)
+     */
+    $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 1;
+    $this->consumerAdminConf['drupal_role']->save();
+    $this->drupalPost('user', $hpotter_logon_edit, t('Log in'));
+    $hpotter = $this->testFunctions->userByNameFlushingCache('hpotter');
+    $roles = array_values($hpotter->roles);
+    $this->assertTrue(
+      in_array("cn=gryffindor,ou=groups,dc=hogwarts,dc=edu", $roles),
+      'when regrantLdapProvisioned=0, did not regrant role on logon',
+      'LDAP Authorization: Test Logon'
+    );
+    $this->drupalGet('user/logout');
 
 }
 
@@ -124,7 +202,7 @@ function testFlags() {
 
   $sid = 'activedirectory1';
   $this->prepTestData(
-    'hogwarts',
+    LDAP_TEST_LDAP_NAME,
     array($sid),
     'provisionToDrupal',
     'default',
@@ -344,7 +422,7 @@ function testFlags() {
   */
 
   //add new mapping to and enable create consumers
-  $this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
+  $this->prepTestData(LDAP_TEST_LDAP_NAME, array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
   $this->drupalGet('user/logout');
   $new_role = 'oompa-loompas';
   $this->consumerAdminConf['drupal_role']->createConsumers = 1;
@@ -357,7 +435,7 @@ function testFlags() {
       'error_message' => '',
       );
   $this->consumerAdminConf['drupal_role']->save();
- // debug('mappings'); debug($this->consumerAdminConf['drupal_role']->mappings);
+//  debug('mappings'); debug($this->consumerAdminConf['drupal_role']->mappings);
 
   $edit = array(
     'name' => 'hpotter',
@@ -366,7 +444,7 @@ function testFlags() {
   $this->drupalPost('user', $edit, t('Log in'));
 
   $new_role_created = in_array($new_role, array_values(user_roles()));
-
+ // debug("roles"); debug(user_roles());
   $roles_by_name = array_flip(user_roles());
   $hpotter = user_load_by_name('hpotter');
   $hpotter = user_load($hpotter->uid, TRUE);
@@ -383,6 +461,7 @@ function testFlags() {
     debug('roles'); debug(user_roles());
     debug('roles by name'); debug($roles_by_name);
     debug('hpotter->roles'); debug($hpotter->roles);
+    debug("new role desired: $new_role");
     debug("$new_role_created AND $role_granted");
   }
 
@@ -390,11 +469,11 @@ function testFlags() {
 
   public function testUIForms() {
 
-    $ldap_simpletest_initial = variable_get('ldap_simpletest', 1);
+    $ldap_simpletest_initial = variable_get('ldap_simpletest', 2);
     variable_del('ldap_simpletest'); // need to be out of fake server mode to test ui.
 
     $sid = 'activedirectory1';
-    $this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default');
+    $this->prepTestData(LDAP_TEST_LDAP_NAME, array($sid), 'provisionToDrupal', 'default');
 
     ldap_servers_module_load_include('php', 'ldap_servers', 'LdapServerAdmin.class');
     $ldap_server = new LdapServerAdmin($sid);
@@ -435,7 +514,7 @@ function testFlags() {
 
     foreach (array(0) as $i) {
       foreach (array('drupal_role') as $consumer_type) {
-        foreach (array(0, 1) as $ctools_enabled) {
+        foreach (array(1) as $ctools_enabled) {  // may want to put this back in after ctools requirement is fixed
           $this->ldapTestId = "testUIForms.$i.$consumer_type.ctools.$ctools_enabled";
           if ($ctools_enabled) {
             module_enable(array('ctools'));
@@ -511,8 +590,6 @@ function testFlags() {
             debug("status" . $consumer_conf->status);
             debug("sid" . $consumer_conf->sid);
           }
-
-
         }
       }
     }
diff --git a/ldap_authorization/tests/Og1Tests.test b/ldap_authorization/tests/Og1Tests.test
index 2b06f01..97844bf 100644
--- a/ldap_authorization/tests/Og1Tests.test
+++ b/ldap_authorization/tests/Og1Tests.test
@@ -9,6 +9,21 @@ module_load_include('php', 'ldap_test', 'LdapTestCase.class');
 require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
 
 class LdapAuthorizationOg1Tests extends LdapTestCase {
+
+  public $groupEntityType = 'node';
+  public $groupBundle = 'group';
+  public $groupType = 'node';
+  public $group_content_type = NULL;
+  public $group_nodes = array();
+  public $user1;
+  public $consumerType = 'og_group';
+  public $module_name = 'ldap_authorization_og';
+  protected $ldap_test_data;
+  public $customOgRoles = array(
+    'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
+    'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
+    );
+
   public static function getInfo() {
     return array(
       'group' => 'LDAP Authorization',
@@ -17,47 +32,119 @@ class LdapAuthorizationOg1Tests extends LdapTestCase {
     );
   }
 
-  public $consumerType = 'og_group';
+  function __construct($test_id = NULL) {
+    parent::__construct($test_id);
+  }
 
-  function setUp() {
-    parent::setUp('og_ui');
+  //function setUp() {
+  //  parent::setUp(array(
+  //    'ldap_authentication',
+  //    'ldap_authorization',
+  //    'ldap_authorization_drupal_role',
+  //    'ldap_test')); // don't need any real servers, configured, just ldap_servers code base
+  //  variable_set('ldap_simpletest', 2);
+  //}
+
+  function setUp($addl_modules = array()) {
+    parent::setUp(array('entity', 'ctools', 'og', 'ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role', 'ldap_authorization_og', 'ldap_test', 'og_ui'));
+    variable_set('ldap_simpletest', 2);
+
+    if (ldap_authorization_og_og_version() != 1) {
+      debug('LdapAuthorizationOg1Tests must be run with OG 7.x-1.x');
+      return;
+    }
 
+    $this->user1 = $this->drupalCreateUser();
     $this->groups = array();
-    require('Derivations.ldap_authorization_og.inc');
+    $this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
 
-    foreach ($og_roles as $og_role_name => $discard) {
+    /**
+     * Group:  The entity instance that will have members and content associated with it.
+     * Group Entity: entity type: node, bundle: group, name: OG Group
+     * Group Instances: $this->group_nodes[$label]
+     *
+     */
+
+
+
+  // Create group and group content node types.
+    $this->groupBundle = $this->drupalCreateContentType(array(
+      'type' => 'group',
+      'name' => 'OG Group',
+      ))->type;
+    og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle);  // entity type = "node" and group bundle = "group"
+    og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType,  $this->groupBundle);
+
+
+    $this->createCustomRoles();
+    // create og group for each group in group csv
+
+    $this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1');
+    $this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME);
+    foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
+      $label = $group['cn'];
+     // $group_type_obj = $this->drupalCreateContentType(array('name' => $label, 'type' => $label));
+     // og_create_field(OG_GROUP_FIELD, 'node', $group_type_obj->type);
+      $settings = array();
+      $settings['title'] = $label;
+      $settings['type'] = $this->groupBundle;
+      $settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
+      $group_node = $this->drupalCreateNode($settings);
+      $group = og_get_group('node', $group_node->nid);
+      $this->group_nodes[$label] = $group_node;
+    }
+
+  }
+
+  public function createCustomRoles() {
+    foreach ($this->customOgRoles as $og_role_name => $og_role) {
       $role = new stdClass;
       $role->name = $og_role_name;
       $role->gid = 0;
       $status = og_role_save($role);
     }
+    $roles = db_query("SELECT rid, name FROM {og_role}", array())->fetchAllKeyed();
+  }
 
-    foreach ($og_groups as $og_name => $og_conf) {
-      $label = $og_conf['label'];
-      //debug($label);
-      if ($og_conf['entity_type'] == 'node') {
-        $group_type_obj = $this->drupalCreateContentType(array('name' => $label, 'type' => $label));
-        og_create_field(OG_GROUP_FIELD, 'node', $group_type_obj->type);
-        $group_node = $this->drupalCreateNode(array(
-          'title' => $label,
-          'type' => $group_type_obj->type,
-          'og_group' => array(
-            LANGUAGE_NONE => array(
-              0 => array(
-                'value' => TRUE)))));
-        $group = og_create_group(array(
-          'entity_type' => 'node',
-          'etid' => $group_node->nid,
-          ));
-      }
-     // debug($group);
+  function deleteAndRecreateUser($cname) {
+    if ($user = user_load_by_name($cname)) {
+      user_delete($user->uid);
     }
+    $user = $this->drupalCreateUser(array());
+    $user = $this->testFunctions->drupalLdapUpdateUser(array('name' => $cname, 'mail' =>  $cname . '@hogwarts.edu'), TRUE, $user);
+    return $user;
   }
 
+  function UIGroupMembershipTest($user, $group_node, $test_id = null, $assert_true = TRUE) {
+      $this->drupalGet('user/' . $user->uid);
+      if ($assert_true) {
+        $this->assertText($group_node->title, 'User view UI shows group (' . $group_node->title . ') membership listed', $test_id);
+      }
+      else {
+        $this->assertNoText($group_node->title, 'User view UI does not show group (' . $group_node->title . ') membership listed', $test_id);
+      }
+      $this->drupalGet('node/' . $group_node->nid);
+      if ($assert_true) {
+        $this->assertText($user->name, 'Group view UI shows user name (' . $user->name . ') in group membership list',$test_id);
+      }
+      else {
+        $this->assertText('Request group membership', 'Group view UI show Request Group Membership form in group membership list',$test_id);
+      }
+  }
 
+  function manualOgGroup($user, $gid, $extra_rids = array()) {
+    $values = array('entity' => $user,  'entity_type' => 'user');
+    $user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][] = array('gid' => $gid);
+    og_entity_presave($user, 'user');
+    $user = user_save($user);
+    foreach ($extra_rids as $rid) {
+      og_role_grant($gid, $user->uid, $rid);
+    }
+    return user_load($user->uid, TRUE);
+  }
 
   /**
-   * just make sure install succeeds.  doesn't really need to be tested
+   * just make sure install succeeds and og and ldap_authorization_og functions work as designed
    */
   function testBasicFunctionsAndApi() {
     $this->ldapTestId = $this->module_name . ': setup success';
@@ -66,15 +153,17 @@ class LdapAuthorizationOg1Tests extends LdapTestCase {
         module_exists('ldap_authentication') &&
         module_exists('ldap_servers') &&
         module_exists('ldap_authorization') &&
-        module_exists('ldap_authorization_drupal_role') &&
         module_exists('ldap_authorization_og') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) == 2)
       );
     $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
 
     $this->ldapTestId = $this->module_name . ': cron test';
     $this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
-
+    $this->assertTrue(ldap_authorization_og_authorization_id(2,3) == "2-3",
+      t('ldap_authorization_og_authorization_id() function works.'), $this->ldapTestId);
+    $this->assertTrue(ldap_authorization_og_og_version() == 1,
+      t('ldap_authorization_og_og_version() is 1'), $this->ldapTestId);
 
     /***
      * I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og
@@ -83,41 +172,43 @@ class LdapAuthorizationOg1Tests extends LdapTestCase {
     $web_user = $this->drupalCreateUser();
     $this->ldapTestId = $this->module_name . ': og functions';
 
-    list($og_knitters, $og_knitters_node) = ldap_authorization_og_get_group('knitters', 'group_name', 'object');
-    list($og_bakers, $og_bakers_node) = ldap_authorization_og_get_group('bakers', 'group_name', 'object');
-    list($og_butchers, $og_butchers_node) = ldap_authorization_og_get_group('butchers', 'group_name', 'object');
-    $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE );
-    $member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE );
-    $admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
 
-    og_role_grant($og_knitters->gid, $web_user->uid, $member_rid);
-    og_role_grant($og_bakers->gid, $web_user->uid, $member_rid);
-    og_role_grant($og_bakers->gid, $web_user->uid, $admin_rid);
+    list($og_gryffindor_group, $og_gryffindor_node) =  ldap_authorization_og1_get_group('gryffindor', 'group_name');
+    list($og_students_group, $og_students_node) =  ldap_authorization_og1_get_group('students', 'group_name');
+    list($og_faculty_group, $og_faculty_node) =  ldap_authorization_og1_get_group('faculty', 'group_name');
+    list($og_users_group, $og_users_node) =  ldap_authorization_og1_get_group('users', 'group_name');
+   // debug('og_gryffindor_node');debug($og_gryffindor_node->nid); debug($og_gryffindor_group->gid);
+  //  debug('og_students_node');debug($og_students_node->nid); debug($og_students_group->gid);
+  //  debug('og_faculty_node');debug($og_faculty_node->nid); debug($og_faculty_group->gid);
+ //   debug('og_users_node');debug($og_users_node->nid); debug($og_users_group->gid);
+
+    $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
+    $member_rid =    ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
+    $admin_rid =     ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
+    $dungeon_master_rid =     ldap_authorization_og_rid_from_role_name('dungeon-master');
+    $time_keeper =     ldap_authorization_og_rid_from_role_name('time-keeper');
+    $student_member_consumer_id = $og_students_group->gid . '-' . $member_rid;
+
+    $gid = ldap_authorization_og1_entity_id_to_gid($og_gryffindor_node->nid);
+    $this->assertTrue($gid == $og_gryffindor_group->gid, t('ldap_authorization_og1_entity_id_to_gid() functions'), $this->ldapTestId);
+
 
+ //   debug("anonymous_rid=$anonymous_rid, member_rid=$member_rid,admin_rid=$admin_rid, dungeon_master_rid=$dungeon_master_rid, time_keeper=$time_keeper");
 
     /**
-     * basic granting tests to make sure og_role_grant, ldap_authorization_og_rid_from_role_name,
-     *   and ldap_authorization_og_get_group functions work
+     *   @todo api tests: ldap_authorization_og_rid_from_role_name(),
+     *   and ldap_authorization_og_get_group()
      */
 
     $ids = array($web_user->uid);
-   // debug($ids);
-    $user_entity = entity_load('user', $ids, array(), TRUE);
-   // debug($user_entity);
-    $this->assertTrue(og_is_member($og_knitters->gid, 'user', $user_entity),
-       'User is member of Group og_knitters without LDAP (based on og_is_member() function)', $this->ldapTestId);
-    $this->assertTrue(ldap_authorization_og_has_role($og_knitters->gid, $web_user->uid, OG_AUTHENTICATED_ROLE ),
-      'User is member of Group og_knitters without LDAP (based on ldap_authorization_og_has_role() function)', $this->ldapTestId);
-    $this->assertTrue(ldap_authorization_og_has_role($og_bakers->gid, $web_user->uid, OG_AUTHENTICATED_ROLE ),
-      'User is member of Group og_bakers without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
-    $this->assertTrue(ldap_authorization_og_has_role($og_bakers->gid, $web_user->uid, OG_ADMINISTRATOR_ROLE),
-      'User is administrator member of Group og_bakers without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
-    //
+  //  debug($ids);
+    $user_entities = entity_load('user', $ids, array(), TRUE);
+    $user_entity = $user_entities[$web_user->uid];
 
-    /***
-     * II.A. construct ldapauthorization og object and test methods (ignoring if ldap created or not).
-     * unit tests for methods and class without any ldap context.
-     */
+    ///***
+    // * II. construct ldapauthorization og object and test methods (ignoring if ldap created or not...
+    // * unit tests for methods and class without any ldap context.)
+    // */
 
     $this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class';
 
@@ -125,298 +216,465 @@ class LdapAuthorizationOg1Tests extends LdapTestCase {
     $this->assertTrue(is_object($og_auth),
       'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
 
-    $this->assertTrue($og_auth->hasAuthorization($web_user, '2-3'),
-      'hasAuthorization() method works for non LDAP provisioned og authorizaiton', $this->ldapTestId);
-
-    $this->assertTrue($og_auth->consumerType == 'og_group',
-      'LdapAuthorizationConsumerOG ConsumerType set properly', $this->ldapTestId);
-
-    $consumer_ids = $og_auth->availableConsumerIDs();
-    $should_haves = array('1-1', '1-2', '1-3', '2-1', '2-2', '2-3', '3-1', '3-2', '3-3');
-    $match = (boolean)(count(array_intersect($consumer_ids, $should_haves)) == count($should_haves));
-    $this->assertTrue($match,
-      'LdapAuthorizationConsumerOG availableConsumerIDs()', $this->ldapTestId);
-  //  debug($consumer_ids);
-
-    $should_haves = array('1-1', '1-2', '2-1', '2-3');
-    $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
-    $match = (boolean)(count(array_intersect($web_user_authorizations, $should_haves)) == count($should_haves));
-    $this->assertTrue($match,
-      'LdapAuthorizationConsumerOG usersAuthorizations()', $this->ldapTestId);
-
-    $baker_nonmember_id = ldap_authorization_og_authorization_id($og_bakers->gid, $anonymous_rid);
-    $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_groups'], array($baker_nonmember_id => TRUE), NULL, TRUE);
-    $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
-    $this->assertTrue(in_array($baker_nonmember_id, $web_user_authorizations),
-      'LdapAuthorizationConsumerOG authorizationRevoke() test revoke on nonmeber role', $this->ldapTestId);
-
-    $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers->gid, $member_rid);
-    $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id => TRUE), NULL, TRUE);
-    $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
-    $this->assertTrue(in_array($butcher_member_id, $web_user_authorizations),
-      'LdapAuthorizationConsumerOG authorizationGrant()', $this->ldapTestId);
-    $this->assertTrue($og_auth->hasLdapGrantedAuthorization($web_user, $butcher_member_id),
-      'hasLdapGrantedAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
-
-    $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
-    $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
-  //  debug('web_user_authorizations'); debug($web_user_authorizations);
-    $this->assertFalse(in_array($butcher_member_id, $web_user_authorizations),
-       'LdapAuthorizationConsumerOG authorizationRevoke()', $this->ldapTestId);
-
-
-    $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
-    $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
-   // debug('web_user_authorizations'); debug($web_user_authorizations);
-    $this->assertFalse(in_array($butcher_member_id, $web_user_authorizations),
-      'LdapAuthorizationConsumerOG authorizationRevoke() attempt to revoke role that user doesnt have', $this->ldapTestId);
-
-    $result = $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array('212-212' => NULL), NULL, TRUE);
-    $this->assertFalse($result,
-      'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId);
-
-    $result = $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array('212-212' => NULL), NULL, TRUE);
-    $this->assertFalse($result,
-      'LdapAuthorizationConsumerOG authorizationGrant() test grant of bogus authorization', $this->ldapTestId);
-
-    $result = $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array('bogusformat' => NULL), NULL, TRUE);
-    $this->assertFalse($result,
-      'LdapAuthorizationConsumerOG authorizationRevoke()  test revoke malformed params', $this->ldapTestId);
-
-    $result = $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array('bogusformat' => NULL), NULL, TRUE);
-    $this->assertFalse($result,
-      'LdapAuthorizationConsumerOG authorizationGrant() test grant malformed params', $this->ldapTestId);
 
-    /***
-     * II.B. Also test function in ldap_authorization_og.module
+    /**
+     * test basic functions with admin user logged in
      */
 
-    $normalized_authorization_id = ldap_authorization_og_authorization_id(3, 2);
-    $this->assertTrue($normalized_authorization_id == '3-2', ' ldap_authorizations og ldap_authorization_og_authorization_id() function works', $this->ldapTestId);
+    $ldap_entry = NULL;
+    $user_data = array();
+    $user = user_load($web_user->uid, TRUE);
 
-    $gid = ldap_authorization_og_entity_id_to_gid(4345);
-    $this->assertTrue($gid === FALSE, ' ldap_authorizations og ldap_authorization_og_entity_id_to_gid() returns false for bogus data', $this->ldapTestId);
 
+    $this->assertFalse($og_auth->hasAuthorization($user, $student_member_consumer_id),
+      'hasAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
 
-    // create entity and get gid
-    $gid = ldap_authorization_og_entity_id_to_gid($og_knitters->etid);
-    $this->assertTrue($og_knitters->gid == $gid, 'ldap_authorization_og_entity_id_to_gid() function works', $this->ldapTestId);
+    $user_auth_data = array();
+    $consumers = array($student_member_consumer_id => $og_auth->emptyConsumer);
 
-    $bakers_gid = ldap_authorization_og_get_group($og_bakers->gid, 'gid', 'gid');
-    $this->assertTrue($bakers_gid == $og_bakers->gid, 'ldap_authorization_og_get_group() function gid return works with query type gid', $this->ldapTestId);
+    $og_auth->authorizationGrant($user, $user_auth_data, $consumers, $ldap_entry, TRUE);
 
-    $bakers_label = ldap_authorization_og_get_group($og_bakers->gid, 'gid', 'label');
-    $this->assertTrue($bakers_label == 'bakers', 'ldap_authorization_og_get_group() function label return works with query type gid', $this->ldapTestId);
+    $this->assertTrue(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid),
+      'authorizationGrant function works', $this->ldapTestId);
 
-    $test = ldap_authorization_og_has_role($og_bakers->gid, $web_user->uid, OG_ADMINISTRATOR_ROLE);
-    $this->assertTrue($test, 'ldap_authorization_og_has_role() function works', $this->ldapTestId);
+    $this->assertTrue(ldap_authorization_og1_has_role($og_students_group->gid, $user->uid, $member_rid),
+     'ldap_authorization_og1_has_role function works', $this->ldapTestId);
 
-    $test = ldap_authorization_og_has_role($og_knitters->gid, $web_user->uid, OG_ADMINISTRATOR_ROLE);
-    $this->assertTrue($test === FALSE, 'ldap_authorization_og_has_role() function fails with FALSE', $this->ldapTestId);
+    $this->assertTrue("member" == ldap_authorization_og1_role_name_from_rid($member_rid),
+     'ldap_authorization_og1_role_name_from_rid function works', $this->ldapTestId);
 
-    $test = ldap_authorization_og_rid_from_role_name('sdfsdfsdfsdf');
-    $this->assertTrue($test === FALSE, 'ldap_authorization_og_rid_from_role_name() function fails with FALSE', $this->ldapTestId);
+    $this->assertTrue($member_rid == ldap_authorization_og1_role_name_to_role_id("member"),
+     'ldap_authorization_og1_role_name_to_role_id function works', $this->ldapTestId);
 
-  }
-  /***
-      * III. functional tests based on various configurations, without actual user logon process
-      * (will need to be expanded when batch, feed, etc, processing is added, but those
-      * functional tests should not need to done for all ldap consumer types.
-      */
-  function testAuthorizationsWithoutLogon() {
-
-    $this->ldapTestId = $this->module_name . ': og authorizations on logon';
-    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
-    $setup_success = (
-        module_exists('ldap_authentication') &&
-        module_exists('ldap_servers') &&
-        module_exists('ldap_authorization') &&
-        module_exists('ldap_authorization_drupal_role') &&
-        module_exists('ldap_authorization_og') &&
-        (variable_get('ldap_simpletest', 0) > 0)
-      );
-    $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+    $has_student_membership = ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid);
+    $this->assertTrue($has_student_membership, 'ldap_authorization_og1_has_membership function', $this->ldapTestId);
 
-    $web_user = $this->drupalCreateUser();
 
-    $this->ldapTestId = 'DeriveFromEntry';
-    $this->serversData = 'ldapauthor1.ldap_server.test_data.inc';
-    $this->authorizationData = 'Derivations.ldap_authorization_og.inc';
-    $this->authenticationData = 'ldapauthor1.ldap_authentication.test_data.inc';
-    $this->consumerType = 'og_group';
-    $this->prepTestData('ad_authorization');
+    if ($has_student_membership) {
+      $og_auth->authorizationRevoke($user, $user_auth_data, $consumers, $ldap_entry, TRUE);
+      $this->assertFalse(ldap_authorization_og1_has_membership($og_students_group->gid, $user->uid),
+        'authorizationRevoke function works', $this->ldapTestId);
+    }
 
-    $og_auth = new LdapAuthorizationConsumerOG('og_group');
- //   debug('og_auth'); debug($og_auth);
-    $this->assertTrue(is_object($og_auth),
-     'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+    $parts = $og_auth->og1ConsumerIdParts("3-2");
+    $this->assertTrue($parts[0] == 3 && $parts[1] == 2,
+          'LdapAuthorizationOgConsumerOG::og1ConsumerIdParts method works', $this->ldapTestId);
 
-    list($og_knitters, $og_knitters_node) = ldap_authorization_og_get_group('knitters', 'group_name', 'object');
-    list($og_bakers, $og_bakers_node) = ldap_authorization_og_get_group('bakers', 'group_name', 'object');
-    list($og_butchers, $og_butchers_node) = ldap_authorization_og_get_group('butchers', 'group_name', 'object');
-    $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
-    $member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
-    $admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
-    $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers->gid, $member_rid);
-    $butcher_admin_id = ldap_authorization_og_authorization_id($og_butchers->gid, $admin_rid);
-    $knitters_nonmember_id = ldap_authorization_og_authorization_id($og_knitters->gid, $anonymous_rid);
-    $knitters_member_id = ldap_authorization_og_authorization_id($og_knitters->gid, $member_rid);
-     /**
-     * cn=unkool,ou=lost,dc=ad,dc=myuniveristy,dc=edu
-     * should not match any mappings
-     */
 
-    $user = $this->drupalCreateUser(array());
-    $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' =>  'unkool@nowhere.myuniversity.edu'), TRUE, $user);
-    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query');  // just see if the correct ones are derived.
-    $this->assertTrue(count($new_authorizations) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
-
-    /**
-     *   jkool:  guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniveristy,dc=edu
-     *    should yield: butchers member and butchers admin member
-     */
+    $mappings = array(
+      array('cn=students,ou=groups,dc=hogwarts,dc=edu','group-name=students,role-name=member'),
+      array('cn=faculty,ou=groups,dc=hogwarts,dc=edu','group-name=faculty,role-name=member'),
+      array('cn=gryffindor,ou=groups,dc=hogwarts,dc=edu','group-name=gryffindor,role-name=member'),
+      array('cn=users,ou=groups,dc=hogwarts,dc=edu','group-name=users,role-name=dungeon-master'),
+      array('cn=users,ou=groups,dc=hogwarts,dc=edu','gid=2,rid=2'),
+      array('cn=users,ou=groups,dc=hogwarts,dc=edu','gid=2,rid=4'),
+    );
 
-    $user = $this->drupalCreateUser(array());
-    $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' =>  'jkool@guests.myuniversity.edu'), TRUE, $user);
-    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query');  // just see if the correct ones are derived.
+    $normalized_mappings = $og_auth->normalizeMappings($mappings);
 
-    $correct_roles = (bool)(
-      isset($new_authorizations['og_group']) &&
-      in_array($butcher_member_id, $new_authorizations['og_group']) &&
-      in_array($butcher_admin_id, $new_authorizations['og_group'])
+    $correct_mappings = (
+      $normalized_mappings[0]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) &&
+      $normalized_mappings[1]['normalized'] = ldap_authorization_og_authorization_id($og_faculty_group->gid, $member_rid) &&
+      $normalized_mappings[2]['normalized'] = ldap_authorization_og_authorization_id($og_gryffindor_group->gid, $dungeon_master_rid) &&
+      $normalized_mappings[3]['normalized'] = ldap_authorization_og_authorization_id($og_users_group->gid, $member_rid) &&
+      $normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, $member_rid) &&
+      $normalized_mappings[4]['normalized'] = ldap_authorization_og_authorization_id($og_students_group->gid, 4)
     );
-    if (!$correct_roles) {
-      debug('jkool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
+    if (!$correct_mappings) {
+      debug('normalized_mappings'); debug($normalized_mappings);
     }
-    $this->assertTrue($correct_roles, "user account jkool tested for granting og butchers member and admin ($butcher_member_id and $butcher_admin_id)", $this->ldapTestId . '.onematch');
+    $this->assertTrue($correct_mappings,'normalizeMappings method works', $this->ldapTestId);
 
-    /**
-      verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniveristy,dc=edu', special guests, guest accounts
-      should yield: butchers and knitters member roles
-     */
+  }
 
-    $user = $this->drupalCreateUser(array());
-    $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool', 'mail' =>  'verykool@myuniversity.edu'), TRUE, $user);
 
-    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query');  // just see if the correct ones are derived.
-   // debug('verykool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
-    $correct_roles = (bool)(isset($new_authorizations['og_group']) &&
-      in_array($butcher_member_id, $new_authorizations[$this->consumerType]) &&
-      in_array($knitters_member_id, $new_authorizations[$this->consumerType])
-      );
-    if (!$correct_roles) {
-      debug('verykool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
-    }
-    $this->assertTrue($correct_roles, "user account verykool tested for granting og knitters member ($knitters_member_id) and og butchers member ($butcher_member_id) ", $this->ldapTestId . '.manymatch');
-    $this->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
-}
 
   /**
-    * IV. Test authorizations granted on logon
-    */
-  function testAuthorizationsOnLogon() {
+ * authorization configuration flags tests clumped together
+ */
 
-    $this->ldapTestId = $this->module_name . ': og authorizations on logon';
-    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
-    $setup_success = (
-        module_exists('ldap_authentication') &&
-        module_exists('ldap_servers') &&
-        module_exists('ldap_authorization') &&
-        module_exists('ldap_authorization_drupal_role') &&
-        module_exists('ldap_authorization_og') &&
-        (variable_get('ldap_simpletest', 0) > 0)
-      );
-    $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+function testFlags() {
 
-    $web_user = $this->drupalCreateUser();
+  $sid = 'activedirectory1';
 
-    $this->ldapTestId = 'DeriveFromEntry';
-    $this->serversData = 'ldapauthor1.ldap_server.test_data.inc';
-    $this->authorizationData = 'Derivations.ldap_authorization_og.inc';
-    $this->authenticationData = 'ldapauthor1.ldap_authentication.test_data.inc';
-    $this->consumerType = 'og_group';
-    $this->prepTestData('ad_authorization');
+  $this->prepTestData(
+    LDAP_TEST_LDAP_NAME,
+    array($sid),
+    'provisionToDrupal',
+    'default',
+    'og_group15'
+    );
 
-    $og_auth = new LdapAuthorizationConsumerOG('og_group');
-    $this->assertTrue(is_object($og_auth),
-     'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
 
-    list($og_knitters, $og_knitters_node) = ldap_authorization_og_get_group('knitters', 'group_name', 'object');
-    list($og_bakers, $og_bakers_node) = ldap_authorization_og_get_group('bakers', 'group_name', 'object');
-    list($og_butchers, $og_butchers_node) = ldap_authorization_og_get_group('butchers', 'group_name', 'object');
-    $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
-    $member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
-    $admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
-    $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers->gid, $member_rid);
-    $butcher_admin_id = ldap_authorization_og_authorization_id($og_butchers->gid, $admin_rid);
-    $knitters_nonmember_id = ldap_authorization_og_authorization_id($og_knitters->gid, $anonymous_rid);
-    $knitters_member_id = ldap_authorization_og_authorization_id($og_knitters->gid, $member_rid);
-    /**
-      verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniveristy,dc=edu', special guests, guest accounts
-      should yield: 'gid=3,rid=3', 'gid=3,rid=2', group-name=knitters,role-name=member
-     */
-    $verykool = user_load_by_name('verykool');
-    if (is_object($verykool)) {
-      user_delete($verykool->uid);
-    }
+  $og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
 
-    $edit = array(
-      'name' => 'verykool',
-      'pass' => 'goodpwd',
+  list($og_gryffindor_group, $og_gryffindor_node) =  ldap_authorization_og1_get_group('gryffindor', 'group_name');
+  list($og_students_group, $og_students_node) =  ldap_authorization_og1_get_group('students', 'group_name');
+  list($og_faculty_group, $og_faculty_node) =  ldap_authorization_og1_get_group('faculty', 'group_name');
+  list($og_users_group, $og_users_node) =  ldap_authorization_og1_get_group('users', 'group_name');
+  list($og_slytherin_group, $og_slytherin_node) =  ldap_authorization_og1_get_group('slytherin', 'group_name');
+  $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
+  $member_rid =    ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
+  $admin_rid =     ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
+  $dungeon_master_rid =     ldap_authorization_og_rid_from_role_name('dungeon-master');
+  $time_keeper =     ldap_authorization_og_rid_from_role_name('time-keeper');
+  $students_membership_consumer_id = $og_students_group->gid .'-'. $member_rid;
+  $gryffindor_membership_consumer_id = $og_gryffindor_group->gid .'-'. $member_rid;
+
+  /**
+   * LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed
+   */
+
+  list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
+  $this->assertTrue(
+    $props_set_correctly,
+    'Authorization Configuration set correctly in test setup',
+    'LDAP_authorz.Flags.setup.0'
+  );
+  if (!$props_set_correctly) {
+    debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
+  }
+
+  $test_id = 'LDAP_authorz.Flags.status.0';
+  $this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0;
+  $this->consumerAdminConf['og_group']->status = 0;
+  $this->consumerAdminConf['og_group']->save();
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+  $hpotter = $this->deleteAndRecreateUser('hpotter');
+
+  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group');  // just see if the correct ones are derived.
+  $groups1 = $new_authorizations['og_group'];
+  $this->assertTrue(
+    count($new_authorizations['og_group']) == 0,
+    'disabled consumer configuration disallows authorizations.',
+    $test_id
+  );
+
+
+  $test_id = 'LDAP_authorz.Flags.status.1';
+  $this->consumerAdminConf['og_group']->status = 1;
+  $this->consumerAdminConf['og_group']->save();
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+
+  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'test_query', 'og_group');  // just see if the correct ones are derived.
+  $correct_groups = !empty($new_authorizations['og_group'][$students_membership_consumer_id])
+    && !empty($new_authorizations['og_group'][$gryffindor_membership_consumer_id]);
+  $this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', $test_id);
+  if (!$correct_groups) {
+    debug($test_id . "new_authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:"); debug($new_authorizations['og_group']); debug($notifications);
+  }
+
+}
+
+
+
+  /**
+ * authorization configuration flags tests clumped together
+ */
+
+function testLogons() {
+
+  $sid = 'activedirectory1';
+
+  $this->prepTestData(
+    LDAP_TEST_LDAP_NAME,
+    array($sid),
+    'provisionToDrupal',
+    'default',
+    'og_group15'
     );
 
-    $this->drupalPost('user', $edit, t('Log in'));
-    $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
-    $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('verykool'), 'Ldap user properly authmapped.', $this->ldapTestId);
-
-    $verykool = user_load_by_name('verykool');
-    $existing_authorizations = $og_auth->usersAuthorizations($verykool);
-    // debug('testAuthorizationsOnLogon verykool existing_authorizations'); debug($existing_authorizations);
-    $correct_roles = in_array($butcher_member_id, $existing_authorizations) && in_array($knitters_member_id, $existing_authorizations);
-    if (!$correct_roles) {
-      debug('verykool og authorizations'); debug($existing_authorizations);
-    }
-    $this->assertTrue($correct_roles, 'verykool granted butcher and knitter memberships', $this->ldapTestId );
+  $og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
+  list($og_gryffindor_group, $og_gryffindor_node) =  ldap_authorization_og1_get_group('gryffindor', 'group_name'); //1
+  list($og_students_group, $og_students_node) =  ldap_authorization_og1_get_group('students', 'group_name'); //4
+  list($og_faculty_group, $og_faculty_node) =  ldap_authorization_og1_get_group('faculty', 'group_name'); // 7
+  list($og_users_group, $og_users_node) =  ldap_authorization_og1_get_group('users', 'group_name'); //9
+  list($og_hufflepuff_group, $og_hufflepuff_node) =  ldap_authorization_og1_get_group('hufflepuff', 'group_name');
+  list($og_slytherin_group, $og_slytherin_node) =  ldap_authorization_og1_get_group('slytherin', 'group_name');
+
+
+  $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
+  $member_rid =    ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
+  $admin_rid =     ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
+  $dungeon_master_rid =     ldap_authorization_og_rid_from_role_name('dungeon-master');
+  $time_keeper =     ldap_authorization_og_rid_from_role_name('time-keeper');
+  $students_membership_consumer_id = $og_students_group->gid .'-'. $member_rid;
+  $gryffindor_membership_consumer_id = $og_gryffindor_group->gid .'-'. $member_rid;
+  $slytherin_membership_consumer_id = $og_slytherin_group->gid .'-'. $member_rid;
+  $hufflepuff_membership_consumer_id = $og_hufflepuff_group->gid .'-'. $member_rid;
+
+  debug(
+    "students_membership_consumer_id = $students_membership_consumer_id
+    gryffindor_membership_consumer_id  = $gryffindor_membership_consumer_id
+    slytherin_membership_consumer_id = $slytherin_membership_consumer_id
+    hufflepuff_membership_consumer_id = = $hufflepuff_membership_consumer_id "
+  );
+
+  list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group15');
+  $this->assertTrue(
+    $props_set_correctly,
+    'Authorization Configuration set correctly in test setup',
+    'LDAP_authorz.Flags.setup.0'
+  );
+  if (!$props_set_correctly) {
+    debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
+  }
 
-    $this->drupalGet('user/logout');
+  $hpotter = $this->deleteAndRecreateUser('hpotter');
 
+  /**
+   * LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled
+   */
+  $test_id = 'LDAP_authorz.og.Flags.synchOnLogon.0';
+  $this->consumerAdminConf['og_group']->synchOnLogon = 0;
+  $this->consumerAdminConf['og_group']->save();
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+
+  $edit = array(
+    'name' => 'hpotter',
+    'pass' => 'goodpwd',
+  );
+  $this->drupalPost('user', $edit, t('Log in'));
+  $this->assertText(
+    t('Member for'),
+    'New Ldap user with good password authenticated.',
+    $test_id
+  );
+  $this->assertTrue(
+    $this->testFunctions->ldapUserIsAuthmapped('hpotter'),
+    'Ldap user properly authmapped.',
+    $test_id
+  );
+  $hpotter = user_load_by_name('hpotter');
+  $hpotter = user_load($hpotter->uid, TRUE);
+  $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $this->drupalGet('user/logout');
+  $success = (count($authorizations) == 0);
+  $this->assertTrue($success, 'No authorizations granted when synchOnLogon=0', $test_id);
+  if (!$success) {
+    debug($test_id . "authorizations:"); debug($authorizations); debug($hpotter->data);
+  }
 
-    /**
-     *   jkool:  guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniveristy,dc=edu
-     *    should yield: 'gid=3,rid=2', 'gid=3,rid=3'
-     */
+  $test_id = 'LDAP_authorz.og.Flags.synchOnLogon.1';
+  $this->consumerAdminConf['og_group']->synchOnLogon = 1;
+  $this->consumerAdminConf['og_group']->save();
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group'); // flushes object static cache
+  $hpotter = $this->deleteAndRecreateUser('hpotter');
+
+  $edit = array(
+    'name' => 'hpotter',
+    'pass' => 'goodpwd',
+  );
+  $this->drupalPost('user', $edit, t('Log in'));
+  $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $test_id);
+  $hpotter = user_load_by_name('hpotter');
+  $hpotter = user_load($hpotter->uid, TRUE);
+  $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
+  $success = in_array($students_membership_consumer_id, $authorizations) && in_array($gryffindor_membership_consumer_id, $authorizations);
+  $this->drupalGet('user/logout');
+  $this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
+  if (!$success) {
+    debug($test_id . "authorizations $gryffindor_membership_consumer_id and $students_membership_consumer_id not found in:");
+    debug($authorizations); debug("hpotter->data"); debug($hpotter->data);
+  }
+
+  $user_data = $hpotter->data['ldap_authorizations']['og_group'];
+  $success = (isset($user_data[$students_membership_consumer_id]) &&
+             isset($user_data[$gryffindor_membership_consumer_id]) &&
+             isset($user_data[$students_membership_consumer_id]['date_granted']) &&
+             isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
+             isset($user_data[$students_membership_consumer_id]['date_granted']) &&
+             isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
+             $user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id);
+  $this->assertTrue($success, 'Correct User Data Authorization Records', $test_id);
 
-    $user = $this->drupalCreateUser(array());
-    $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' =>  'jkool@guests.myuniversity.edu'), TRUE, $user);
-    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query');  // just see if the correct ones are derived.
-   // debug('new_authorizations'); debug($new_authorizations);
-    user_delete($jkool->uid);
 
+
+  /** test multiple logon scenario.  this deals with a variety of concerns such as caching of
+   * user and og data
+   */
+  $test_id = 'LDAP_authorz.og.mulitplelogons';
+  $this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
+  $this->consumerAdminConf['og_group']->synchOnLogon = 1;
+  $this->consumerAdminConf['og_group']->status = 1;
+  $this->consumerAdminConf['og_group']->save();
+  $hpotter = $this->deleteAndRecreateUser('hpotter');
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+
+  $this->drupalGet('user/logout');
+  $pre_authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $this->assertTrue(count($pre_authorizations) == 0, 'Setup correct for test '. $test_id, $test_id);
+
+  foreach(array(1,2,3) as $i) {
+    $this->drupalGet('user/logout');
     $edit = array(
-       'name' => 'jkool',
-       'pass' => 'goodpwd',
+      'name' => 'hpotter',
+      'pass' => 'goodpwd',
     );
-
     $this->drupalPost('user', $edit, t('Log in'));
-    $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
-    $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Ldap user properly authmapped.', $this->ldapTestId);
-
-    $jkool = user_load_by_name('jkool');
-    $existing_authorizations = $og_auth->usersAuthorizations($jkool);
-  //  debug('testAuthorizationsOnLogon jkool existing_authorizations');
-  //  debug($existing_authorizations);
-  //  debug('available consumer ids: ');
-  //    debug($og_auth->availableConsumerIDs());
-  //    debug($og_auth->convertToFriendlyAuthorizationIds($og_auth->availableConsumerIDs()));
-    $correct_roles = in_array($butcher_admin_id, $existing_authorizations);
-    if (!$correct_roles) {
-      debug('jkool og authorizations'); debug($existing_authorizations);
+    $this->assertText(t('Member for'), "Repeated logon grant test i=$i", $test_id);
+    $hpotter = user_load_by_name('hpotter');
+    $hpotter = user_load($hpotter->uid, TRUE);
+
+    $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+    $success = in_array($students_membership_consumer_id, $authorizations) &&
+      in_array($gryffindor_membership_consumer_id, $authorizations);
+    $this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
+    if (!$success) {
+      debug("$test_id i=$i"); debug($hpotter->data); debug($og_group_consumer->usersAuthorizations($hpotter));
     }
-    $this->assertTrue($correct_roles, 'jkool granted admin role', $this->ldapTestId );
-
+    $this->UIGroupMembershipTest($hpotter, $og_gryffindor_node, $test_id);
+    $this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
+    // also need to assert user->data['ldap_authorizations']['og_group'] array
+
+    $this->assertTrue($success, 'Correct Authorizations on user logon', $test_id);
+    $user_data = $hpotter->data['ldap_authorizations']['og_group'];
+    $success = (isset($user_data[$students_membership_consumer_id]) &&
+                 isset($user_data[$gryffindor_membership_consumer_id]) &&
+                 isset($user_data[$students_membership_consumer_id]['date_granted']) &&
+                 isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
+                 isset($user_data[$students_membership_consumer_id]['date_granted']) &&
+                 isset($user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case']) &&
+                 $user_data[$gryffindor_membership_consumer_id]['consumer_id_mixed_case'] == $gryffindor_membership_consumer_id);
+    $this->assertTrue($success, 'Correct User Data Authorization Records', $test_id);
     $this->drupalGet('user/logout');
+  }
 
-
+   /**
+   * LDAP_authorz.Flags.revokeLdapProvisioned: test flag for
+   *   removing manually granted roles
+   *
+   *   $this->revokeLdapProvisioned == 1 : Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.
+   *
+   *   grant groups via ldap and some not manually,
+   *   then logon again and make sure the ldap provided roles are revoked and the drupal ones are not revoked
+   *
+   */
+  $test_id = 'LDAP_authorz.og.Flags.revokeLdapProvisioned.1';
+  $this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
+  $this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
+  $this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
+  $this->consumerAdminConf['og_group']->save();
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+  $hpotter = $this->deleteAndRecreateUser('hpotter');
+  $edit = array(
+    'name' => 'hpotter',
+    'pass' => 'goodpwd',
+  );
+
+  // group to 2 "undeserved" groups, but only ldap associate 1
+  $hpotter = $this->manualOgGroup($hpotter, $og_slytherin_group->gid);
+  $hpotter = $this->manualOgGroup($hpotter, $og_hufflepuff_group->gid);
+  $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $this->assertTrue(
+    in_array($slytherin_membership_consumer_id, $authorizations) &&
+    in_array($hufflepuff_membership_consumer_id, $authorizations)
+    , "prep for $test_id", $test_id);
+
+
+ // debug(); debug("4.1 hpotter->data"); debug($hpotter->data);
+ // $undeserved_consumer_id = $og_slytherin_group->gid . '-' . $member_rid;
+  $user_edit['data'] = $hpotter->data;
+  $user_edit['data']['ldap_authorizations']['og_group'][$slytherin_membership_consumer_id] =
+    array(
+      array('date_granted' => 1304216778),
+      array('consumer_id_mixed_case' => $slytherin_membership_consumer_id),
+    );
+  $hpotter = user_save($hpotter, $user_edit);
+
+  $this->drupalPost('user', $edit, t('Log in'));
+  $this->assertText(t('Member for'),'New Ldap user with good password authenticated.',$test_id);
+  $hpotter = user_load_by_name('hpotter');
+  $hpotter = user_load($hpotter->uid, TRUE);
+  $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $this->UIGroupMembershipTest($hpotter, $og_hufflepuff_node, $test_id);
+  $this->UIGroupMembershipTest($hpotter, $og_slytherin_node, $test_id, FALSE);
+  $this->assertTrue(
+    !in_array($slytherin_membership_consumer_id, $authorizations) &&
+    in_array($hufflepuff_membership_consumer_id, $authorizations)
+    , "Ldap granted og revoked when not deserved in ldap, manual og membership retained.", $test_id);
+
+  // assert that slytherin membership removed, but hufflepuff kept
+  debug($authorizations);
+  debug("4. hpotter->data"); debug($hpotter->data);
+
+   /**
+   * LDAP_authorz.Flags.regrantLdapProvisioned
+   * $this->regrantLdapProvisioned == 1 :
+   *   Re grant !consumer_namePlural previously granted
+   *   by LDAP Authorization but removed manually.
+   *
+   * - manually remove ldap granted og membership
+   * - logon
+   * - check if regranted
+   */
+  $test_id = 'LDAP_authorz.Flags.regrantLdapProvisioned=1';
+  $this->drupalGet('user/logout');
+  $this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
+  $this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
+  $this->consumerAdminConf['og_group']->save();
+  $og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+  $hpotter = user_load($hpotter->uid, TRUE);  // do not recreate hpotter user because using date from last test
+
+  // ungroup hpotter from students
+  $hpotter = og_ungroup($og_students_group->gid, 'user', $hpotter, TRUE);
+  // confirm doesn't have authorization
+  $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $this->assertTrue(!in_array($students_membership_consumer_id, $authorizations), 'hpotter student membership removed before testing regrant', $test_id);
+  /**
+   * logon
+   */
+  $this->drupalPost('user', $edit, t('Log in'));
+
+  // assert students membership regranted
+  $hpotter = user_load($hpotter->uid, TRUE);
+  $authorizations = $og_group_consumer->usersAuthorizations($hpotter);
+  $success = in_array($students_membership_consumer_id, $authorizations);
+  $this->UIGroupMembershipTest($hpotter, $og_students_node, $test_id);
+  $this->assertTrue($success, "regrant Ldap Provisioned og groups ($students_membership_consumer_id) that were manually revoked", $test_id);
+  if (!$success) {
+    debug($test_id);
+    debug("students_membership_consumer_id=$students_membership_consumer_id");
+    debug('hpotter->data'); debug($hpotter->data);
+    debug('current authorizations'); debug($authorizations);
   }
+  debug("5. hpotter->data"); debug($hpotter->data);
+
+
+  /**
+   * LDAP_authorz.onlyLdapAuthenticated=1: create normal user and
+   * apply authorization query.  should return no og groups
+   *
+   * THIS NEEDS TO BE REWORKED.  ITS A MEANINGLESS TEST IN CURRENT STATE
+   * should
+   * A. leave on mixed mode ldap authentication
+   *   logon with non ldap password and receive no authorizations
+   *
+   * B.  leave on mixed mode authentication and logon with ldap
+   *    groups should be granted
+   *
+   */
+  //$test_id = 'LDAP_authorz.onlyLdapAuthenticated.1';
+  //$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1;
+  //$this->consumerAdminConf['og_group']->status = 1;
+  //$this->consumerAdminConf['og_group']->save();
+  //$og_group_consumer = ldap_authorization_get_consumer_object('og_group');
+  //
+  //$hpotter = $this->deleteAndRecreateUser('hpotter');
+  //
+  //list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group');  // just see if the correct ones are derived.
+  //$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0);
+  //$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', $test_id);
+  //$hpotter = user_load($hpotter->uid, TRUE);
+  //if (!$success) {
+  //  debug($test_id . "new_authorizations:"); debug($new_authorizations);
+  //  debug($this->testFunctions->ldapUserIsAuthmapped('hpotter'));
+  //  debug($notifications);
+  //  debug($hpotter);
+  //}
+
+}
+
 
 }
diff --git a/ldap_authorization/tests/Og2Tests.test b/ldap_authorization/tests/Og2Tests.test
index 84d93a0..416ea74 100644
--- a/ldap_authorization/tests/Og2Tests.test
+++ b/ldap_authorization/tests/Og2Tests.test
@@ -52,7 +52,7 @@ class LdapAuthorizationOg2Tests extends LdapTestCase {
 
     $this->user1 = $this->drupalCreateUser();
     $this->groups = array();
-    $this->prepTestData('hogwarts', array('activedirectory1'));
+    $this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
 
 
 
@@ -67,8 +67,8 @@ class LdapAuthorizationOg2Tests extends LdapTestCase {
 
     // create og group for each group in group csv
 
-    $this->testFunctions->populateFakeLdapServerData('hogwarts', 'activedirectory1');
-    $this->testFunctions->getCsvLdapData('hogwarts');
+    $this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1');
+    $this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME);
     foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
       $label = $group['cn'];
       $settings = array();
@@ -107,8 +107,7 @@ class LdapAuthorizationOg2Tests extends LdapTestCase {
 
     $this->createCustomRoles();
     $all_roles = og_roles($this->groupEntityType, $this->groupBundle, 0, FALSE, TRUE);
-    debug('testBasicFunctionsAndApi:all_roles'); debug($all_roles);
-    //
+
     $this->ldapTestId = $this->module_name . ': setup success';
     // just to give warning if setup doesn't succeed.  may want to take these out at some point.
     $setup_success = (
@@ -291,7 +290,7 @@ function testFlags() {
 
   $sid = 'activedirectory1';
   $this->prepTestData(
-    'hogwarts',
+    LDAP_TEST_LDAP_NAME,
     array($sid),
     'provisionToDrupal',
     'default',
@@ -313,6 +312,7 @@ function testFlags() {
     debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
   }
 
+  $this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0;
   $this->consumerAdminConf['og_group']->status = 0;
   $this->consumerAdminConf['og_group']->save();
 
@@ -328,13 +328,27 @@ function testFlags() {
     'LDAP_authorz.Flags.status.0'
   );
 
+  list($og_gryffindor_node, $group_entity_id) =  ldap_authorization_og2_get_group_from_name($this->groupEntityType, 'gryffindor');
+  list($og_students_node, $group_entity_id)   =  ldap_authorization_og2_get_group_from_name($this->groupEntityType, 'students');
+  list($og_faculty_node, $group_entity_id)    =  ldap_authorization_og2_get_group_from_name($this->groupEntityType, 'faculty');
+
+  $anonymous_rid = ldap_authorization_og2_rid_from_role_name($this->groupEntityType, $this->groupBundle, $og_gryffindor_node->nid, OG_ANONYMOUS_ROLE);
+  $member_rid =    ldap_authorization_og2_rid_from_role_name($this->groupEntityType, $this->groupBundle, $og_students_node->nid,   OG_AUTHENTICATED_ROLE);
+  $admin_rid =     ldap_authorization_og2_rid_from_role_name($this->groupEntityType, $this->groupBundle, $og_faculty_node->nid, OG_ADMINISTRATOR_ROLE);
+  $dungeon_master_rid =     ldap_authorization_og2_rid_from_role_name($this->groupEntityType, $this->groupBundle, $og_faculty_node->nid, 'dungeon-master');
+  $time_keeper =     ldap_authorization_og2_rid_from_role_name($this->groupEntityType, $this->groupBundle, $og_faculty_node->nid, 'time-keeper');
+  $faculty_member_consumer_id = ldap_authorization_og_authorization_id($og_faculty_node->nid, $member_rid, 'node');
+  $faculty_dungeon_master_consumer_id = ldap_authorization_og_authorization_id($og_faculty_node->nid, $dungeon_master_rid, 'node');
+  $students_member_consumer_id = ldap_authorization_og_authorization_id($og_students_node->nid, $member_rid, 'node');
+  $gryffindor_member_consumer_id = ldap_authorization_og_authorization_id($og_gryffindor_node->nid, $member_rid, 'node');
 
   $this->consumerAdminConf['og_group']->status = 1;
   $this->consumerAdminConf['og_group']->save();
   list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'og_group');  // just see if the correct ones are derived.
   //debug('ldap_authorizations_user_authorizations enabled: '); debug($new_authorizations);  debug($notifications);
 
-  $correct_groups = !empty($new_authorizations['og_group']['node:students:member']) && !empty($new_authorizations['og_group']['node:gryffindor:member']);
+  $correct_groups = !empty($new_authorizations['og_group'][$students_member_consumer_id]) &&
+    !empty($new_authorizations['og_group'][$gryffindor_member_consumer_id]);
   $this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', 'LDAP_authorz.Flags.status.1');
   if (!$correct_groups) {
     debug('LDAP_authorz.Flags.enable.1 roles with enabled'); debug($new_authorizations);
diff --git a/ldap_feeds/ldap_feeds.module b/ldap_feeds/ldap_feeds.module
index 7edd266..f74db6e 100644
--- a/ldap_feeds/ldap_feeds.module
+++ b/ldap_feeds/ldap_feeds.module
@@ -1,5 +1,13 @@
 <?php
 
+/**
+ * Implements hook_ctools_plugin_api().
+ */
+function ldap_feeds_ctools_plugin_api($owner, $api) {
+  if ($owner == 'feeds' && $api == 'plugins') {
+  return array('version' => 1);
+  }
+}
 
 /**
  * Implements hook_feeds_plugins().
@@ -84,9 +92,9 @@ function ldap_feeds_drupal_user_attributes() {
  */
 
 function ldap_feeds_form_feeds_ui_mapping_form_alter(&$form, &$form_state, $form_id) {
-// dpm($form); dpm($form_state);
+
   $importer = feeds_importer_load($form['#importer']);
-  //dpm($importer->config['fetcher']);
+
   if ($importer->config['fetcher']['plugin_key'] == 'FeedsDrupalUserLdapEntryFetcher') {
     ldap_feeds_drupal_user_legend($form, $importer);
   }
@@ -146,6 +154,9 @@ function ldap_feeds_drupal_user_legend(&$form, $importer) {
       $account = user_load_by_name($ldap_server->testingDrupalUsername);
 
       foreach ($drupal_user_attributes as $attr_name => $attr_conf) {
+        if ($attr_name == 'count') {
+          continue;
+        }
         $id = $attr_conf['token'];
         if ($account) {
           $sources[$id] = array('name' => array('#markup' => $id), 'description' => array('#markup' => $account->{$attr_name}));
diff --git a/ldap_help/example_features/ldap_ad_basic-7.x-2.0/ldap_ad_basic/ldap_ad_basic.features.inc b/ldap_help/example_features/ldap_ad_basic-7.x-2.0/ldap_ad_basic/ldap_ad_basic.features.inc
index 6f95d36..ec96a1e 100644
--- a/ldap_help/example_features/ldap_ad_basic-7.x-2.0/ldap_ad_basic/ldap_ad_basic.features.inc
+++ b/ldap_help/example_features/ldap_ad_basic-7.x-2.0/ldap_ad_basic/ldap_ad_basic.features.inc
@@ -9,15 +9,15 @@
  */
 function ldap_ad_basic_ctools_plugin_api() {
   list($module, $api) = func_get_args();
-  if ($module == "ldap_authorization" && $api == "ldap_authorization") {
+  if ($module == 'ldap_authorization' && $api == 'ldap_authorization') {
     return array("version" => "1");
   }
   list($module, $api) = func_get_args();
-  if ($module == "ldap_servers" && $api == "ldap_servers") {
-    return array("version" => "1");
+  if ($module == 'ldap_servers' && $api == 'ldap_servers') {
+    return array('version' => "1");
   }
   list($module, $api) = func_get_args();
-  if ($module == "strongarm" && $api == "strongarm") {
-    return array("version" => "1");
+  if ($module == 'strongarm' && $api == 'strongarm') {
+    return array('version' => '1');
   }
 }
diff --git a/ldap_help/ldap_help.examples.inc b/ldap_help/ldap_help.examples.inc
new file mode 100644
index 0000000..96b2e1d
--- /dev/null
+++ b/ldap_help/ldap_help.examples.inc
@@ -0,0 +1,80 @@
+<?php
+
+/**
+ * @file
+ * The ldap_help issues provides a filtered watchdog view for ldap issues.
+ *
+ */
+
+/**
+ * the goal of this function is to illustrate samples from various ldap
+ * implementations (AD, openldap, etc) alongside default/common
+ * ldap module configurations.  The data for the ldaps and the configuration
+ * should be the same as is used in the simpletets.
+ */
+function ldap_help_examples() {
+  module_load_include('php', 'ldap_test', 'LdapTestFunctions.class');
+  $testFunctions = new LdapTestFunctions();
+  drupal_add_library('system', 'drupal.collapse');
+  $sample_ldaps = array(
+   'activedirectory' => 'activedirectory1',
+   'openldap' =>  'openldap1',
+  );
+
+
+  $form = array();
+  foreach ($sample_ldaps as  $ldap_type =>  $sample_ldap_id) {
+
+    $sample_ldap_id = $sample_ldaps[$ldap_type];
+    $testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, $sample_ldap_id);
+    $data = $testFunctions->data['ldap_servers'][$sample_ldap_id]['ldap'];
+    $form[$sample_ldap_id] =  array(
+        '#type' => 'fieldset',
+        '#title' => $ldap_type,
+        '#description' => '',
+        '#attributes' => array('class' => array('collapsible', 'collapsed')),
+        '#collapsible' => TRUE,
+        '#collapsed' => TRUE,
+      );
+    foreach (array('people', 'groups') as $ou) {
+      $form[$sample_ldap_id][$ou] =  array(
+        '#type' => 'fieldset',
+        '#title' => "ou=$ou",
+        '#description' => '',
+        '#attributes' => array('class' => array('collapsible', 'collapsed')),
+        '#collapsible' => TRUE,
+        '#collapsed' => TRUE,
+      );
+    }
+
+    foreach ($data as $dn => $item) {
+      $ou = ldap_servers_get_all_rdn_values_from_dn($dn, 'ou');
+      $ou = $ou[0];
+      unset($item['count']);
+
+      $li = array();
+      foreach ($item as $attr => $values) {
+        unset($values['count']);
+        if (count($values) == 1) {
+          $li[] = "$attr: " . $values[0] . '<br/>';
+        }
+        else {
+          $li[]  = theme('item_list', array('items' => $values , 'type' => 'ul', 'title' => $attr));
+        }
+      }
+      $form[$sample_ldap_id][$ou][$dn] =  array(
+        '#type' => 'fieldset',
+        '#attributes' => array('class' => array('collapsible', 'collapsed')),
+        '#title' => $dn,
+        '#collapsible' => TRUE,
+        '#collapsed' => TRUE,
+      );
+      $form[$sample_ldap_id][$ou][$dn][] =  array(
+        '#markup' => theme('item_list', array('items' => $li , 'type' => 'ul', 'title' => '')),
+      );
+
+    }
+  }
+
+  return drupal_render($form);
+}
diff --git a/ldap_help/ldap_help.info b/ldap_help/ldap_help.info
index 940cff3..e693f0f 100644
--- a/ldap_help/ldap_help.info
+++ b/ldap_help/ldap_help.info
@@ -4,3 +4,4 @@ package = Lightweight Directory Access Protocol
 core = 7.x
 
 dependencies[] = ldap_servers
+dependencies[] = ldap_test
\ No newline at end of file
diff --git a/ldap_help/ldap_help.install b/ldap_help/ldap_help.install
index a547563..f3a8bd8 100644
--- a/ldap_help/ldap_help.install
+++ b/ldap_help/ldap_help.install
@@ -12,4 +12,6 @@
 function ldap_help_uninstall() {
   //$result = db_query('DELETE FROM {variables} WHERE name like "ldap_authentication_%"');
   variable_del('ldap_help_watchdog_detail');
+  variable_del('ldap_help_user_data_clear');
+  variable_del('ldap_help_user_data_clear_set_date');
 }
diff --git a/ldap_help/ldap_help.module b/ldap_help/ldap_help.module
index 1c4496a..d1409b0 100644
--- a/ldap_help/ldap_help.module
+++ b/ldap_help/ldap_help.module
@@ -57,11 +57,23 @@ function ldap_help_menu() {
     'weight' => 7,
   );
 
+
+  $items['admin/config/people/ldap/help/examples'] = array(
+    'title' => 'Sample LDAPs',
+    'description' => 'Sample LDAPs from Documentation',
+    'page callback' => 'ldap_help_examples',
+    'access arguments' => array('administer site configuration'),
+    'file' => 'ldap_help.examples.inc',
+    'type' => MENU_LOCAL_TASK,
+    'weight' => 7,
+  );
+
+
   return $items;
 }
 
 function ldap_help_form_ldap_servers_settings_alter(&$form, &$form_state) {
-  $form['watchdog_detail'] = array('#type' => 'fieldset', '#title' => t('Log detailed LDAP Actions'));
+  $form['watchdog_detail'] = array('#type' => 'fieldset', '#title' => t('Development'));
   $form['watchdog_detail']['watchdog_detail'] = array(
     '#type' => 'checkbox',
     '#title' => t('Enabled Detailed LDAP Watchdog logging.  This is generally for
@@ -69,6 +81,19 @@ function ldap_help_form_ldap_servers_settings_alter(&$form, &$form_state) {
        on.'),
     '#default_value' => variable_get('ldap_help_watchdog_detail', 0),
   );
+ $date = variable_get('ldap_help_user_data_clear_set_date', time());
+ $form['watchdog_detail']['user_data_clear'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Discard and ignore user authorization data stored by ldap module in user records data before %date.
+      This is useful for implementers of development versions of the module
+      that may have corrupt user data from the past.', array('%date' => date('Y-m-d H:i:s', $date))),
+    '#default_value' => variable_get('ldap_help_user_data_clear', 0),
+  );  //array('%date' => date('Y-m-d H:i:s', $date))
+ $form['watchdog_detail']['user_data_clear_date'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Reset the clear date to the current date %date', array('%date' => date('Y-m-d H:i:s'))),
+    '#default_value' => variable_get('ldap_help_user_data_clear_set_date', 0),
+  );
   $form['#submit'][] = 'ldap_help_watchdog_detail_submit';
 }
 
@@ -79,6 +104,12 @@ function ldap_help_watchdog_detail_submit($form, &$form_state) {
     if ($watchdog_detail != variable_get('ldap_help_watchdog_detail', 0)) {
       variable_set('ldap_help_watchdog_detail', $watchdog_detail);
     }
+    if ($form_state['values']['user_data_clear'] != variable_get('ldap_help_user_data_clear', 0)) {
+      variable_set('ldap_help_user_data_clear', $form_state['values']['user_data_clear']);
+    }
+    if ($form_state['values']['user_data_clear_date'] != 0) {
+      variable_set('ldap_help_user_data_clear_set_date', time());
+    }
   }
 }
 
diff --git a/ldap_help/ldap_help.resources.inc b/ldap_help/ldap_help.resources.inc
index d466415..fef50eb 100644
--- a/ldap_help/ldap_help.resources.inc
+++ b/ldap_help/ldap_help.resources.inc
@@ -11,8 +11,8 @@ function ldap_help_main() {
 
   <h3>LDAP Module Resources</h3>
   <ul>
-    <li>The <a href="http://drupal.org/node/997082">Drupal.org Documentation</a> covers basics of module.</li>
-    <li>Search <a href="http://drupal.org/project/issues/search/ldap">issue queue</a>  For best results,
+    <li>The <a href="http://drupal.org/node/997082">Drupal.org Documentation</a> covers basics of the module.</li>
+    <li>Search the <a href="http://drupal.org/project/issues/search/ldap"> issue queue</a>;  For best results,
     select version and category before searching.</li>
     <li><a href="http://drupal.org/project/issues/ldap">View all issues</a></li>
     <li><a href="http://docs.moodle.org/20/en/LDAP_authentication">Moodle LDAP module documentation</a> is
@@ -20,8 +20,9 @@ function ldap_help_main() {
   </ul>
 
   <h3>Your local LDAP Documentation and Administrators</h3>
-  <p>You would be surprised how much is documented about your local ldap.  Find your organization's LDAP documentation and
-     support staff before you stuggle blindly.  Know if ldap or ldaps is used.  Know if an odd port is used.
+  <p>You would be surprised how much is documented about your local LDAP.  Find your organization's LDAP documentation and
+     support staff before you struggle blindly.  Know whether LDAP or LDAPS is used.  Know if an odd port is used.
+     A sample email to an LDAP Administrator is available at <a href="http://drupal.org/node/1925794">http://drupal.org/node/1925794</a>
      Know how service accounts are expected to be used.
      Below are examples of ldap implementation documentation:</p>
   <ul>
diff --git a/ldap_query/ldap_query.install b/ldap_query/ldap_query.install
index 05cf72d..7f97018 100644
--- a/ldap_query/ldap_query.install
+++ b/ldap_query/ldap_query.install
@@ -52,7 +52,7 @@ function ldap_query_schema() {
       ),
     ),
   );
-  module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
+  module_load_include('module', 'ldap_servers');
   ldap_servers_module_load_include('php', 'ldap_query', 'LdapQuery.class');
   $fields = LdapQuery::fields();
   foreach ($fields as $field_id => $field) {
diff --git a/ldap_servers/LdapServer.class.php b/ldap_servers/LdapServer.class.php
index f1e5516..7735bec 100644
--- a/ldap_servers/LdapServer.class.php
+++ b/ldap_servers/LdapServer.class.php
@@ -39,6 +39,7 @@ class LdapServer {
   public $account_name_attr; //lowercase
   public $mail_attr; //lowercase
   public $mail_template;
+  public $picture_attr;
   public $unique_persistent_attr; //lowercase
   public $unique_persistent_attr_binary = FALSE;
   public $ldapToDrupalUserPhp;
@@ -101,6 +102,7 @@ class LdapServer {
     'account_name_attr'  => 'account_name_attr',
     'mail_attr'  => 'mail_attr',
     'mail_template'  => 'mail_template',
+    'picture_attr'  => 'picture_attr',
     'unique_persistent_attr' => 'unique_persistent_attr',
     'unique_persistent_attr_binary' => 'unique_persistent_attr_binary',
     'ldap_to_drupal_user'  => 'ldapToDrupalUserPhp',
@@ -156,9 +158,9 @@ class LdapServer {
           $server_record = $record;
         }
       }
-    //  debug('db record'); debug($server_record);
     }
 
+    $server_record_bindpw = NULL;
     if (!$server_record) {
       $this->inDatabase = FALSE;
     }
@@ -166,34 +168,43 @@ class LdapServer {
       $this->inDatabase = TRUE;
       $this->sid = $sid;
       $this->detailedWatchdogLog = variable_get('ldap_help_watchdog_detail', 0);
-     // debug('this server_record'); debug($server_record);
       foreach ($this->field_to_properties_map() as $db_field_name => $property_name ) {
         if (isset($server_record->$db_field_name)) {
           $this->{$property_name} = $server_record->$db_field_name;
         }
       }
-     // debug('this 2'); debug($this);
       $server_record_bindpw = property_exists($server_record, 'bindpw') ? $server_record->bindpw : '';
-      $this->initDerivedProperties($server_record_bindpw);
-    //  debug('this 3'); debug($this);
     }
-
+    $this->initDerivedProperties($server_record_bindpw);
   }
 
   /**
-   * this method sets properties that don't directly map from db record
+   * this method sets properties that don't directly map from db record.  it is split out so it can be shared with ldapServerTest.class.php
    */
   protected function initDerivedProperties($bindpw) {
 
-   // debug('initDerivedProperties'); debug($this->basedn);
-    if (!is_array($this->basedn)) {
+    // get this->basedn in array format
+    if (!$this->basedn) {
+      $this->basedn = array();
+    }
+    elseif (is_array($this->basedn)) { // do nothing
+    }
+    else {
       $basedn_unserialized = @unserialize($this->basedn);
-     // debug('basedn_unserialized'); debug($basedn_unserialized);
-      $this->basedn = $basedn_unserialized;
+      if (is_array($basedn_unserialized)) {
+        $this->basedn = $basedn_unserialized;
+      }
+      else {
+        $this->basedn = array();
+        $token = is_scalar($basedn_unserialized) ? $basedn_unserialized : print_r($basedn_unserialized, TRUE);
+        debug("basednb desearialization error". $token);
+        watchdog('ldap_server', 'Failed to deserialize LdapServer::basedn of !basedn', array('!basedn' => $token), WATCHDOG_ERROR);
+      }
+
     }
-   // debug('initDerivedProperties'); debug($this->basedn);
 
-    if ($bindpw != '') {
+
+    if ($bindpw) {
       $this->bindpw = ldap_servers_decrypt($bindpw);
     }
 
@@ -203,7 +214,7 @@ class LdapServer {
       $this->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT ||
       $this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER
     );
-    $this->editPath = 'admin/config/people/ldap/servers/edit/' . $this->sid;
+    $this->editPath = (!$this->sid) ? '' : 'admin/config/people/ldap/servers/edit/' . $this->sid;
 
     $this->groupGroupEntryMembershipsConfigured = ($this->groupMembershipsAttrMatchingUserAttr && $this->groupMembershipsAttr);
     $this->groupUserMembershipsConfigured = ($this->groupUserMembershipsAttrExists && $this->groupUserMembershipsAttr);
@@ -286,7 +297,11 @@ class LdapServer {
       watchdog('ldap', "LDAP bind failure for user %user. Not connected to LDAP server.", array('%user' => $userdn));
       return LDAP_CONNECT_ERROR;
     }
-    if ($anon_bind) {
+
+    if ($anon_bind !== FALSE && $userdn === NULL && $pass === NULL && $this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON) {
+      $anon_bind = TRUE;
+    }
+    if ($anon_bind === TRUE) {
       if (@!ldap_bind($this->connection)) {
         if ($this->detailedWatchdogLog) {
           watchdog('ldap', "LDAP anonymous bind error. Error %errno: %error", array('%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)));
@@ -297,6 +312,11 @@ class LdapServer {
     else {
       $userdn = ($userdn != NULL) ? $userdn : $this->binddn;
       $pass = ($pass != NULL) ? $pass : $this->bindpw;
+
+      if (drupal_strlen($pass) == 0 || drupal_strlen($userdn) == 0) {
+        watchdog('ldap', "LDAP bind failure for user userdn=%userdn, pass=%pass.", array('%userdn' => $userdn, '%pass' => $pass));
+        return LDAP_LOCAL_ERROR;
+      }
       if (@!ldap_bind($this->connection, $userdn, $pass)) {
         if ($this->detailedWatchdogLog) {
           watchdog('ldap', "LDAP bind failure for user %user. Error %errno: %error", array('%user' => $userdn, '%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)));
@@ -362,13 +382,9 @@ class LdapServer {
 
     $result = $this->ldapQuery(LDAP_SCOPE_BASE, $params);
     if ($result !== FALSE) {
-      if ($return == 'boolean') {
-        return TRUE;
-      }
-
       $entries = @ldap_get_entries($this->connection, $result);
-      if ($entries !== FALSE) {
-        return $entries[0];
+      if ($entries !== FALSE && $entries['count'] > 0) {
+        return ($return == 'boolean') ? TRUE : $entries[0];
       }
     }
 
@@ -400,7 +416,7 @@ class LdapServer {
    */
 
   public function createLdapEntry($attributes, $dn = NULL) {
-    // dpm("createLdapEntry, dn=$dn"); dpm($ldap_entry);
+
     if (!$this->connection) {
       $this->connect();
       $this->bind();
@@ -413,7 +429,6 @@ class LdapServer {
       return FALSE;
     }
 
-   // debug("createLdapEntry, dn=$dn, entry:"); debug($attributes);
     $result = @ldap_add($this->connection, $dn, $attributes);
     if (!$result) {
       $error = "LDAP Server ldap_add(%dn) Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str ";
@@ -422,7 +437,6 @@ class LdapServer {
       watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR);
     }
 
-
     return $result;
   }
 
@@ -536,7 +550,7 @@ class LdapServer {
         }
       }
     }
-  //  dpm('modifyLdapEntry, attributes to modify'); dpm($attributes);
+
     if (count($attributes) > 0) {
       $result = @ldap_modify($this->connection, $dn, $attributes);
       if (!$result) {
@@ -696,7 +710,7 @@ class LdapServer {
       'query_display' => $query,
       'scope' => $scope,
     );
-   // dpm($ldap_query_params); dpm("searchPagination=" . $this->searchPagination .",paginationEnabled=". $this->paginationEnabled .", searchPageStart=" . $this->searchPageStart);
+
     if ($this->searchPagination && $this->paginationEnabled) {
       $aggregated_entries = $this->pagedLdapQuery($ldap_query_params);
       return $aggregated_entries;
@@ -886,21 +900,15 @@ class LdapServer {
    */
   public function userUserEntityFromPuid($puid) {
 
-    if ($this->unique_persistent_attr_binary) {
-      $puid = ldap_servers_binary($puid);
-    }
-
-   // list($account, $user_entity) = ldap_user_load_user_acct_and_entity('jkeats');
-    //debug('userUserEntityFromPuid:account and user entity'); debug($account); debug($user_entity);
     $query = new EntityFieldQuery();
     $query->entityCondition('entity_type', 'user')
     ->fieldCondition('ldap_user_puid_sid', 'value', $this->sid, '=')
     ->fieldCondition('ldap_user_puid', 'value', $puid, '=')
     ->fieldCondition('ldap_user_puid_property', 'value', $this->unique_persistent_attr, '=')
     ->addMetaData('account', user_load(1)); // run the query as user 1
-// ->entityCondition('bundle', 'user')
+
     $result = $query->execute();
-   // debug("userUserEntityFromPuid: puid=$puid, sid=". $this->sid . "attr=" . $this->unique_persistent_attr); debug($result);
+
     if (isset($result['user'])) {
       $uids = array_keys($result['user']);
       if (count($uids) == 1) {
@@ -952,13 +960,16 @@ class LdapServer {
    */
   public function userUsernameFromLdapEntry($ldap_entry) {
 
-    $accountname = FALSE;
+
     if ($this->account_name_attr) {
-      $accountname = (empty($ldap_entry[$this->user_attr][0])) ? FALSE : $ldap_entry[$this->account_name_attr][0];
+      $accountname = (empty($ldap_entry[$this->account_name_attr][0])) ? FALSE : $ldap_entry[$this->account_name_attr][0];
     }
     elseif ($this->user_attr)  {
       $accountname = (empty($ldap_entry[$this->user_attr][0])) ? FALSE : $ldap_entry[$this->user_attr][0];
     }
+    else {
+      $accountname = FALSE;
+    }
 
     return $accountname;
   }
@@ -1000,11 +1011,86 @@ class LdapServer {
     }
   }
 
+	/**
+	 * @param ldap entry array $ldap_entry
+	 *
+	 * @return drupal file object image user's thumbnail or FALSE if none present or ERROR happens.
+	 */
+	public function userPictureFromLdapEntry($ldap_entry, $drupal_username = FALSE) {
+		if ($ldap_entry && $this->picture_attr) {
+			//Check if ldap entry has been provisioned.
+
+			$thumb = isset($ldap_entry[$this->picture_attr][0]) ? $ldap_entry[$this->picture_attr][0] : FALSE;
+			if(!$thumb){
+				return false;
+			}
+
+			//Create md5 check.
+			$md5thumb = md5($thumb);
+
+			/**
+			 * If existing account already has picture check if it has changed if so remove old file and create the new one
+		   * If picture is not set but account has md5 something is wrong exit.
+			 */
+			if ($drupal_username && $account = user_load_by_name($drupal_username)) {
+        if ($account->uid == 0 || $account->uid == 1){
+          return false;
+        }
+        if (isset($account->picture)){
+          // Check if image has changed
+          if (isset($account->data['ldap_user']['init']['thumb5md']) && $md5thumb === $account->data['ldap_user']['init']['thumb5md']){
+            //No change return same image
+            return $account->picture;
+          }
+          else {
+            //Image is different check wether is obj/str and remove fileobject
+            if (is_object($account->picture)){
+              file_delete($account->picture, TRUE);
+            }
+            elseif (is_string($account->picture)){
+              $file = file_load(intval($account->picture));
+              file_delete($file, TRUE);
+            }
+          }
+        }
+        elseif (isset($account->data['ldap_user']['init']['thumb5md'])) {
+          watchdog('ldap_server', "Some error happened during thumbnailPhoto sync");
+          return false;
+        }
+      }
+			//Create tmp file to get image format.
+			$filename = uniqid();
+			$fileuri = file_directory_temp() .'/'. $filename;
+			$size = file_put_contents($fileuri, $thumb);
+			$info = image_get_info($fileuri);
+			unlink($fileuri);
+			// create file object
+			$file = file_save_data($thumb, 'public://' . variable_get('user_picture_path') .'/'. $filename .'.'. $info['extension']);
+			$file->md5Sum = $md5thumb;
+			// standard Drupal validators for user pictures
+			$validators = array(
+					'file_validate_is_image' => array(),
+					'file_validate_image_resolution' => array(variable_get('user_picture_dimensions', '85x85')),
+					'file_validate_size' => array(variable_get('user_picture_file_size', '30') * 1024),
+			);
+			$errors = file_validate($file ,$validators);
+			if (empty($errors)) {
+				return $file;
+			}
+      else {
+				foreach ($errors as $err => $err_val){
+					watchdog('ldap_server', "Error storing picture: %$err", "%$err_val", WATCHDOG_ERROR );
+				}
+				return FALSE;
+			}
+		}
+	}
+
 
   /**
    * @param ldap entry array $ldap_entry
    *
-   * @return string user's PUID or permanent user id (within ldap) in native ldap format (no binary conversions applied)
+   * @return string user's PUID or permanent user id (within ldap), converted from binary, if applicable
    */
   public function userPuidFromLdapEntry($ldap_entry) {
 
@@ -1012,8 +1098,8 @@ class LdapServer {
         && isset($ldap_entry[$this->unique_persistent_attr][0])
         && is_scalar($ldap_entry[$this->unique_persistent_attr][0])
         ) {
-
-      return $ldap_entry[$this->unique_persistent_attr][0];
+      $puid = $ldap_entry[$this->unique_persistent_attr][0];
+      return ($this->unique_persistent_attr_binary) ? ldap_servers_binary($puid) : $puid;
     }
     else {
       return FALSE;
@@ -1082,8 +1168,7 @@ class LdapServer {
       $attributes = array_keys($attribute_maps);
     }
 
-    $basedns = (is_array($this->basedn)) ? $this->basedn : array();
-    foreach ($basedns as $basedn) {
+    foreach ($this->basedn as $basedn) {
       if (empty($basedn)) continue;
       $filter = '(' . $this->user_attr . '=' . ldap_server_massage_text($ldap_username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ')';
       $result = $this->search($basedn, $filter, $attributes);
@@ -1334,11 +1419,8 @@ class LdapServer {
       return $members;
     }
 
-
-
     $this->groupMembersResursive($current_group_entries, $all_group_dns, $tested_group_ids, 0, $max_levels, $object_classes);
 
-  //  dpm('all_group_dns'); dpm($all_group_dns);
     return $all_group_dns;
 
   }
@@ -1358,7 +1440,7 @@ class LdapServer {
    */
 
   public function groupMembersResursive($current_member_entries, &$all_member_dns, &$tested_group_ids, $level, $max_levels, $object_classes = FALSE) {
-   // dpm("group membership recursive"); dpm($current_entries);
+
     if (!$this->groupGroupEntryMembershipsConfigured || !is_array($current_member_entries) || count($current_member_entries) == 0) {
       return FALSE;
     }
@@ -1494,16 +1576,16 @@ class LdapServer {
       $nested = $this->groupNested;
     }
 
-    if (!is_array($user['attr']) && !isset($user['attr'][$this->groupUserMembershipsAttr])) {
-      $user_ldap_entry = $this->userUserToExistingLdapEntry($user);
-        if (!isset($user_ldap_entry['attr'][$this->groupUserMembershipsAttr])) {
-          return FALSE; // user's membership attribute is not present.  either misconfigured or query failed
-        }
-    }
-    else {
-      $user_ldap_entry = $user;
+    $not_user_ldap_entry = empty($user['attr'][$this->groupUserMembershipsAttr]);
+    if ($not_user_ldap_entry) { // if drupal user passed in, try to get user_ldap_entry
+      $user = $this->userUserToExistingLdapEntry($user);
+      $not_user_ldap_entry = empty($user['attr'][$this->groupUserMembershipsAttr]);
+      if ($not_user_ldap_entry) {
+        return FALSE; // user's membership attribute is not present.  either misconfigured or query failed
+      }
     }
-
+    // if not exited yet, $user must be user_ldap_entry.
+    $user_ldap_entry = $user;
     $all_group_dns = array();
     $tested_group_ids = array();
     $level = 0;
@@ -1651,12 +1733,9 @@ class LdapServer {
       $count = count($ors);
       for ($i=0; $i < $count; $i=$i+LDAP_SERVER_LDAP_QUERY_CHUNK) { // only 50 or so per query
         $current_ors = array_slice($ors, $i, LDAP_SERVER_LDAP_QUERY_CHUNK);
-        //dpm("current_ors $i," . LDAP_SERVER_LDAP_QUERY_CHUNK); dpm($current_ors);
         $or = '(|(' . join(")(", $current_ors) . '))';  // e.g. (|(cn=group1)(cn=group2)) or   (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...))
         $query_for_parent_groups = '(&(objectClass=' . $this->groupObjectClass . ')' . $or . ')';
 
-
-        // debug('query_for_parent_groups'); debug($query_for_parent_groups);
         foreach ($this->basedn as $base_dn) {  // need to search on all basedns one at a time
           $group_entries = $this->search($base_dn, $query_for_parent_groups);  // no attributes, just dns needed
           if ($group_entries !== FALSE  && $level < $max_levels) {
diff --git a/ldap_servers/LdapServerAdmin.class.php b/ldap_servers/LdapServerAdmin.class.php
index e5017d4..57ea2c6 100644
--- a/ldap_servers/LdapServerAdmin.class.php
+++ b/ldap_servers/LdapServerAdmin.class.php
@@ -66,6 +66,7 @@ class LdapServerAdmin extends LdapServer {
     $this->user_dn_expression = trim($values['user_dn_expression']);
     $this->basedn = $this->linesToArray(trim($values['basedn']));
     $this->user_attr = drupal_strtolower(trim($values['user_attr']));
+    $this->picture_attr = drupal_strtolower(trim($values['picture_attr']));
     $this->account_name_attr = drupal_strtolower(trim($values['account_name_attr']));
     $this->mail_attr = drupal_strtolower(trim($values['mail_attr']));
     $this->mail_template = trim($values['mail_template']);
@@ -137,8 +138,14 @@ class LdapServerAdmin extends LdapServer {
         }
       }
 
-      $values->export_type = ($this->inDatabase) ? EXPORT_IN_DATABASE : NULL;
-      $result = ctools_export_crud_save('ldap_servers', $values);
+      try {
+        $values->export_type = NULL;
+        $result = ctools_export_crud_save('ldap_servers', $values);
+      } catch (Exception $e) {
+        $values->export_type = EXPORT_IN_DATABASE;
+        $result = ctools_export_crud_save('ldap_servers', $values);
+      }
+      
       ctools_export_load_object_reset('ldap_servers'); // ctools_export_crud_save doesn't invalidate cache
 
     }
@@ -199,18 +206,6 @@ class LdapServerAdmin extends LdapServer {
 
   public function drupalForm($op) {
 
-  //  $form['#validate'] = array('ldap_servers_admin_form_validate');
-    $form['#prefix'] = <<<EOF
-<p>Setup an LDAP server configuration to be used by other modules such as LDAP Authentication,
-LDAP Authorization, etc.</p>
-<p>More than one LDAP server configuration can exist for a physical LDAP server.
-Multiple configurations for the same physical ldap server are useful in cases such as: (1) different
-base dns for authentication and authorization and (2) service accounts with different privileges
-for different purposes.</p>
-EOF;
-
-  $form['#prefix'] = t($form['#prefix']);
-
   $form['server'] = array(
     '#type' => 'fieldset',
     '#title' => t('Connection settings'),
@@ -221,6 +216,7 @@ EOF;
   $form['bind_method'] = array(
     '#type' => 'fieldset',
     '#title' => t('Binding Method'),
+    '#description' => t('How the Drupal system is authenticated by the LDAP server.'),
     '#collapsible' => TRUE,
     '#collapsed' => TRUE,
   );
@@ -309,11 +305,6 @@ EOF;
     }
   }
 
-  $form['submit'] = array(
-    '#type' => 'submit',
-    '#value' => t('Save configuration'),
-  );
-
   $action = ($op == 'add') ? 'Add' : 'Update';
   $form['submit'] = array(
     '#type' => 'submit',
@@ -321,7 +312,6 @@ EOF;
     '#weight' => 100,
   );
 
-
   return $form;
 
   }
@@ -657,21 +647,21 @@ public function drupalFormSubmit($op, $values) {
           '#type' => 'radios',
           '#title' => t('Binding Method for Searches (such as finding user object or their group memberships)'),
           '#options' => array(
-            LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT => t('Service Account Bind.  Use credentials in following section to
-            bind to ldap.  This option is usually a best practice. Service account is entered in next section.'),
+            LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT => t('Service Account Bind: Use credentials in the
+            <strong>Service Account</strong> field to bind to LDAP.  <em>This option is usually a best practice.</em>'),
 
-            LDAP_SERVERS_BIND_METHOD_USER => t('Bind with Users Credentials.  Use users\' entered credentials
-            to bind to LDAP.  This is only useful for modules that work during user logon such
-            as ldap authentication and ldap authorization.  This option is not a best practice in most cases.
-            The users dn must be of the form "cn=[username],[base dn]" for this option to work.'),
+            LDAP_SERVERS_BIND_METHOD_USER => t('Bind with Users Credentials: Use user\'s entered credentials
+            to bind to LDAP.<br/> This is only useful for modules that execute during user logon such
+            as LDAP Authentication and LDAP Authorization.  <em>This option is not a best practice in most cases.</em>
+            The user\'s dn must be of the form "cn=[username],[base dn]" for this option to work.'),
 
-            LDAP_SERVERS_BIND_METHOD_ANON_USER => t('Anonymous Bind for search, then Bind with Users Credentials.
-            Searches for user DN then uses users\' entered credentials to bind to LDAP.  This is only useful for
-            modules that work during user logon such as ldap authentication and ldap authorization.
-            The users dn must be discovered by an anonymous search for this option to work.'),
+            LDAP_SERVERS_BIND_METHOD_ANON_USER => t('Anonymous Bind for search, then Bind with Users Credentials:
+            Searches for user dn then uses user\'s entered credentials to bind to LDAP.<br/> This is only useful for
+            modules that work during user logon such as LDAP Authentication and LDAP Authorization.
+            The user\'s dn must be discovered by an anonymous search for this option to work.'),
 
-            LDAP_SERVERS_BIND_METHOD_ANON => t('Anonymous Bind. Use no credentials to bind to ldap server.
-            Will not work on most ldaps.'),
+            LDAP_SERVERS_BIND_METHOD_ANON => t('Anonymous Bind: Use no credentials to bind to LDAP server.<br/>
+            <em>This option will not work on most LDAPS connections.</em>'),
           ),
         ),
         'schema' => array(
@@ -687,7 +677,7 @@ public function drupalFormSubmit($op, $values) {
         'fieldset' => 'bind_method',
         '#type' => 'markup',
         '#markup' => t('<label>Service Account</label> Some LDAP configurations
-          prohibit or restrict results of anonymous searches. These LDAPs require a DN//password pair
+          prohibit or restrict the results of anonymous searches. These LDAPs require a DN//password pair
           for binding. For security reasons, this pair should belong to an
           LDAP account with stripped down permissions.
           This is also required for provisioning LDAP accounts and groups!'),
@@ -735,7 +725,7 @@ public function drupalFormSubmit($op, $values) {
         'form' => array(
           'fieldset' => 'bind_method',
           '#type' => 'checkbox',
-          '#title' => t('Clear existing password from database.  Check this when switching away from service account binding.'),
+          '#title' => t('Clear existing password from database.  Check this when switching away from Service Account Binding.'),
           '#default_value' => 0,
         ),
       ),
@@ -825,6 +815,21 @@ public function drupalFormSubmit($op, $values) {
         ),
       ),
 
+    'picture_attr' => array(
+      		'form' => array(
+      				'fieldset' => 'users',
+      				'#type' => 'textfield',
+      				'#size' => 30,
+      				'#title' => t('Thumbnail attribute'),
+      				'#description' => t('The attribute that holds the users\' thumnail image. (eg. <code>thumbnailPhoto</code>). Leave empty if no such attribute exists'),
+      		),
+      		'schema' => array(
+      				'type' => 'varchar',
+      				'length' => 255,
+      				'not null' => FALSE,
+      		),
+      ),
+  
       'unique_persistent_attr' => array(
         'form' => array(
           'fieldset' => 'users',
diff --git a/ldap_servers/ldap_servers.api.php b/ldap_servers/ldap_servers.api.php
index 5dbc605..306d58a 100644
--- a/ldap_servers/ldap_servers.api.php
+++ b/ldap_servers/ldap_servers.api.php
@@ -109,9 +109,8 @@ function hook_ldap_entry_post_provision(&$ldap_entries, $ldap_server, $context)
  *   array of attributes to be returned from ldap queries where:
  *     - each key is ldap attribute name (e.g. mail, cn)
  *     - each value is associative array of form:
- *       - 'source_data_type' => NULL,
- *       - 'target_data_type' => NULL,
- *       - 'values' =>
+ *       - 'conversion' => NULL,
+ *       - 'values' => array(0 => 'john', 1 => 'johnny'))
  *
  * @param array $params context array with some or all of the following key/values
  *   'sid' => drupal account object,
@@ -121,7 +120,7 @@ function hook_ldap_entry_post_provision(&$ldap_entries, $ldap_server, $context)
  */
 function hook_ldap_attributes_needed_alter(&$attributes, $params) {
 
-  $attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], NULL, 'ldap_dn') ;
+  $attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn') ;
   if ($params['sid']) { // puid attributes are server specific
     $ldap_server = (is_object($params['sid'])) ? $params['sid'] : ldap_servers_get_servers($params['sid'], 'enabled', TRUE);
 
diff --git a/ldap_servers/ldap_servers.functions.inc b/ldap_servers/ldap_servers.functions.inc
index 8c77eaa..3195b38 100644
--- a/ldap_servers/ldap_servers.functions.inc
+++ b/ldap_servers/ldap_servers.functions.inc
@@ -106,8 +106,7 @@ function ldap_badattr($attr, $attr_name) {
  *
  */
 function ldap_servers_attributes_needed($sid, $ldap_context = 'all', $reset = TRUE) {
- // debug("call of ldap_servers_attributes_needed, op=$op,ldap_server="); debug($ldap_server);
- // dpm("call of ldap_servers_attributes_needed, op=$op,ldap_server="); dpm($ldap_server);
+
   static $attributes;
   $sid = is_object($sid) ? $sid->sid : $sid;
   $static_cache_id = ($sid) ? $ldap_context . '__' . $sid : $ldap_context;
diff --git a/ldap_servers/ldap_servers.info b/ldap_servers/ldap_servers.info
index b8b59cc..0ddbecc 100644
--- a/ldap_servers/ldap_servers.info
+++ b/ldap_servers/ldap_servers.info
@@ -1,7 +1,7 @@
 name = LDAP Servers
 description = Implements LDAP Server Configuration
 package = Lightweight Directory Access Protocol
-
+dependencies[] = ctools
 core = 7.x
 
 files[] = LdapServer.class.php
diff --git a/ldap_servers/ldap_servers.install b/ldap_servers/ldap_servers.install
index 9501ed7..c3f37e1 100644
--- a/ldap_servers/ldap_servers.install
+++ b/ldap_servers/ldap_servers.install
@@ -14,7 +14,7 @@ function ldap_servers_install() {
   variable_set('ldap_servers_require_ssl_for_credentails', 0);
 
   if (! ($key = variable_get('ldap_servers_encrypt_key', NULL))) {
-    module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
+    module_load_include('module', 'ldap_servers');
     ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.encryption');
     $key = ldap_servers_random_salt(10);
     variable_set('ldap_servers_encrypt_key', $key);
@@ -108,12 +108,13 @@ function ldap_servers_schema() {
  */
 
 function ldap_servers_update_7100() {
-
-  db_change_field('ldap_servers', 'type', 'ldap_type', array(
-    'type' => 'varchar',
-    'length' => 20,
-    'not null' => FALSE
-  ));
+  if (!db_field_exists('ldap_servers', 'ldap_type') && db_field_exists('ldap_servers', 'type')) {
+    db_change_field('ldap_servers', 'type', 'ldap_type', array(
+      'type' => 'varchar',
+      'length' => 20,
+      'not null' => FALSE
+    ));
+  }
 
   return t('ldap_servers table field "type" renamed to "ldap_type"');
 
@@ -254,7 +255,7 @@ function ldap_servers_update_7104() {
 function ldap_servers_update_7105() {
 
   if (!module_exists('ldap_user')) {
-    module_enable('ldap_user');
+    module_enable(array('ldap_user'));
     $msg = t('LDAP User module enabled.  Some authentication and authorization functionality shifted to LDAP User module.');
   }
 
@@ -563,7 +564,6 @@ function ldap_servers_update_7201() {
   foreach ($select as $record) {
     $ldap_server_records[$record->sid] = $record;
   }
-  //dpm("ldap_server_records"); dpm($ldap_server_records);
 
   if (db_table_exists('ldap_authorization')) {
     $ldap_authorization_record = NULL;
@@ -579,7 +579,7 @@ function ldap_servers_update_7201() {
         $ldap_authorization_record = $record;
       }
     }
-    //dpm("ldap_authorization_record"); dpm($ldap_authorization_record);
+
     foreach ($ldap_server_records as $sid => $ldap_server_record) {
       if ($ldap_authorization_record && $ldap_authorization_record->sid == $sid) {
         $consumer_type = $ldap_authorization_record->consumer_type;
@@ -608,7 +608,7 @@ function ldap_servers_update_7201() {
       }
     }
   }
-//  dpm("field_changes"); dpm($field_changes);
+
   foreach ($field_changes as $table_name => $record) {
     foreach ($record as $id => $field_data) {
       if ($table_name == 'ldap_servers' || $table_name == 'ldap_authorization') {
@@ -751,12 +751,31 @@ function ldap_servers_update_7203() {
   foreach ($changes as $old_field_name => $new_field_name) {
     $field_schema = $schema['ldap_servers']['fields'][$new_field_name];
     if (db_field_exists('ldap_servers', $old_field_name)) {
-      db_change_field('ldap_servers', $old_field_name, $new_field_name, $field_schema);
+      if (db_field_exists('ldap_servers', $new_field_name)) {
+        db_drop_field('ldap_servers', $old_field_name);
+      }
+      else {
+        db_change_field('ldap_servers', $old_field_name, $new_field_name, $field_schema);
+      }
     }
   }
 
 }
 
+/**
+ * Add picture_attr field in schema
+ */
+function ldap_servers_update_7204() {
+	db_add_field(
+			'ldap_servers',
+			'picture_attr',
+			array(
+					'type' => 'varchar',
+					'length' => 255,
+					'not null' => FALSE,
+			)
+	);
+}
 
 function ldap_servers_install_update_schema($schema, &$change_log) {
   foreach ($schema as $table_name => $table_schema) {
diff --git a/ldap_servers/ldap_servers.module b/ldap_servers/ldap_servers.module
index 7bf6aab..9b03d5a 100644
--- a/ldap_servers/ldap_servers.module
+++ b/ldap_servers/ldap_servers.module
@@ -304,7 +304,7 @@ function ldap_servers_theme() {
    */
   function ldap_servers_ldap_attributes_needed_alter(&$attributes, $params) {
 
-    $attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn', 'ldap_dn'); // force this data type
+    $attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn'); // force this data type
 
     if ($params['sid'] && $params['sid']) { // puid attributes are server specific
       if (is_scalar($params['sid'])) {
@@ -317,14 +317,17 @@ function ldap_servers_theme() {
       if (!isset($attributes[$ldap_server->mail_attr])) {
         $attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map();
       }
+      if(!isset($attributes[$ldap_server->picture_attr])){
+      	$attributes[$ldap_server->picture_attr] = ldap_servers_set_attribute_map();
+      }
       if ($ldap_server->unique_persistent_attr && !isset($attributes[$ldap_server->unique_persistent_attr])) {
         $attributes[$ldap_server->unique_persistent_attr] = ldap_servers_set_attribute_map();
       }
       if ($ldap_server->user_dn_expression) {
-        ldap_servers_token_extract_attributes($attributes,  $ldap_server->user_dn_expression, TRUE);
+        ldap_servers_token_extract_attributes($attributes, $ldap_server->user_dn_expression, TRUE);
       }
       if ($ldap_server->mail_template) {
-        ldap_servers_token_extract_attributes($attributes,  $ldap_server->mail_template);
+        ldap_servers_token_extract_attributes($attributes, $ldap_server->mail_template);
       }
       if (!isset($attributes[$ldap_server->user_attr])) {
         $attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map();
@@ -363,60 +366,65 @@ function ldap_servers_ldap_user_attrs_list_alter(&$available_user_attrs, &$param
      fields/properties are provisioned or synched
     */
 
-    foreach (array(
-      'field.ldap_user_puid_sid',
-      'field.ldap_user_puid',
-      'field.ldap_user_puid_property',
-      'field.ldap_user_current_dn',
-      ) as $i => $property_id) {
-      $property_token = '[' . $property_id . ']';
-      if (!isset($available_user_attrs[$property_token]) || !is_array($available_user_attrs[$property_token])) {
-        $available_user_attrs[$property_token] = array();
+    if ($ldap_server->unique_persistent_attr) {
+      foreach (array(
+        'field.ldap_user_puid_sid',
+        'field.ldap_user_puid',
+        'field.ldap_user_puid_property',
+        ) as $i => $property_id) {
+        $property_token = '[' . $property_id . ']';
+        if (!isset($available_user_attrs[$property_token]) || !is_array($available_user_attrs[$property_token])) {
+          $available_user_attrs[$property_token] = array();
+        }
       }
-    }
-
-    $available_user_attrs['[field.ldap_user_puid_sid]'] =  array(
-      'name' => t('Field: sid providing PUID'),
-      'configurable_to_drupal' => 0,
-      'configurable_to_ldap' => 1,
-      'source' => t('!sid', $tokens),
-      'notes' => 'not configurable',
-      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
-      'enabled' => TRUE,
-      'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
-      'config_module' => 'ldap_server',
-      'prov_module' => 'ldap_user',
-    ) + $available_user_attrs['[field.ldap_user_puid_sid]'];
 
-    $available_user_attrs['[field.ldap_user_puid]'] =  array(
-      'name' => t('Field: PUID', $tokens),
-      'configurable_to_drupal' => 0,
-      'configurable_to_ldap' => 1,
-      'source' => '[' . $ldap_server->unique_persistent_attr . ']',
-      'notes' => 'configure at ' . $server_edit_path,
-      'convert' => $ldap_server->unique_persistent_attr_binary,
-      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
-      'enabled' => TRUE,
-      'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
-      'config_module' => 'ldap_server',
-      'prov_module' => 'ldap_user',
-    ) + $available_user_attrs['[field.ldap_user_puid]'];
+      $available_user_attrs['[field.ldap_user_puid_sid]'] =  array(
+        'name' => t('Field: sid providing PUID'),
+        'configurable_to_drupal' => 0,
+        'configurable_to_ldap' => 1,
+        'source' => t('!sid', $tokens),
+        'notes' => 'not configurable',
+        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
+        'enabled' => TRUE,
+        'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
+        'config_module' => 'ldap_servers',
+        'prov_module' => 'ldap_user',
+      ) + $available_user_attrs['[field.ldap_user_puid_sid]'];
+
+      $available_user_attrs['[field.ldap_user_puid]'] =  array(
+        'name' => t('Field: PUID', $tokens),
+        'configurable_to_drupal' => 0,
+        'configurable_to_ldap' => 1,
+        'source' => '[' . $ldap_server->unique_persistent_attr . ']',
+        'notes' => 'configure at ' . $server_edit_path,
+        'convert' => $ldap_server->unique_persistent_attr_binary,
+        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
+        'enabled' => TRUE,
+        'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
+        'config_module' => 'ldap_servers',
+        'prov_module' => 'ldap_user',
+      ) + $available_user_attrs['[field.ldap_user_puid]'];
 
-    $available_user_attrs['[field.ldap_user_puid_property]'] =
-    array(
-      'name' => t('Field: PUID Attribute', $tokens),
-      'configurable_to_drupal' => 0,
-      'configurable_to_ldap' => 1,
-      'source' =>  $ldap_server->unique_persistent_attr ,
-      'notes' => 'configure at ' . $server_edit_path,
-      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
-      'enabled' => TRUE,
-      'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
-      'config_module' => 'ldap_server',
-      'prov_module' => 'ldap_user',
-    ) + $available_user_attrs['[field.ldap_user_puid_property]'];
+      $available_user_attrs['[field.ldap_user_puid_property]'] =
+      array(
+        'name' => t('Field: PUID Attribute', $tokens),
+        'configurable_to_drupal' => 0,
+        'configurable_to_ldap' => 1,
+        'source' =>  $ldap_server->unique_persistent_attr ,
+        'notes' => 'configure at ' . $server_edit_path,
+        'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
+        'enabled' => TRUE,
+        'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER),
+        'config_module' => 'ldap_servers',
+        'prov_module' => 'ldap_user',
+      ) + $available_user_attrs['[field.ldap_user_puid_property]'];
+    }
 
-    $available_user_attrs['[field.ldap_user_current_dn]'] =
+    $token = '[field.ldap_user_current_dn]';
+    if (!isset($available_user_attrs[$token]) || !is_array($available_user_attrs[$token])) {
+      $available_user_attrs[$token] = array();
+    }
+    $available_user_attrs[$token] =
     array(
       'name' => t('Field: Most Recent DN', $tokens),
       'configurable_to_drupal' => 0,
@@ -426,9 +434,9 @@ function ldap_servers_ldap_user_attrs_list_alter(&$available_user_attrs, &$param
       'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
       'enabled' => TRUE,
       'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
-      'config_module' => 'ldap_server',
+      'config_module' => 'ldap_servers',
       'prov_module' => 'ldap_user',
-    ) + $available_user_attrs['[field.ldap_user_current_dn]'];
+    ) + $available_user_attrs[$token];
 
     if ($ldap_user_conf->provisionsDrupalAccountsFromLdap) {
       if (!isset($available_user_attrs['[property.name]']) || !is_array($available_user_attrs['[property.name]'])) {
@@ -440,7 +448,7 @@ function ldap_servers_ldap_user_attrs_list_alter(&$available_user_attrs, &$param
         'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
         'enabled' => TRUE,
         'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
-        'config_module' => 'ldap_server',
+        'config_module' => 'ldap_servers',
         'prov_module' => 'ldap_user',
       ) + $available_user_attrs['[property.name]'];
 
@@ -453,9 +461,24 @@ function ldap_servers_ldap_user_attrs_list_alter(&$available_user_attrs, &$param
         'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
         'enabled' => TRUE,
         'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
-        'config_module' => 'ldap_server',
+        'config_module' => 'ldap_servers',
         'prov_module' => 'ldap_user',
       ) + $available_user_attrs['[property.mail]'];
+
+      if ($ldap_server->picture_attr) {
+        if (!isset($available_user_attrs['[property.picture]']) || !is_array($available_user_attrs['[property.picture]'])) {
+          $available_user_attrs['[property.picture]'] = array();
+        }
+        $available_user_attrs['[property.picture]'] = array(
+            'name' => 'Property: Picture',
+            'source' => '[' . $ldap_server->picture_attr . ']',
+            'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
+            'enabled' => TRUE,
+            'prov_events' => array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER),
+            'config_module' => 'ldap_servers',
+            'prov_module' => 'ldap_user',
+        ) + $available_user_attrs['[property.picture]'];
+      }
     }
   }
  // debug('available_user_attrs2'); debug($available_user_attrs);
@@ -558,7 +581,6 @@ function _ldap_servers_get_simpletest_servers($sid, $type = NULL, $flatten, $res
         $servers['enabled'][$_sid] = $ldap_server;
       }
     }
-    // dpm('servers'); dpm($servers);
   }
 
   if ($sid) {
@@ -604,6 +626,30 @@ function ldap_servers_msguid($value) {
   return $value;
 }
 
+ /**
+ * Create a "binary safe" string for use in LDAP filters
+ * @param $value
+ * @return string
+ */
+function ldap_servers_binary_filter($value) {
+  $match = '';
+  if (preg_match('/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i', $value)) {
+    // Reconstruct proper "memory" order from (MS?) GUID string.
+    $hex_string = str_replace('-', '', $value);
+    $value = substr($hex_string, 6, 2) . substr($hex_string, 4, 2) .
+      substr($hex_string, 2, 2) . substr($hex_string, 0, 2) .
+      substr($hex_string, 10, 2) . substr($hex_string, 8, 2) .
+      substr($hex_string, 14, 2) . substr($hex_string, 12, 2) .
+      substr($hex_string, 16, 4) . substr($hex_string, 20, 12);
+  }
+
+  for ($i = 0; $i < strlen($value); $i = $i + 2 ) {
+    $match .= '\\' . substr($value, $i, 2);
+  }
+
+  return $match;
+}
+
 /**
  * general binary conversion function for guids
  * tries to determine which approach based on length
@@ -629,7 +675,6 @@ function ldap_servers_binary($value) {
  */
 
 function ldap_servers_get_user_ldap_data($drupal_user, $sid = NULL, $ldap_context = NULL) {
-  //dpm("_ldap_servers_get_user_ldap_data, sid=$sid, ldap_context=$ldap_context"); dpm($drupal_user);
 
   if (is_object($drupal_user) && property_exists($drupal_user, 'uid') && $authname = db_query("SELECT authname FROM {authmap} WHERE uid = :uid AND module = 'ldap_user'", array(':uid' => $drupal_user->uid))->fetchColumn()) {
     $drupal_username = $authname;
@@ -659,7 +704,6 @@ function ldap_servers_get_user_ldap_data($drupal_user, $sid = NULL, $ldap_contex
 
   $ldap_server = ($sid) ? ldap_servers_get_servers($sid, 'enabled', TRUE) : FALSE;
 
- // debug("ldap_servers_get_user_ldap_data,sid=$sid"); debug($ldap_server->entries['cn=hpotter,ou=people,dc=hogwarts,dc=edu']);
   if ($ldap_server === FALSE) {
     watchdog('ldap_servers', 'Failed to load server object %sid in _ldap_servers_get_user_ldap_data', array('%sid' => $sid), WATCHDOG_ERROR);
     return FALSE;
@@ -678,34 +722,71 @@ function ldap_servers_get_user_ldap_data($drupal_user, $sid = NULL, $ldap_contex
 }
 
 /**
- * @param array $attribute in form array('values' => array(), 'data_type' => NULL) as outlined in ldap_user/README.developers.txt
- * @param enum string $data_type NULL, string, binary, ldap_dn, etc.
+ * @param array $attribute_map for a given attribute in form array('values' => array(), 'data_type' => NULL) as outlined in ldap_user/README.developers.txt
+ * @param enum string $conversion as type of conversion to do @see ldap_servers_convert_attribute().  e.g. base64_encode, bin2hex, msguid, md5
  * @param array $values in form array(<ordinal> => <value> | NULL) where NULL indicates value is needed for provisioning or other operations.
  *
- * @return array $attribute with default values or passed in values for 'data_type' and 'values'
+ * @return array $attribute_map with converted values.  If nothing passed in create empty array in proper structure.
+ *   array('values' => array(
+ *      0 => 'john',
+ *      1 => 'johnny'
+ *      )
+ *   );
+ ))
  */
 
-function ldap_servers_set_attribute_map($attribute_map = NULL, $source_data_type = NULL, $target_data_type = NULL, $values = NULL) {
-
-  $attribute_map = (is_array($attribute_map)) ? $attribute_map : array();
+function ldap_servers_set_attribute_map($attribute = NULL, $conversion = NULL, $values = NULL) {
 
-  if (!isset($attribute_map['source_data_type']) || $source_data_type) {
-    $attribute_map['source_data_type'] = ($source_data_type) ? $source_data_type : NULL;
-  }
-
-  if (!isset($attribute_map['target_data_type']) || $target_data_type) {
-    $attribute_map['target_data_type'] = ($target_data_type) ? $target_data_type : NULL;
-  }
-
-  if (!$values && (!isset($attribute_map['values']) || !is_array($attribute_map['values']))) {
-    $attribute_map['values'] = array(0 => NULL);
+  $attribute = (is_array($attribute)) ? $attribute : array();
+  $attribute['conversion'] = $conversion;
+  if (!$values && (!isset($attribute['values']) || !is_array($attribute['values']))) {
+    $attribute['values'] = array(0 => NULL);
   }
   elseif (is_array($values)) { //merge into array overwriting ordinals
     foreach ($values as $ordinal => $value) {
-      $attribute_map['values'][(int)$ordinal] = $value;
+      if ($conversion) {
+        $value = ldap_servers_convert_attribute($value, $conversion);
+      }
+      $attribute['values'][(int)$ordinal] = $value;
     }
   }
-  return $attribute_map;
+  return $attribute;
+}
+
+/**
+ * @param string $value as value to be converted
+ * @param string $conversion such as base64_encode, bin2hex, msguid, md5
+ * @return converted $value
+ */
+function ldap_servers_convert_attribute($value, $conversion = NULL) {
+
+      if ($conversion) {
+
+        switch ($conversion) {
+          case 'base64_encode':
+            $value = base64_encode($value);
+            break;
+
+          case 'bin2hex':
+            $value = bin2hex($value);
+            break;
+
+          case 'msguid':
+            $value = ldap_servers_msguid($value);
+            break;
+
+          case 'binary':
+            $value = ldap_servers_binary($value);
+            break;
+
+          case 'md5':
+            $value = '{md5}'. base64_encode(pack('H*', md5($value)));
+            break;
+        }
+
+      }
+
+  return $value;
 }
 
 
@@ -759,23 +840,66 @@ function ldap_servers_php_supports_pagination() {
 
 function ldap_servers_help($path, $arg) {
 
-  $servers_help = t('LDAP Servers stores "LDAP server configurations" so other modules
-    can connect to them and leverage their data.  LDAP authentication and LDAP authorization
-    are two such modules.  Generally only one LDAP Server Configuration is needed.
-    When multiple LDAP server configurations are needed, each is not necessarily
-    a separate physical LDAP server; they may have different binding users or some
-    other configuration difference.',
-      array(
-        '!helplink' => l(LDAP_SERVERS_DRUPAL_HELP_URL, LDAP_SERVERS_DRUPAL_HELP_URL),
-      ));
+  $servers_help = '<p>' . t('LDAP Servers store "LDAP server configurations" so other modules can connect to them and leverage their data. ');
+  $servers_help .= t('LDAP Authentication and LDAP Authorization are two such modules. Generally, only one LDAP Server configuration is needed. ') . '</p>';
+  $servers_help .= '<p>' . t('When multiple LDAP server configurations are needed, each is not necessarily a separate physical LDAP server; they may have different binding users or some other configuration difference. ') . '</p>';
 
   switch ($path) {
     case 'admin/config/people/ldap/servers':
-      $output = '<p>' . $servers_help . '</p>';
-      return $output;
-
-    case 'admin/help#ldap_servers':
-      $output = '<p>' . $servers_help . '</p>';
+      return $servers_help;
+
+   case 'admin/help#ldap_servers':
+      $servers_help .= '<h3>' . t('Configuration - Settings') . '</h3>';
+      $servers_help .= '<dl>';
+      $servers_help .= '<dt>' . t('REQUIRE HTTPS ON CREDENTIAL PAGES') . '</dt>';
+      $servers_help .= '<dd>' . t('If checked, modules using LDAP will not allow credentials to be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an approach to get all logon forms to be HTTPS.') . '</dd>';
+      $servers_help .= '<dt>' . t('ENCRYPTION') . '</dt>';
+      $servers_help .= '<dd>' . t('With encryption enabled, passwords will be stored in encrypted form. This is two way encryption because the actual password needs to used to bind to LDAP. So it offers minimal defense if someone gets in the filespace. It mainly helps avoid the accidental discovery of a clear text password.') . '</dd>';
+      $servers_help .= '<dt>' . t('LOG DETAILED LDAP ACTIONS') . '</dt>';
+      $servers_help .= '<dd>' . t('Enables LDAP logging to the Drupal Watchdog system') . '</dd>';
+      $servers_help .= '</dl>';
+      $servers_help .= '<h3>' . t('Configuration - Servers (List)') . '</h3>';
+      $servers_help .= '<dl>';
+      $servers_help .= '<dt>' . t('Configuration Table') . '</dt>';
+      $servers_help .= '<dd>' . t('Provides a list of currently stored LDAP server configuratins. ') . '</dd>';
+      $servers_help .= '<h3>' . t('Configuration - Servers (Add LDAP Server Configuration)') . '</h3>';
+      $servers_help .= '<dl>';
+      $servers_help .= '<dt>' . t('CONNECTION SETTINGS') . '</dt>';
+      $servers_help .= '<dd>' . t('Machine name - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Name - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Enabled - ') . '</dd>';
+      $servers_help .= '<dd>' . t('LDAP Server Type - ') . '</dd>';
+      $servers_help .= '<dd>' . t('LDAP Server - ') . '</dd>';
+      $servers_help .= '<dd>' . t('LDAP port - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Use Start-TLS - ') . '</dd>';
+      $servers_help .= '</dl>';
+      $servers_help .= '<dl>';
+      $servers_help .= '<dt>' . t('BINDING METHOD') . '</dt>';
+      $servers_help .= '<dd>' . t('Binding Method for searches - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Service Account - ') . '</dd>';
+      $servers_help .= '<dd>' . t('DN for non-anonymous search - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Password for non-anonymous search - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Clear existing password from database - ') . '</dd>';
+      $servers_help .= '</dl>';
+      $servers_help .= '<dl>';
+      $servers_help .= '<dt>' . t('LDAP USER TO DRUPAL USER RELATIONSHIP') . '</dt>';
+      $servers_help .= '<dd>' . t('Base DNs for LDAP Users, Groups, and Other Entries - ') . '</dd>';
+      $servers_help .= '<dd>' . t('AuthName Attribute - ') . '</dd>';
+      $servers_help .= '<dd>' . t('AccountName Attribute - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Email Attribute - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Email Template - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Persistant and Unique User ID Attribute - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Does PUID hold a binary value? - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Expression for User DN - ') . '</dd>';
+      $servers_help .= '<dd>' . t('PHP to Transform Drupal Login Username to LDAP UserName Attribute - ') . '</dd>';
+      $servers_help .= '<dd>' . t('Testing Drupal Username - ') . '</dd>';
+      $servers_help .= '<dd>' . t('DN of Testing Username - ') . '</dd>';
+      $servers_help .= '</dl>';
+      return $servers_help;
+
+    case 'admin/config/people/ldap/servers/add':
+      $output = '<p>' . t('Setup an LDAP server configuration to be used by other modules such as LDAP Authentication, LDAP Authorization, etc.') . '</p>';
+      $output .= '<p>' . t('More than one LDAP server configuration can exist for a physical LDAP server. Multiple configurations for the same physical ldap server are useful in cases such as: (1) different base dn\'s for authentication and authorization and (2) service accounts with different privileges for different purposes.') . '</p>';
       return $output;
   }
 }
diff --git a/ldap_servers/ldap_servers.test_form.inc b/ldap_servers/ldap_servers.test_form.inc
index c56aa4a..d78c631 100644
--- a/ldap_servers/ldap_servers.test_form.inc
+++ b/ldap_servers/ldap_servers.test_form.inc
@@ -136,6 +136,8 @@ function ldap_servers_test_form($form, &$form_state, $op = NULL, $sid = NULL) {
           dpm("Drupal user entity for: $user_name");
           dpm($user_entity);
         }
+       dpm("Test Group LDAP Entry");
+       dpm($test_data['group_entry'][0]);
       }
     }
   }
@@ -262,7 +264,7 @@ function ldap_servers_test_form_submit($form, &$form_state) {
     }
     $results_tables['basic'][] = array(t('Binding with DN (%bind_dn).  Using supplied password ',
       array('%bind_dn' =>  $ldap_user['dn'])));
-    $result = $ldap_server->bind($ldap_user['dn'], $values['testing_drupal_userpw']);
+    $result = $ldap_server->bind($ldap_user['dn'], $values['testing_drupal_userpw'], FALSE);
     if ($result == LDAP_SUCCESS) {
       $results_tables['basic'][] = array(t('Successfully bound to server'), 'PASS');
     }
@@ -273,6 +275,9 @@ function ldap_servers_test_form_submit($form, &$form_state) {
 
   if (!$has_errors && isset($values['grp_test_grp_dn'])) {
     $group_dn = $values['grp_test_grp_dn'];
+
+    $result = @ldap_read($ldap_server->connection, $group_dn, 'objectClass=*');
+    $group_entry = ldap_get_entries($ldap_server->connection, $result);
     $user = isset($values['testing_drupal_username']) ? $values['testing_drupal_username'] : NULL;
 
     foreach (array(FALSE, TRUE) as $nested) { //FALSE
@@ -333,6 +338,7 @@ function ldap_servers_test_form_submit($form, &$form_state) {
     }
     $form_state['ldap_server_test_data'] = array(
       'username' => $values['testing_drupal_username'],
+      'group_entry' => $group_entry,
       'results_tables' => $results_tables,
     );
     if (isset($ldap_user)) {
@@ -359,7 +365,7 @@ function ldap_servers_test_binding_credentials(&$ldap_server, $bindpw, &$results
   }
 
   if (!$errors) {
-    $bind_result = $ldap_server->bind($ldap_server->binddn, $bindpw);
+    $bind_result = $ldap_server->bind($ldap_server->binddn, $bindpw, FALSE);
     if ($bind_result == LDAP_SUCCESS) {
       $results_tables['basic'][] =  array(t('Successfully bound to server'));
     }
diff --git a/ldap_servers/ldap_servers.tokens.inc b/ldap_servers/ldap_servers.tokens.inc
index 0c121ed..8613f6b 100644
--- a/ldap_servers/ldap_servers.tokens.inc
+++ b/ldap_servers/ldap_servers.tokens.inc
@@ -5,11 +5,6 @@
  * collection of functions related to ldap tokens
  */
 
-//define('LDAP_SERVERS_TOKEN_PRE', '[');
-//define('LDAP_SERVERS_TOKEN_POST', ']');
-//define('LDAP_SERVERS_TOKEN_DEL', ':');
-//define('LDAP_SERVERS_TOKEN_MODIFIER_DEL', ';');
-
 /**
  * @param string $attr_name such 'field_user_lname', 'name', 'mail', 'dn'
  * @param string $attr_type such as 'field', 'property', etc.  NULL for ldap attributes
@@ -54,13 +49,18 @@ function ldap_servers_parse_user_attr_name($user_attr_key) {
 
 /**
  * @param array $ldap_entry
- * @param string $text
+ * @param string $text such as "[dn]", "[cn]@my.org", "[displayName] [sn]", "Drupal Provisioned"
  * @return string $text with tokens replaced
  */
 
 function ldap_servers_token_replace($resource, $text, $resource_type = 'ldap_entry') { // user_account
 
   $desired_tokens = ldap_servers_token_tokens_needed_for_template($text);
+
+  if (empty($desired_tokens)) {
+    return $text; // if no tokens exist in text, return text itself.
+  }
+
   switch ($resource_type) {
 
     case 'ldap_entry':
@@ -72,29 +72,24 @@ function ldap_servers_token_replace($resource, $text, $resource_type = 'ldap_ent
     break;
   }
 
+  // add lowercase tokens to avoid case sensitivity
   foreach ($tokens as $attribute => $value) {
     $tokens[drupal_strtolower($attribute)] = $value;
   }
 
-  // If $text is not present as an attribute key, insert it and set the key's value to an empty string.
-  if (!array_key_exists(drupal_strtolower($text), $tokens)) {
-    $tokens[$text] = '';
-    $tokens[drupal_strtolower($text)] = '';
-  }
-
   $attributes = array_keys($tokens); //array of attributes (sn, givenname, etc)
   $values = array_values($tokens); //array of attribute values (Lincoln, Abe, etc)
   $result = str_replace($attributes, $values, $text);
 
-  return $result;
+  $result = preg_replace('/\[[^\]]*>/', '', $result);  // strip out any unreplace tokens
+  return ($result == '') ? NULL : $result; // return NULL if $result is empty, else $result
 }
 
 /**
  * @param array $attributes array of attributes passed by reference
  * @param string $text with tokens in it
- * @param boolean $ignore_attr_count signifies if :1, :0, etc should be stripped off attribute.
  *
- * by reference return add ldap attribute triplet array (<attr_name>, <ordinal>, <data_type>) to $attributes
+ * by reference return add ldap attribute triplet $attribute_maps[<attr_name>] = (<attr_name>, <ordinal>, <data_type>) to $attributes
  */
 function ldap_servers_token_extract_attributes(&$attribute_maps,  $text) {
   $tokens = ldap_servers_token_tokens_needed_for_template($text);
@@ -108,30 +103,35 @@ function ldap_servers_token_extract_attributes(&$attribute_maps,  $text) {
     $parts2 = explode(LDAP_SERVERS_TOKEN_MODIFIER_DEL, $attr_name);
     if (count($parts2) > 1) {
       $attr_name = $parts2[0];
-      $source_data_type = $parts2[1];
+      $conversion = $parts2[1];
+    }
+    else {
+      $conversion = NULL;
     }
-    $attribute_maps[$attr_name] = ldap_servers_set_attribute_map(@$attribute_maps[$attr_name], $source_data_type, NULL, array($ordinal => NULL));
+    $attribute_maps[$attr_name] = ldap_servers_set_attribute_map(@$attribute_maps[$attr_name], $conversion, array($ordinal => NULL));
   }
 }
 
 /**
  * @param string $token or token expression with singular token in it, eg. [dn], [dn;binary], [titles:0;binary] [cn]@mycompany.com
  *
- * @return array with attrinutetoken converted to dn, title, etc.
+ *
+ *
+ * @return array(<attr_name>, <ordinal>, <conversion>)
  */
 function ldap_servers_token_extract_parts($token) {
   $attributes = array();
-  ldap_servers_token_extract_attributes($attribute_maps, $token);
+  ldap_servers_token_extract_attributes($attributes, $token);
   if (is_array($attributes)) {
-    $keys = array_keys($attribute_maps);
+    $keys = array_keys($attributes);
     $attr_name = $keys[0];
-    $attr_data = $attribute_maps[$attr_name];
+    $attr_data = $attributes[$attr_name];
     $ordinals = array_keys($attr_data['values']);
     $ordinal = $ordinals[0];
-    return array($attr_name, $ordinal, $attr_data['source_data_type'], $attr_data['target_data_type']);
+    return array($attr_name, $ordinal, $attr_data['conversion']);
   }
   else {
-    return array(NULL, NULL, NULL, NULL);
+    return array(NULL, NULL, NULL);
   }
 
 }
@@ -268,7 +268,6 @@ function ldap_servers_token_tokenize_entry($ldap_entry, $token_keys = 'all', $pr
       $parts = explode(LDAP_SERVERS_TOKEN_DEL, $token_key);
       $attr_name = drupal_strtolower($parts[0]);
       $ordinal_key = isset($parts[1]) ? $parts[1] : 0;
-      // debug("conversion=$conversion, attr_name=$attr_name, ordinal_key=$ordinal_key");
       $i = NULL;
 
       if ($attr_name == 'dn' || !isset($ldap_entry[$attr_name])) { // don't use empty() since a 0, "", etc value may be a desired value
@@ -338,7 +337,7 @@ function ldap_servers_token_tokenize_entry($ldap_entry, $token_keys = 'all', $pr
  */
 
 function ldap_servers_token_tokenize_user_account($user_account, $token_keys = 'all', $pre = LDAP_SERVERS_TOKEN_PRE, $post = LDAP_SERVERS_TOKEN_POST) {
-  //dpm('ldap_servers_token_tokenize_user_account, $user_account'); dpm($user_account);
+
   $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
   $tokens = array();
 
@@ -375,6 +374,7 @@ function ldap_servers_token_tokenize_user_account($user_account, $token_keys = '
     $parts = explode('.', $token_key);
     $attr_type = $parts[0];
     $attr_name = $parts[1];
+    $attr_conversion = (isset($parts[2])) ? $parts[1] : 'none';
     $value = FALSE;
     $skip = FALSE;
 
@@ -389,26 +389,50 @@ function ldap_servers_token_tokenize_user_account($user_account, $token_keys = '
 
       case 'password':
 
-        if ($user_entered_password_available && $attr_name == 'user-random') {
-          $value = ldap_user_ldap_provision_pwd('get');
-        }
-        elseif ($attr_name == 'random' || $attr_name == 'user-random') {
-          $value = user_password();
+        switch ($attr_name) {
+
+          case 'user':
+            $pwd = ldap_user_ldap_provision_pwd('get');
+            break;
+
+          case 'user-random':
+            $pwd = ldap_user_ldap_provision_pwd('get');
+            $value = ($pwd) ? $pwd : user_password();
+            break;
+
+          case 'random':
+            $value = user_password();
+            break;
+
         }
-        else {
-          $skip = TRUE; // don't set token value because token is invalid
+        if (empty($value)) {
+          $skip = TRUE;
         }
-        // debug("case password: user_entered_password_available=$user_entered_password_available, attr_name=$attr_name, value=$value");
       break;
     }
+
     if (!$skip) {
+
+      switch ($attr_conversion) {
+
+        case 'none':
+          break;
+
+        case 'to-md5':
+          $value = md5($value);
+          break;
+
+        case 'to-lowercase':
+          $value = drupal_strtolower($value);
+          break;
+      }
+
       $tokens[$pre . $token_key . $post] = check_plain($value);
       if ($token_key != drupal_strtolower($token_key)) {
         $tokens[$pre . drupal_strtolower($token_key) . $post] = check_plain($value);
       }
     }
   }
- // debug('final tokens'); debug($tokens);
   return $tokens;
 }
 
diff --git a/ldap_servers/tests/ldap_servers.test b/ldap_servers/tests/ldap_servers.test
index a6c5384..72006ba 100644
--- a/ldap_servers/tests/ldap_servers.test
+++ b/ldap_servers/tests/ldap_servers.test
@@ -6,7 +6,12 @@
  */
 
 
-module_load_include('php', 'ldap_test', 'LdapTestCase.class');
+if (function_exists('ldap_servers_module_load_include')) {
+  ldap_servers_module_load_include('php', 'ldap_test', 'LdapTestCase.class');
+}
+else {
+  module_load_include('php', 'ldap_test', 'LdapTestCase.class');
+}
 
 class LdapServersTestCase extends LdapTestCase {
   public static function getInfo() {
@@ -32,9 +37,8 @@ class LdapServersTestCase extends LdapTestCase {
    */
 
   function setUp() {
-    parent::setUp(array('ldap_servers', 'ldap_test'));
+    parent::setUp(array('ldap_test'));
     variable_set('ldap_simpletest', 2);
-    //$this->createTestUserFields();
   }
 
   function tearDown() {
@@ -214,16 +218,16 @@ class LdapServersTestCase extends LdapTestCase {
 
   public function testUIForms() {
 
-    foreach (array(0, 1) as $ctools_enabled) {
+    foreach (array(1) as $ctools_enabled) {
       $this->ldapTestId = "testUIForms.ctools.$ctools_enabled";
       if ($ctools_enabled) {
         module_enable(array('ctools'));
       }
       else {
-        module_disable(array('ctools'));
+        // module_disable(array('ctools'));
       }
 
-      $ldap_simpletest_initial = variable_get('ldap_simpletest', 1);
+      $ldap_simpletest_initial = variable_get('ldap_simpletest', 2);
       variable_del('ldap_simpletest'); // need to be out of fake server mode to test ui.
       $this->privileged_user = $this->drupalCreateUser(array(
         'administer site configuration',
diff --git a/ldap_sso/ldap_sso.module b/ldap_sso/ldap_sso.module
index 76ba346..8a91e4d 100644
--- a/ldap_sso/ldap_sso.module
+++ b/ldap_sso/ldap_sso.module
@@ -33,7 +33,8 @@ function ldap_sso_user_logout($account) {
   $auth_conf = ldap_authentication_get_valid_conf();
   if ($auth_conf->seamlessLogin == 1) {
     $cookie_string = 'do not auto login';
-    setcookie("seamless_login", $cookie_string, time() + (int)$auth_conf->cookieExpire, base_path(), "");
+    $cookie_timeout = (int)$auth_conf->cookieExpire;
+    setcookie("seamless_login", $cookie_string, (($cookie_timeout == -1) ? 0 : $cookie_timeout + time()), base_path(), "");
     $_SESSION['seamless_login'] = $cookie_string;
   }
 }
@@ -84,21 +85,41 @@ function ldap_sso_boot() {
   }
 }
 
+function ldap_sso_default_excluded_paths() {
+  return array(
+    'admin/config/search/clean-urls/check'
+  );
+}
 function ldap_sso_path_excluded_from_sso($path = FALSE) {
 
   $result = FALSE;
   if ($path) {
     // don't derive
   }
-  elseif ($_SERVER['URL'] == '/index.php') {
+  elseif ($_SERVER['PHP_SELF'] == '/index.php') {
     $path = $_GET['q'];
   }
   else {
-    $path = ltrim($_SERVER['URL'], '/'); // cron.php, etc.
+    $path = ltrim($_SERVER['PHP_SELF'], '/'); // cron.php, etc.
   }
-
+  
+  if (in_array($path, ldap_sso_default_excluded_paths())) {
+    return TRUE;
+  }
+  
   $ldap_authentication_conf = variable_get('ldap_authentication_conf', array());
-  if ($ldap_authentication_conf['ssoExcludedPaths']) {
+
+  if (isset($ldap_authentication_conf['ssoExcludedHosts']) && is_array($ldap_authentication_conf['ssoExcludedHosts'])) {
+    $host = $_SERVER['SERVER_NAME'];
+    foreach($ldap_authentication_conf['ssoExcludedHosts'] as $host_to_check) {
+      if($host_to_check == $host) {
+        return TRUE;
+      }
+    }
+  }
+  
+
+  if (isset($ldap_authentication_conf['ssoExcludedPaths'])) {
     $patterns = join("\r\n", $ldap_authentication_conf['ssoExcludedPaths']);
     if ($patterns) {
       if (function_exists('drupal_get_path_alias')) {
@@ -244,7 +265,7 @@ function ldap_sso_user_login_sso() {
       ),
       'sso_login' => TRUE,
     );
-    $user = ldap_authentication_user_login_authenticate_validate(array(), $fake_form_state);
+    $user = ldap_authentication_user_login_authenticate_validate(array(), $fake_form_state, TRUE);
 
     if ($detailed_watchdog_log) {
       $watchdog_tokens['!uid'] = is_object($user) ? $user->uid : NULL;
diff --git a/ldap_test/LdapServerTest.class.php b/ldap_test/LdapServerTest.class.php
index bb55e0c..ddf1170 100644
--- a/ldap_test/LdapServerTest.class.php
+++ b/ldap_test/LdapServerTest.class.php
@@ -57,9 +57,7 @@ class LdapServerTest extends LdapServer {
     foreach ($test_data['properties'] as $property_name => $property_value ) {
       $this->{$property_name} = $property_value;
     }
-    if (is_scalar($this->basedn)) {
-      $this->basedn = unserialize($this->basedn);
-    }
+  //  $this->basedn = unserialize($this->basedn);
     if (isset($test_data['bindpw']) && $test_data['bindpw'] != '') {
       $this->bindpw = ldap_servers_decrypt($this->bindpw);
     }
@@ -141,7 +139,7 @@ class LdapServerTest extends LdapServer {
    */
   function search($base_dn = NULL, $filter, $attributes = array(), $attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = LDAP_DEREF_NEVER, $scope = LDAP_SCOPE_SUBTREE) {
 
-  //  debug("ldap test server search base_dn=$base_dn, filter=$filter");
+   // debug("ldap test server search base_dn=$base_dn, filter=$filter");
 
     $lcase_attribute = array();
     foreach ($attributes as $i => $attribute_name) {
@@ -166,7 +164,7 @@ class LdapServerTest extends LdapServer {
      * are prepolulated in test data
      */
     if (isset($this->searchResults[$filter][$base_dn])) {
-    //  debug('case1');
+   //   debug("case1 filter= $filter   base_dn=$base_dn ");
       $results = $this->searchResults[$filter][$base_dn];
       foreach ($results as $i => $entry) {
         if (is_array($entry) && isset($entry['FULLENTRY'])) {
@@ -176,7 +174,8 @@ class LdapServerTest extends LdapServer {
           $results[$i]['dn'] = $dn;
         }
       }
-      return $results;
+   //   debug($results);
+      return $results; 
     }
 
     /**
@@ -189,7 +188,7 @@ class LdapServerTest extends LdapServer {
     $operand = FALSE;
 
     if (strpos($filter, '&') === 0) {
-     // debug('2.A.');
+   //   debug('2.A.');
      /**
      * case 2.A.: filter of form (&(<attribute>=<value>)(<attribute>=<value>)(<attribute>=<value>))
      *  such as (&(samaccountname=hpotter)(samaccountname=hpotter)(samaccountname=hpotter))
@@ -230,7 +229,7 @@ class LdapServerTest extends LdapServer {
       $subqueries[] = explode('=', $filter);
     }
     else {
-      debug('no case');
+    //  debug('no case');
       return FALSE;
     }
 
@@ -336,7 +335,7 @@ class LdapServerTest extends LdapServer {
     }
 
     $results['count'] = count($results);
-   // debug("ldap test server search results"); debug($results);
+  //  debug("ldap test server search results"); debug($results);
     return $results;
   }
 
diff --git a/ldap_test/LdapTestCase.class.php b/ldap_test/LdapTestCase.class.php
index fff8d48..cc1eed1 100644
--- a/ldap_test/LdapTestCase.class.php
+++ b/ldap_test/LdapTestCase.class.php
@@ -131,6 +131,38 @@ class LdapTestCase extends DrupalWebTestCase {
     return $test_id;
 
   }
+  public function removeUserFromGroup(&$test_data, $user_dn, $group_dn, $domain = "dc=hogwarts,dc=edu") {
+
+      $filter = "(&(objectClass=group)(member=$user_dn))";
+      if (!empty($test_data['search_results'][$filter][$domain]) &&
+            in_array($group_dn, $test_data['search_results'][$filter][$domain])) {
+        $test_data['search_results'][$filter][$domain] = array_diff($test_data['search_results'][$filter][$domain], array($group_dn));
+        $test_data['search_results'][$filter][$domain]['count'] = count($test_data['search_results'][$filter][$domain] - 1);
+      }
+      //debug("removeUserFromGroup:debug test_data[search_results][$filter]"); debug($test_data['search_results']['(&(objectClass=group)(member=$user_dn))']);
+
+
+      if (!empty($test_data['users'][$user_dn]['attr']['memberof']) && in_array($group_dn, $test_data['users'][$user_dn]['attr']['memberof'])) {
+        $test_data['users'][$user_dn]['attr']['memberof'] = array_diff($test_data['users'][$user_dn]['attr']['memberof'], array($group_dn));
+        $test_data['users'][$user_dn]['attr']['memberof']['count'] = count($test_data['users'][$user_dn]['attr']['memberof'] - 1);
+      }
+      //debug("removeUserFromGroup:debug test_data[users][$user_dn]"); debug($test_data['users'][$user_dn]);
+
+
+      if (!empty($test_data['ldap'][$user_dn]['memberof']) && in_array($group_dn, $test_data['ldap'][$user_dn]['memberof'])) {
+        $test_data['ldap'][$user_dn]['memberof'] = array_diff($test_data['ldap'][$user_dn]['memberof'], array($group_dn));
+        $test_data['ldap'][$user_dn]['memberof']['count'] = count($test_data['ldap'][$user_dn]['memberof']) - 1;
+      }
+      //debug("removeUserFromGroup:debug test_data[ldap][$user_dn]"); debug($test_data['ldap'][$user_dn]);
+
+
+      if (!empty($test_data['groups'][$group_dn]['attr']['member']) && in_array($group_dn, $test_data['groups'][$group_dn]['attr']['member']) ) {
+        $members = array_diff($test_data['groups'][$group_dn]['attr']['member'], array($group_dn));
+        $test_data['groups'][$group_dn]['attr']['member'] = $members;
+        $test_data['groups'][$group_dn]['attr']['member'][$i]['count'] = count($members - 1);
+      }
+      //debug("removeUserFromGroup:debug test_data[groups][$group_dn]"); debug($test_data['groups'][$group_dn]);
+    }
 
   public function AttemptLogonNewUser($name, $goodpwd = TRUE) {
 
diff --git a/ldap_test/LdapTestFunctions.class.php b/ldap_test/LdapTestFunctions.class.php
index b1d2d85..5eb5b41 100644
--- a/ldap_test/LdapTestFunctions.class.php
+++ b/ldap_test/LdapTestFunctions.class.php
@@ -95,8 +95,15 @@ class LdapTestFunctions  {
       foreach ($consumer_conf as $property_name => $property_value) {
         $consumer_conf_admin->{$property_name} = $property_value;
       }
+      foreach ($consumer_conf_admin->mappings as $i => $mapping) {
+        $mappings = $consumer_obj->normalizeMappings(
+          array(
+            array($mapping['from'], $mapping['user_entered'])
+          )
+          , FALSE);
+        $consumer_conf_admin->mappings[$i] = $mappings[0];
+      }
       $consumer_conf_admin->save();
-      //debug('prepConsumerConf mappings'); debug($consumer_conf['mappings']); debug($consumer_conf_admin->mappings);
     }
   }
 
@@ -115,7 +122,36 @@ class LdapTestFunctions  {
     }
     return $user;
   }
+// from http://www.midwesternmac.com/blogs/jeff-geerling/programmatically-adding-roles
+public function removeRoleFromUser($user, $role_name) {
 
+  if (is_numeric($user)) {
+    $user = user_load($user);
+  }
+  $key = array_search($role_name, $user->roles);
+  if ($key == TRUE) {
+    // Get the rid from the roles table.
+    $roles = user_roles(TRUE);
+    $rid = array_search($role_name, $roles);
+    if ($rid != FALSE) {
+      // Make a copy of the roles array, without the deleted one.
+      $new_roles = array();
+      foreach($user->roles as $id => $name) {
+        if ($id != $rid) {
+          $new_roles[$id] = $name;
+        }
+      }
+      user_save($user, array('roles' => $new_roles));
+    }
+  }
+}
+
+    public function userByNameFlushingCache($name) {
+      $user = user_load_by_name($name);
+      $users = user_load_multiple(array($user->uid), array(), TRUE); // clear user cache
+      $user = $users[$user->uid];
+      return $user;
+    }
 
  /**
    * set variable with fake test data
diff --git a/ldap_test/ldap_authorization.conf.inc b/ldap_test/ldap_authorization.conf.inc
index 7723c01..b654948 100644
--- a/ldap_test/ldap_authorization.conf.inc
+++ b/ldap_test/ldap_authorization.conf.inc
@@ -4,6 +4,8 @@
  *
  */
 
+module_load_include('php', 'og', 'module');  // for og constants
+
 function ldap_test_ldap_authorization_data() {
 
 $empty_mappings = array(
@@ -14,7 +16,7 @@ $empty_mappings = array(
   'valid' => '',
   'error_message' => '',
   );
-
+$OG_AUTHENTICATED_ROLE = 'member'; // cant use constant OG_AUTHENTICATED_ROLE here
 $conf['og_group2']['og_group'] = array(
 
   'sid' => 'activedirectory1',
@@ -29,7 +31,7 @@ $conf['og_group2']['og_group'] = array(
     array(
       'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
       'user_entered' => 'students',
-      'normalized' => 'node:students:' . OG_AUTHENTICATED_ROLE,
+      'normalized' => 'node:students:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => '',
       'valid' => '',
       'error_message' => '',
@@ -37,7 +39,7 @@ $conf['og_group2']['og_group'] = array(
     array(
       'from' => 'cn=faculty,ou=groups,dc=hogwarts,dc=edu',
       'user_entered' => 'faculty',
-      'normalized' =>  'node:faculty:' . OG_AUTHENTICATED_ROLE,
+      'normalized' =>  'node:faculty:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => '',
       'valid' => '',
       'error_message' => '',
@@ -45,7 +47,7 @@ $conf['og_group2']['og_group'] = array(
     array(
       'from' => 'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu',
       'user_entered' => 'gryffindor',
-      'normalized' => 'node:gryffindor:' . OG_AUTHENTICATED_ROLE,
+      'normalized' => 'node:gryffindor:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => '',
       'valid' => '',
       'error_message' => '',
@@ -53,7 +55,7 @@ $conf['og_group2']['og_group'] = array(
     array(
       'from' => 'cn=users,ou=groups,dc=hogwarts,dc=edu',
       'user_entered' => 'users',
-      'normalized' => 'node:users:' . OG_AUTHENTICATED_ROLE,
+      'normalized' => 'node:users:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => '',
       'valid' => '',
       'error_message' => '',
@@ -70,6 +72,38 @@ $conf['og_group2']['og_group'] = array(
 
 );
 
+$conf['og_group15']['og_group'] = $conf['og_group2']['og_group'];
+$conf['og_group15']['og_group']['mappings'] = array(
+    array(
+      'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
+      'user_entered' => 'group-name=students,role-name=member',
+      'simplified' => '',
+      'valid' => '',
+      'error_message' => '',
+    ),
+    array(
+      'from' => 'cn=faculty,ou=groups,dc=hogwarts,dc=edu',
+      'user_entered' => 'group-name=faculty,role-name=member',
+      'simplified' => '',
+      'valid' => '',
+      'error_message' => '',
+    ),
+    array(
+      'from' => 'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu',
+      'user_entered' => 'group-name=gryffindor,role-name=member',
+      'simplified' => '',
+      'valid' => '',
+      'error_message' => '',
+    ),
+    array(
+      'from' => 'cn=users,ou=groups,dc=hogwarts,dc=edu',
+      'user_entered' => 'group-name=users,role-name=member',
+      'simplified' => '',
+      'valid' => '',
+      'error_message' => '',
+    ),
+  );
+
 
 $conf['drupal_role_default']['drupal_role'] = array(
 
@@ -139,7 +173,7 @@ $conf['drupal_role_authentication_test']['drupal_role'] = array(
     array(
       'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
       'user_entered' => 'students',
-      'normalized' => 'node:students:' . OG_AUTHENTICATED_ROLE,
+      'normalized' => 'node:students:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => 'students',
       'valid' => TRUE,
       'error_message' => '',
@@ -147,7 +181,7 @@ $conf['drupal_role_authentication_test']['drupal_role'] = array(
     array(
       'from' => 'gryffindor',
       'user_entered' => 'gryffindor',
-      'normalized' => 'node:gryffindor:' . OG_AUTHENTICATED_ROLE,
+      'normalized' => 'node:gryffindor:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => 'gryffindor',
       'valid' => TRUE,
       'error_message' => '',
@@ -155,7 +189,7 @@ $conf['drupal_role_authentication_test']['drupal_role'] = array(
     array(
       'from' => 'cn=users,ou=groups,dc=hogwarts,dc=edu',
       'user_entered' => 'users',
-      'normalized' => 'node:users:' . OG_AUTHENTICATED_ROLE,
+      'normalized' => 'node:users:' . $OG_AUTHENTICATED_ROLE,
       'simplified' => 'users',
       'valid' => TRUE,
       'error_message' => '',
diff --git a/ldap_test/ldap_test.info b/ldap_test/ldap_test.info
index 0a1d4b9..0d29544 100644
--- a/ldap_test/ldap_test.info
+++ b/ldap_test/ldap_test.info
@@ -1,9 +1,10 @@
 name = LDAP Test Module
 description = Module for LDAP module for testing.  Only for development and debugging purposes.
 package = Lightweight Directory Access Protocol
-dependencies[] = ldap_servers
 
+dependencies[] = ldap_servers
 dependencies[] = entity
+
 core = 7.x
 
 files[] = ldap_servers.conf.inc
diff --git a/ldap_test/ldap_test.module b/ldap_test/ldap_test.module
index 55ec7e9..b1a3efb 100644
--- a/ldap_test/ldap_test.module
+++ b/ldap_test/ldap_test.module
@@ -8,297 +8,5 @@
 
 define('LDAP_TEST_USER_ORPHAN_CLONE_COUNT', 7);  // number of cloned drupal users (clone0, clone1, etc) to make for tests
 define('LDAP_TEST_USER_ORPHAN_CLONE_REMOVE_COUNT', 2); // number of cloned drupal users to delete in orphan check
+define('LDAP_TEST_LDAP_NAME', 'hogwarts');
 
-
-/**
- * Implements hook_menu().
- */
-function ldap_test_menu() {
-  // $items = array();
-  //$items['admin/config/people/ldap/createtestdata'] = array(
-  //  'title' => 'Create Test Users, Roles, and OG Groups',
-  //  'page callback' => 'ldap_test_create_drupal_data',
-  //  'page arguments' => array(),
-  //  'type' => MENU_LOCAL_TASK,
-  //  'access arguments' => array('administer site configuration'),
-  //  'weight' => 3,
-  //);
-  //
-  //$items['admin/config/people/ldap/testog2apifunctions'] = array(
-  //  'title' => 'Test OG Api',
-  //  'page callback' => 'ldap_test_og_api',
-  //  'page arguments' => array(),
-  //  'type' => MENU_LOCAL_TASK,
-  //  'access arguments' => array('administer site configuration'),
-  //  'weight' => 3,
-  //);
-  //return $items;
-}
-
-
-function ldap_test_og_api() {
-
-  $group_entity_types = og_get_all_group_bundle();
-  foreach ($group_entity_types as $entity_type => $group) {
-    $entity_ids = og_get_all_group('node');
-    $entities[$entity_type] = entity_load('node', $entity_ids);
-  }
-  dpm($entities);
-  //return "og_get_all_group_bundle";
-  module_load_include('php', 'ldap_test', 'LdapTestFunctions.class');
-  $testFunctions = new LdapTestFunctions();
-  $testFunctions->getCsvLdapData('hogwarts');
-  $consumer_conf = ldap_authorization_get_consumer_object('og_group');
-  $query = new EntityFieldQuery();
-  $query->entityCondition('entity_type', 'node')
-    ->entityCondition('bundle', 'group');
-  $result = $query->execute();
-//  dpm($result);
-  $groups = entity_load('node', array_keys($result['node']));
- // dpm($groups);
-
-  $groups_by_name = array();
-  foreach ($groups as $nid => $node) {
-    $groups_by_name[$node->title] = $node;
-  }
-  dpm($groups_by_name);
-  $anonymous_rid = ldap_authorization_og2_rid_from_role_name('node', 'group', $groups_by_name['gryffindor']->nid, OG_ANONYMOUS_ROLE);
-  $member_rid =    ldap_authorization_og2_rid_from_role_name('node', 'group', $groups_by_name['students']->nid,   OG_AUTHENTICATED_ROLE);
-  $admin_rid =    ldap_authorization_og2_rid_from_role_name('node', 'group', $groups_by_name['students']->nid,   OG_ADMINISTRATOR_ROLE);
-  $dungeon_master_rid =     ldap_authorization_og2_rid_from_role_name('node', 'group', $groups_by_name['faculty']->nid, 'dungeon-master');
-  dpm("test of ldap_authorization_og2_rid_from_role_name(). rids: $anonymous_rid,$member_rid,$admin_rid,$dungeon_master_rid");
-
-
-  $hpotter = user_load_by_name('hpotter');
-  $uid = $hpotter->uid;
-  $values = array(
-    'entity_type' => 'user',
-    'entity' => $uid,
-    'field_name' => FALSE,
-    'state' => OG_STATE_ACTIVE,
-  );
-  $og_gryffindor_membership = og_group('node', $groups_by_name['gryffindor']->nid, $values);
-  $og_faculty_membership =    og_group('node', $groups_by_name['faculty']->nid,    $values);
-  //dpm($og_gryffindor_membership); dpm($og_faculty_membership);
-  og_role_grant('node', $groups_by_name['gryffindor']->nid, $uid, $admin_rid);
-  og_role_grant('node', $groups_by_name['gryffindor']->nid, $uid, $dungeon_master_rid);
-  og_role_grant('node', $groups_by_name['faculty']->nid,    $uid, $admin_rid);
-  // user should now be member of faculty and gyffindor groups, with admin role in both
-
-  $gryffindor_dm_id = ldap_authorization_og_authorization_id($groups_by_name['gryffindor']->nid, $dungeon_master_rid);
-  dpm("has $gryffindor_dm_id auth? (should be 1)" . (int)$consumer_conf->hasAuthorization($hpotter, $gryffindor_dm_id));
-  dpm("has bogus auth id? (should be 0)" . (int)$consumer_conf->hasAuthorization($hpotter, 'node:632:3232'));
-
-  $consumer = $consumer_conf->emptyConsumer;
-  $user_auth = array();
-  $consumer_conf->revokeSingleAuthorization($hpotter, $gryffindor_dm_id, $consumer, $user_auth, TRUE);
- // og_invalidate_cache(array($groups_by_name['gryffindor']->nid));
-  dpm("has $gryffindor_dm_id auth? (should be 0)" . (int)$consumer_conf->hasAuthorization($hpotter, $gryffindor_dm_id));
-  $consumer_conf->grantSingleAuthorization($hpotter, $gryffindor_dm_id, $consumer, $user_auth_data, TRUE);
-  dpm("has $gryffindor_dm_id auth? (should be 1)" . (int)$consumer_conf->hasAuthorization($hpotter, $gryffindor_dm_id));
-  // try using authorizationRevoke and authorizationGrant instead of grantSingleAuthorization and revokeSingleAuthorization
-
-  $user_data = array();
-  $ldap_entry = array();
-  $consumer = array($gryffindor_dm_id => $consumer_conf->emptyConsumer);
-  dpm($consumer);
-  $consumer_conf->authorizationRevoke($hpotter, $user_data, $consumer, $ldap_entry, TRUE);
-  dpm("post authorizationRevoke has $gryffindor_dm_id auth? (should be 0)" . (int)$consumer_conf->hasAuthorization($hpotter, $gryffindor_dm_id));
-
-  $consumer_conf->authorizationGrant($hpotter, $user_data, $consumer, $ldap_entry, TRUE);
-  dpm("post authorizationGrant has $gryffindor_dm_id auth? (should be 1)" . (int)$consumer_conf->hasAuthorization($hpotter, $gryffindor_dm_id));
-
-
-  list($students_group, $entity_id) = ldap_authorization_og2_get_group_from_name('node', 'students');
-  dpm("ldap_authorization_og2_get_group_from_name: students_group title=" . $students_group->title);
-// ldap_authorization_og2_has_role($group_type, $gid, $uid, $role_name) {
-  $test = ldap_authorization_og2_has_role('node', $groups_by_name['gryffindor']->nid, $hpotter->uid, OG_ADMINISTRATOR_ROLE);
-  dpm("ldap_authorization_og2_has_role: for gryffindor admin role should be1, is=" . (int)$test);
-
-  $test = ldap_authorization_og2_has_role('node', $groups_by_name['students']->nid, $hpotter->uid, OG_ADMINISTRATOR_ROLE);
-  dpm("ldap_authorization_og2_has_role: for students admin role should be0, is=" . (int)$test);
-
-  return "api function debugging called";
-}
-
-
-/**
- * this function is just for creating hogwarts/test data for ldap
- * module development
- */
-
-function ldap_test_create_drupal_data() {
-  module_load_include('php', 'ldap_test', 'LdapTestFunctions.class');
-  $testFunctions = new LdapTestFunctions();
-  $testFunctions->getCsvLdapData('hogwarts');
-  $users = entity_load('user', FALSE, array());
-  dpm($users);
-  foreach ($testFunctions->csvTables['users'] as $guid => $user) {
-    $username = $user['cn'];
-    $edit = array();
-    $account = new stdClass();
-    $existing_account = user_load_by_name($username);
-
-    if (!$existing_account) {
-      $account->is_new = TRUE;
-      $edit['pass'] = user_password();
-      $edit['name'] = $username;
-      $edit['status'] = 1;
-      $edit['mail'] = $user['cn'] . '@hogwarts.com';
-      $account = user_save($account, $edit);
-    }
-    else {
-      if (!$existing_account->mail) {
-        $edit['mail'] = $user['cn'] . '@hogwarts.com';
-      }
-      $account = user_save($existing_account, $edit);
-    }
-    $testFunctions->csvTables['users'][$guid]['account'] = $account;
-  }
-  $users = entity_load('user', FALSE, array(), TRUE);
-  dpm($users);
-
-  $roles = user_roles(TRUE);
-  $roles_by_name = array_combine(array_values($roles), array_keys($roles));
-  foreach ($testFunctions->csvTables['groups'] as $guid => $group) {
-    if (!isset($roles_by_name[$group['cn']])) {
-      $new_role = new stdClass();
-      $new_role->name = $group['cn'];
-      $status = user_role_save($new_role);
-    }
-  }
-
-
-  $roles = user_roles(TRUE);
-  $roles_by_name = array_combine(array_values($roles), array_keys($roles));
-  dpm($roles_by_name);
-
-  // create og groups
-  $existing_og_groups = entity_load('node', FALSE, array('type' => 'group'));
-                                    dpm($existing_og_groups);
-  $groups_by_name = array();
-  foreach ($existing_og_groups as $nid => $group_node) {
-    $groups_by_name[$group_node->title] = $group_node;
-  }
-  foreach ($testFunctions->csvTables['groups'] as $guid => $group) {
-    $rid = $roles_by_name[$group['cn']];
-    $testFunctions->csvTables['groups']['rid'] = $rid;
-
-    if (!isset($groups_by_name[$group['cn']])) {
-    // create og group here
-      $node = new stdClass();
-      $node->type = 'group';
-      node_object_prepare($node);
-      $node->title    = $group['cn'];
-      $node->language = LANGUAGE_NONE;
-      $node->body[$node->language][0]['value']   = 'auto generated og group: ' . $group['cn'];
-      $node->body[$node->language][0]['summary'] = 'auto generated og group: ' . $group['cn'];
-      $node->body[$node->language][0]['format']  = 'filtered_html';
-      node_save($node);
-      $groups_by_name[$node->title] = $node;
-    }
-  }
-
-  // set og group  memberships and roles
-  // membershipid,gid,group_cn,member_guid,group_guid
-  // 1,1,gryffindor,101,201
-  foreach ($testFunctions->csvTables['memberships'] as $membership_id => $membership) {
-    $user = NULL;
-    $user = @$testFunctions->csvTables['users'][$membership['member_guid']]['account'];
-    if (!$user)  {
-      continue;
-    }
-    $rid = $roles_by_name[$membership['group_cn']];
-    $og_group_node = $groups_by_name[$membership['group_cn']];
-
-    dpm($user); dpm($rid); dpm($og_group_node);
-    $account = user_load($user->uid, TRUE);
-    $account->roles[$rid] = $membership['group_cn'];
-    $user_edit = array('roles' => $account->roles);
-    user_save($account, $user_edit, 'account');
-
-   // $og_membership = og_membership_create('node', $og_group_node->nid , 'user', $account->uid, 'og_user_node');
-
-    /**
- * Set an association (e.g. subscribe) an entity to a group.
- *
-  @param $group_type
- *   The entity type of the group.
- * @param $gid
- *   The group entity or ID.
- * @param $values
- *   Array with the information to pass along, until it is processed in the
- *   field handlers.
- *   - "entity_type": Optional; The entity type (e.g. "node" or "user").
- *     Defaults to 'user'
- *   - "entity": Optional; The entity object or entity Id to set the
- *     association. Defaults to the current user if the $entity_type property is
- *     set to 'user'.
- *   - "field_name": The name of the field, the membership should be registered
- *     in. If no value given, a first field with the correct membership type
- *     will be used. If no field found, an execpetion will be thrown.
- *
- * @return
- *   The OG membership entity.
- */
-    $values = array(
-      'entity_type' => 'user',
-      'entity' => $account->uid,
-    );
-    $og_membership = og_group('node', $og_group_node->nid, $values);
-
-
-    dpm('og_membership'); dpm($og_membership);
-   // $og_membership = og_membership_create($group_type, $gid, 'user', $account->uid, $field_name);
-    // add og membership
-// @param $gid The group ID
-// @param $entity_type  The entity type of the group content.
-// @param $etid The entity ID of the group content.
-
-
-  }
-
-  $customOgRoles = array(
-    'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
-    'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
-    );
-
-  $default_roles = og_get_default_roles();  // this will only return default roles (0,1,2)
-  // og_roles($group_type, $bundle, $gid = 0, $force_group = FALSE, $include_all = TRUE)
-  $custom_roles = og_roles('node', 'group', 0, FALSE, FALSE);  // this will only return default roles (0,1,2)
-  $all_roles = og_roles('node', 'group', 0, FALSE, TRUE);
-  $all_roles_rev = array_flip($all_roles);
-  dpm("all roles"); dpm($all_roles_rev);
-  foreach ($customOgRoles as $og_role_name => $og_role) {
-    dpm("role_name=$og_role_name");
-    if (empty($all_roles_rev[$og_role_name])) {
-      $role = new stdClass;
-      $role->gid = 0;
-      $role->group_type = $og_role['entity_type'];
-      $role->group_bundle = $og_role['bundle_type'];
-      $role->name = $og_role_name;
-      $status = og_role_save($role);
-    }
-  }
-
-
-  dpm('default, custom, and all roles for node:group og'); dpm($default_roles); dpm($custom_roles); dpm($all_roles);
-
-  dpm("groups by name"); dpm($groups_by_name);
-  return "test data created";
-}
-
-function ldap_test_create_users() {
-
-
-}
-
-function ldap_test_create_and_assign_roles() {
-
-
-}
-
-function ldap_test_create_and_og2_groups() {
-
-
-}
\ No newline at end of file
diff --git a/ldap_test/test_ldap/hogwarts/hogwarts.people.ldif b/ldap_test/test_ldap/hogwarts/hogwarts.people.ldif
new file mode 100644
index 0000000..817d5fb
--- /dev/null
+++ b/ldap_test/test_ldap/hogwarts/hogwarts.people.ldif
@@ -0,0 +1,2587 @@
+version: 1
+
+dn: ou=people,o=openldap
+objectClass: organizationalUnit
+objectClass: top
+ou: people
+
+dn: cn=hpotter,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: hpotter
+sn: Potter
+businessCategory: student
+businessCategory: wizard
+businessCategory: solution provider
+displayName: Harry Potter
+employeeType: student
+givenName: Harry
+jpegPhoto:: /9j/4AAQSkZJRgABAQEAZABkAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAGQ
+ AAAABAAAAZAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD4tdcCmKMr+FWZF+YDFVwmOg57Vo9QK7LzkDmoDzm
+ tER5BzwahaPAICnPegDOdS0Bx2qqV49DWiUK1XeIlqTHYosvU5qIqSe2KluJorW2ea4liht1HzS
+ SNtWuWXxfZrqBEVhLcwJjdJMCqkE84XG48dCcColUilqVGDZrTOkcm0kbupA5OPoKxL3xLpGnzM
+ tw9yFAG6Rbdto/E4z+Fedal8YZ9MvXXRfLQEkTKLZOcZXBLZx68Z6HoaoXHxYtrrw8H+ySW2sMw
+ aaQOZEIDZKrnkE9Mngdeaz55GqjA9Z07xHomrP5em6na3EucGMNtfP8Aunmt1Tg7T17185nxpou
+ s3X+m+HDvU4jurZgk0Q9j3+hOK9G8PeLbYxJa3d+JgD8rzkLIF989fzNVGuk/eD2PMrxPR2PzjB
+ 61G2eueaWNllhSVCHjcEqynjih0ynrXSmmro55J7MquDv96iywc5GKs+W208UNGSeR3pk7EQ7Ch
+ gdpBqZU2v0+lTFAyA96d9SSssZKZoq2qsR0oqxnohQbiCCG7ZppiAxx2rSlj5J2/jVZkYrkA5PS
+ uc1KDqF59KG2lAatNH8p7tjmqjxZTPOKm9mBUeMNkjmsbVbyGwsHllbayjKKOCx9K31i75xnvXk
+ /xCv5PDt5bapqEAuUnjZNNtg33mH32YeoOBnn271z16vLoupvh6fM2zlfEut3MkJu8sxRGkMIYK
+ sSjjdzyRnHIAHPB714Pe+INSa+lP2hjFKcSpMocH2IOSR+NXb+6uL26kutQmlM7HcIk+8c9Mkfy
+ rl78JHOkS/L83zc55/z2rOnHvqaVnZaEOoyNLI00gQOQAdh4PvVSBBsC9ZHPT0FSyQy/ZH+QqnB
+ GaooSJMgnPaupI4r6m6plMAjCB1X+EjHP510umKwhLMjooIGCwJyfY1zlq5aRd+GwOSh5/Kunsk
+ Bu0ZJAsinP3cg+xHoa5Kux3UVdnsHhLXriECxjkEzQuRNZynqh5G1v4a9RglE9qswVl3DlTj5T6
+ HHQj0r5wt45bPVIZreURT7QIiq7tx3Z29O+cd+PTrX0Z4dnh1XRLwTW8FlrVlKtvqMXmglGChlx
+ jIIYHIOT3GaMNVkpWWpdekmrtallBubGKlMa5GeuKmKBefSm7ckkivTPMZA0SlsflSiMA84I9ql
+ 2Hd0qbyxsHPzd6BMgU4PQelFTxqdxJFFaIR6vJEhJHB/CqrwBVGFwa05Y2ViOc+5qs2eh6VjJJG
+ 5mPHz0zVVowUPBB74rXZRnpVd4wBUglcoW+nXl9cC102Jpb6YiO3XHV2PX8Bub6LXz58UUn0Pw9
+ a2N5aX8HiCLUJ7eG2vImV5IXcbJCjgEEfeA+78/GQM19eeFo4YrPU7xJFF/G6JbIxI5ZHy3HTaM
+ nPavGfiVHN4p+Kmq+I9WnS91ZrWHe1yW3KgVs7ckgoQOepG7nnAHiYqqlWs+h7OGo/uLrqfHt3p
+ MlrqN5Ksnmv/AM90J28jt3z29q4O/hVLwLv3vjc2O3tXp/iG8X/jxskwpUmVz3bPp6mvNbyIwqy
+ 7h5jnMhPLH8fSuqhJvVnHiaa2RDapdPYXEqRLLEq5lOOijk1mvAftLKzhSW6kVu2Wpy23hTULLC
+ 7Z2GCeozwR9P8AGsaSQSyA4I9dxrrT3OKSskaNjBcLcAMvy9m3DFd9p9qGt0G1XcNgx5zu+npXB
+ wrKJMwTKVPVT0rtdNaYR7jI9vKPlKyKNpBHQ47Hsa5sRsduGaR3HhaGC4vptLWO+vbYRSXCxMMG
+ IqhJw3UAgZ7fdNem+H9NafxHofifSJTH/a621vq1ljCqJUwk+fQyBV7kM3YE15nbz3UkMdxo8rp
+ cojCRoYyJMAEY468Egn8K+kv2YfDb6loGtLqW9NOtiJbSSadJHHlkM3lpyyxjavONoOM8muNJr3
+ kzufLflZXnt5LfULi3nBEsUjI4PZgSCPzqq6FW4HBFdj4saxn+KHiO4053ksZdSmkgZhglWcn+Z
+ Nc/sGQa95bHhPcz1JJ5HAqzgMrVN5Q3ZxRsBb2pkXuiIQkciirkcYKUVoiT12WEOxPpVB4B0xzW
+ zICD0quVzuJ9KwbubGDJFjOBVUqzkZ6ZrZdM5GKZBaST38EMHEzyKEJ6Zzxn8aluyKVz0LT59D8
+ LfAfRfE9xMha51SeG68xcCJxEy+Ww/iTOxvcEjjmvOvFzaE/w4a1tTPbJLpI1C5lij3TJlxtV92
+ QJM4UIMqNx5PFaXjTxFoOh/D3xT4Q1PwjqniVZJjqFvbrcra7ZdgV1DsrB1CZ3BVOcAgg14V8Cv
+ Eeh+IvjHr1nq9vbR6XcWtrZaLpAlPlzAMzBiSAWVQWLNj5m2+gr5+vG8pyR7+HdlCLPmq50VoBc
+ ne0t2rcueQctgEVUtPC8V7qmw53kHft+bDdgff2r2zxj4K1X/hct9pWnt5Vi9+yzPAmZCF6BeMD
+ CkYP/AOuu10jwE0fhSx/sa2gtn83KGYEhipIyz8nJIznnOa562OVOK11Z6uDyuNaeq0R8sP8AD2
+ +fw1eaisMn2eG6Mc2BnaMZDH2rgdR0eSyvVhK7QwBV+oI/pX6HQWsHhWSaHxXo+oaboepx5uLoW
+ 5mgt5lHXzUBAQ574x6V4t8QfBdnPeG78MA6poxXf9qt4yBEx52qTgN6nHA9ulLDZvJztPYrG5FS
+ lTvT3XQ+abDTHHkyltzBfnGD8vOOo6j+VdG4dpDGAYb+DkPnIlj7+2V/UVo3kDab4PaFoZDdy3I
+ aZ4uPkQfKuOxLEk/hVGS+2WenXqK5vo5SpZcHYwHX6lOCP6160Z+01PnKlP2TszrNAvFsNchuH/
+ 0a5hJIQghWPIwCOgPfPrX2n8CvGWlaTq3iTw7bWPhPStC1jSlhXUjcPHPAJZQ2JMDEoEjFWIG5Q
+ Rz1NfBYZLozqgIfy3RCpztG3K4/A4/Ctr4Y3niA/F3RbS3imvJpbuOMRqoPmjcOAT34zjqQDgE1
+ mk07rcqLTST2Z9b6zaLa+KNTtowBHHdyqgyDgBz3GayvLZT2r034meF08IfFy/0RLh5zCFZy0ew
+ guiuRj23Y/CuAKgDNe2tkeRNWdimEJQAk59qUR7Tzn8asqoDVK0IyGxxTJZSztyBxRVto9vKgAm
+ itEZns1wnfGMCqWMJ7Hmta5i+bOT06VTVPkxjPNc5sZbj58gEg1XE5gmSeJT5kLiRBnG4qcgfjj
+ FaUyEcgcZqhJHjLYwSaDSKdrlz43eB77WNZ1rV9Av7ldGudBj1C02Mx8whNxX2KEnGDtJxxXwdp
+ pk8EftHWWrandLBLZwvcWkbyMN8jBo0Ix6ZcnpjPHNfrz4Ye31r9mrRt1vHKulm5tL1JzlZYGbO
+ 3JPG0EkDp9K/L79pDwfLp3irVdRjK+XbNbYbf96B2ZRIPQZIz6E185C8MS6b2dz6GolLCqot1Y+
+ i/B9pP4m8HaD4jlsJpptRu1e5WMEkOYtjtnrsPljr6D8fddC8P2Cafptgip9qgjBmXGDnJyCPTm
+ uh/ZU8JTeJP+CeHhvU9Km0qLWBpbQ+besQInQHlwPmznBHrXwf4sufiv8NfiFqN8vjrw5PeSzNJ
+ cXE9+GeZ89BGwHB9BwBxmvMxeXynJK9j3MHjlTj8Omh+l2neD0aAosEKxFfubAdw9D2NWtU+Fel
+ a14IurE2sEO9TtMahf0r48+DH7VXibWvFtr4f8X6Zp0k87BIru1UxKuBluMnt75r7b1z4iWHhn4
+ d3Ov3fmywQxFwka5Z+Pu//AF68WtQdKfLJanv4fEe1gpw2Pzd8d/BuTSvEk8F3ZvLAHIciPcMZ+
+ 9juMda8Zm+CGrL4X1ODTrT+07VpkaM28mZYef8AWOpOfKx0IBweK9L+Kf7Rni7xh4rls4NEsNGt
+ RnySo2yhSc7jITxx7c9q6n4R+F/+Em8VaVJqfj2bR9VfDWkENiVZhnnbKWIkXn5gpJ55Ar2MO8T
+ Rgm3ozxsX9VxE2uX3lufIuoeH/E/w/muZpNIZIJ7SSzn1GaAPHHHKwDhT03bRw3Uc4r6h/ZXsvD
+ F18UYdPv8AT7XUPP1AAfaYhkR7crJGSeGV1RgeuVHrX1b+2H4P0uy/Zo0S0gW1uNT1K9s7CR448
+ EuZkDSgfwqF3Nz6YzXm3w08L+CNJ+IPwO8TeE9JtNLhufERt5pzd4N9HHHJuZ4y2GbchcsAOmPS
+ vWhWnOP7zdPofPVsPClL93s1s/W36EnxiuLy8+NDXF826d9MtS5BBEhClS3HH3lbpXlbKCOOte4
+ fHQpd/GWK+jjEUdxp6bU9NsknI9jnIrxnYN2MV9DQ1po+dr/xGVEj/iP4VZBGOmBUqouMYpxQbM
+ 1skYkOAzHP1oqVYwckmitEQe1zANk45FUip3cKelaVwpAPGOKzs468VztNbnVBJoz7lBu5qk8Y2
+ 8citG4AdffHFUefLxjJA5pF2PoLwCtpN+zZ4mgjRklgj8+8kU42IS25uf8AZTBP+1X5wa94/i8c
+ +Ctd0m7t4X0cQSi2uChLxyNIcqCOWjMYXjoCoI5FfbPg3VLJPCXjjQtWDy6XqGhyrNCucOqZOMD
+ rnceDnPNfHv8AwhMXhvwP4zmTT1t4dE1n7HLDE21fnBMXzE85QYBPQgZrwMdaNa730se5g4udJR
+ XzP03+FWjto3/BEv4b6loG1dcj0qMNcxAEmTzHgdCccrvVeD69q+R/iP8AB/SY/C2nE3Wm6vqt1
+ bJJDeyWjKnmxyN50EoCtiR+H8453DA4VQK+wf2d/AWi+Jf+CcVtrekah4ou7zwpqt7JodnDq0iW
+ 93a3M0d4be4tvuSOrh1UuNyEcEZOfM5tLtNY1mae0KXlk5L27Z+8h6H1+o9c152YYmdLkqJaM9z
+ K8FTxCnRnrb8u58ma/wDDzQvDnw80vVNDntIPEWkWTXOp3dmTHA0xkLrEit8zIqkpk45AbFe36p
+ 4stNQ/Yx07XLjT9YK3dwbVo3sXaSEKD++dMcQsRhWyc7lOMciX4padbWvgyy0G2WKPU9ZmFnaxr
+ jjcQJJMeiISxP0HcV7Vq/hixb4LXvhmH/R7VN9tEATlcLjcP515NWftoqc0e/HDKi/Z0paJLz1P
+ myf4YeGE8GrpBurDS/EcV9Hew6jeWhuYLtDEVeNiF3dWLYwRxg8Yrr9K8BeHLbTLWDQZ7u1NjbQ
+ xmWOFYVvriFGYXRTnY+cICuCVJDZ4x6/4Hj03xZ4WWCeK1Gt6aRBqtkwy0EoA529djjDq3QqR7i
+ rGvW1tpmrQWVgsQ1K7Jh0+1QAbnIwXx/cQHczdABjqQKn6zVaVIylgcOpOvFatWfb7u5gftFnS9
+ X/4JCeLvFNhqGnXd5oeq6b9o8iQO8TzujKrHru2smMnvXwd4U8TyN+w54KmDqmq6Nrt3brdDaZY
+ 8TEj3CtFJg+u0H3r9P8A9rDw/wCHvDn/AASS0DwfY2NhpdrrHiG2nvPIjWM3LWy+YjserEuiE5z
+ wCOlfjj8Pr2G/OveG9K0nV7nRW1pr50trZ5pLSFR5SsMZ3YwJMHA5r6hUowp8q3SR8XWqSlVvLu
+ /zPtf4oWojh8E3IEyvP4fikKyMWZQ5L4JPcEkfQCvKwu5feu28T+Kl8U6XpBMCwNYw/ZwuckDg/
+ wCJx2zXGnAxivfwi/cxPn8W17WVhVUc1L5JIojG5c4zVoBSMZ6CulHMUvLI4waKulBiigVj1yUY
+ yCOaznHcCtW4YecccE1lnOSTWUzrgrIoTLhc47VRI++a1JGBU1nSL+7JHrioKK0MhWSQH7rxtG2
+ Dj5WGCPyJrB8S6Ve2sHiYauIk0DxLpsXmaixylrdxRkW9xMByu4Ltz0DAY6mtvBEpGCSemKkl1G
+ 1srOQ6treq6bYXZS0mjs4g/mIWxtLbSQvPTjvjHWvNzHDxnFS6o9DL8S6c7dGfX/7Amrib4J/GH
+ wpJZNZGzu7C8bE4kinkmtz5joQeM7QCP72e5rh/GPg2ex+JGpTaFrmr+FHmupJZEtPKaKVmOSxj
+ lR1VieSVC5PJz1rzL9jf4kaN4e/b217wHpOnxaD4e8ReG54tKsdxJlntJvOWRiT9+VGlIHYIetf
+ Xnxl0YQy2erW6IYpGZXZfzBJ+leJjlOeEvHofS5VOMcQ1LZnzFH4JN38XNJhtp77X9XW3afUNQ1
+ CcPI0YKIEHAWNC7qdqBVyOleyXFlef8IjI80iszXT7wW79OfxrxPX9FGvW8qxaheWN2UKpcWdw0
+ UiZx0ZeccD8qda6f44OpR6XqN+Lmxkh2mSNyrEgfe4HDEdSP0r5qVZcnvbn11OEef3NjsbTwbpO
+ oXjDX7N01aNMWmpWdy9vcrC3IXzYmDAZz8uce1db4T8NaPY+M44dNtW+03BCT3c0rzXEoB6NLIS
+ 5A6gZx7Vy2lafbaBpMVjaoY/KHYnknkk55JJr234Y6U2oa0b51dxGQR2x3zVYFSq1o076MnFzp0
+ qUpWVzyz/goLdajffBr4IfD/Sw/wBt1C5vJywX7qKiRH/d/wBYTn2Ir5w8E/DbTPhH+xfr7R3G/
+ XvElxbW87Z+cMSZJFHonlxxg9s13/7bni7Un/bF8J2Wn5aDQ/BoihjDk+bcXs7Fk292CqmD/tGv
+ PfEuqTXPhbTrC5lS4uoJ5PtTqDhZlRFZBnsvTI96+1oXqYu3Rfoj85xclTw9+r/U4N8Ek+pyaje
+ P5OO9ToPkzTwAc9a+jPmpalSEHpVvaMe9IigManQAtzQSQFW7Gire0np0opi5j025+8apE/uj7i
+ rlyw84g+tVHxtyOua5jtKLjBKk5zVGbIAA9avzY8wkDHFZzfdY+tAFZ+ufakkDNamNXZMjg56Gm
+ swye2ajLHd14xSkk1ZjUmndHl+ifD/VPBXxE0bx14L1kyeOdIvzfWcmok+VcycjyjjiNCrOp4Iw
+ SK/XjXdRj8Y/scN4ijs5bJr3TodRtYJR88SyLnH06gEdsV+aLEB167s5BB6V94zePJPDf7MXwR1
+ rVhJc6FqfhaG01yPbuby9zL56j+8hGcdwWHpXk42jClTk+mx7eV15VKii9WtT5B8Q6fr0Cf2hoX
+ i680yBlAmtlhjkYH+8MgkD15rHh8Q+OJrWOzm+I9gG+6rxafi5A9M4wK9n8TeDrKy8XeZ9pS706
+ 4AmtJon+SeNuVZT3BFbuneHNE/s9XCBxIASG6A9q+Em2m4tbH6ll+NUKXwJ3OD8L6dfxh7/AF7x
+ TrWsyj/j2gmZFC+7BFGfoTX2b4Pv7Lw3+z3HrF5hZJn4Ct80jZwqj6/4+lfPtnolpc+JYrS3ZIE
+ PzSOeAiDlmJ7AAGuh1PXzr/iiwhs2eLw7pgEOnRH+PHWZh3Zuw7Lj1NaYPEqg3UfxPRf5/I8nMU
+ 8RJR26v/I+f/2hwyftneFVnuIDc6to9tqdw82R9jdFuIlbIH+rKsAP9pQO+a8ZJl8oJLdPdbSSH
+ kAVmJPJIHQ19cftZ6BJYfEv4e+LobRY01TwjHYm8CfMXtpXLRk/SUNj6ntXyOwxj61+iYDDKC5+
+ rPzLMK/PLl7CAjZgVKPmweAPc1Aozzmpx129c816N9TyRMANxUqrkYphAAzVhQD25piJY03Lk0V
+ LGMJj0op3Jsd7ctl8Y71Tk4Qe9Wbnqx96znclAK5juI5T+7z1zVBvuGppGO4gdqgZh5Zz1pX1Fc
+ z35z9KQ8wqac/3+K5HxZ4msfD3hHU5pL2CLUktz9ngLfMZGBCcduefwFMUmkj0jwt4T1/xt4+0/
+ wAN6BZPcaldPgFwRHCveSRv4UXqT+A5Ir7z+PfgS08L/s4/D3wnp7vcwaDpsdoszDBkIX5mPpli
+ Tivjv9hXWbDwx4A0WMajLqt/4hnW7vtTu5mknmIAHklmJKqhBwvQEk9STX3R8bvElpqhfTEZHMa
+ KeuT9K+ezDG0q1CpFdND6LLsHUo1YTfXU+EJb3UrLwIunLJLLBauZLMOcmEHqq/7OecduoqDTvF
+ Piya2jgTTYwUOA7TEDHXOACa9EudJhaBJjEjjO0jHBFdLpOkaZFDv+yrnHAzwK+InKT6H29KfKt
+ Gc1pMOsTW5W8lCx3IxcheSy9Qvsmevr344rubO2WG7gMaqMMMADj6VZhtYmc7UTyx27GrsaCNkI
+ HCr+lYxT502VOa5WfSXjbwbofxR/Y9tND1WUWssU3m6feKgZ7OcLhZMdwclWHdSa/JTxVpNz4Q+
+ K1/4M1pooNdtIhOIhu23MBIAnhYgCSPJAJGdpOGwa/QGfx/e6Z8N00mJ97bm49iO1flh+1X8ZJd
+ M/aH8L2Vlc293rOiWUhu2Y7/s4nK4t2/3gu9h7L7V+hZdm8alSNJK+mvkfA5nl3s6UqzdtfvO5X
+ 7tSL3NcV4I8Yad478I3GpacrQTWkixXtuTnYzKG3Ke6c4z1BGK7SP7+M5r6JO58ze5MOWDe1WU5
+ wPWoVPzCph9+quJouIPkBopYmyxoqkybHa3ZxI4rLVtzNjtV+cncSTWUnEjZ4rkex1pWRFccPmq
+ bcRYwSSeBUet6pp+i6NPqeqXcNlYxkK0spOMk4CgdWYkgBRkkkYFfNnxK+Mtna6TLp+lPMjEFZo
+ xJslkP/PMsDlV/vbeccZzkUokynY674hfE1dCuodD0Ce1fWZt3n3jASR2SLwxC9Hk7AH5QTk5xt
+ Px38QPFLax4zF7azXBt/s0UMqyOXZiufnYnqxJOT9K5K88QXVxqNxeXEga6nPzsvCqo6IoH3VHQ
+ CuckuH+0+YcSZyCM8MDUmTd2fS/wK+Olz8LPFkcWoi4u/D0l2LgCIbntJTgM6jurD7yjnPI71+t
+ +m+N9P+JHhseK/D+oW2qWF0A0c0Um5c91OOh7YPNfz7ySBVyjEg9j1Fdb4R+IPjHwLq5v/CXiLV
+ 9AuX5kNnOVWX/fQ5R/+BKa8bMMnjiLyg7N/cz2suzeVBcs1zL8UfvXohN7ZzRMu51Ygq4zt9qlD
+ eRKY5Y2jIPGAcH3r8sPCX7b3xO0LUY5NY07wr4kTZtkee1ktZXI7lomI/8AHa9Om/4KC6hOg3/C
+ 7w6ZR0Ya5Pj8vJ/rXzzyDGJ6JP5n0UOIcLbVtfI/Su3dZLLOOAO45NW4bR2sXnmYLHnJYnA/H0H
+ vX5L6x+3p8RZX2aJ4Y8FaQhbLGVJ7xvbAZ0H5ivnrx3+0J8W/iLZzWfijxrrV1pcoYNp1tILS0K
+ n+ExRbdwx2YtW1HhyvJ++0vxMq3EmHS9xN/gfop8fv2pvCHge3vdE8D31j4r8ZhWi82A+bZae3I
+ JdxxJIp/wCWanqPmIr8kdZ1jUNb8R3erandXF7qF1M0txPM2XldjksT6k/0A4ArMeRnYEnAx0HA
+ H0Hao6+mwOX0cLC0Fq92fLY7MKuKleey2R6B4M8e614NvzLpF09uJGUzDqJAueCOhHJ/OvuT4ff
+ EPRvHmjiK3dbPXo1zLZOw/eADkxnv9K/NzJ9TWhp2p3mm6nDdWVxPaXETho5YZCjIR3BByK9KNR
+ xVjzmtbn6sICHIPUHkHrVsEFxzXyh4K/aQRtHg0/xzpk9/dwqFj1fT2QTzDp+9jbCuR6qQT6V9E
+ eGvF/hnxdZz3Hh3VoNR8n/XwlTFPBk4BeJsMoOOvQ+tbJrcE7nZjHqKKijAx6miquh2O0uv9SCO
+ ua4bxnr/APwifwk1rxSYop2tVEVnBJJsF1cN92PPoPvMeyiu6liknuoLa3AaaWQRxqf7zHA/nXw
+ X+1L48k1P4tnwZYTkaBoGbWFFOBNKMebMw/vM2R9AK5vM2qztoeN+JviBrWq+JJdX1bVrjWtZLE
+ wOWK21lnjEEfRcDgHr3yeteY3V5Pd3TTTyySSMclmOSailOXznNRVBkP8AMf8AvGmkk9TmkooAX
+ Jx1NGT6mkooAfx/z0/Q0YH9/wDQ0yigBxAxndk/SlzkfLu460yjJ9aAFJJOTSUUUAFFFFAC5Pqa
+ 6vwv4r1Xwz4ysNb0y5eC+tZAY2P3WX+JH9UYZBHoc9QK5OjJHegD9X/CXibSvG/gC28RaEzm3ch
+ Lq2PMlpNtyYnx19Q3QiivgX4RfFLW/hv4j1C402bMF3aeXLE5ypYOCrYPGfvD8aK641INamTc10
+ P1BbWk0Ow1TxDLsJ0uykuYlY4zJjan5E5/CvyJ8W6i+reN9U1GVzJJcXLyM5JyxJ681+nHxEvrC
+ 1+CXiSyv5xA+rpHptqwI3eY7bsr7hUJ+lflzq1u8Wv6pHKMfZp2Rx7hiP16j2Irnb91G05Xkc7R
+ UkqeXOy9gajqBBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBJG5R85xxRUdFAH3l+0dr81l4
+ g+H2kRlTF9puL6YE9WAWFP/Qnr451uUSajrCDmT7cxY9cgd6KKbYdTnLv/j7Leqg/pVaiikAUUU
+ UAFFFFABTn6j6UUUANooooAKKKKACiiigAooooAmhxubIzRRRQB//Z
+mail: Harry.Potter@hogwarts.edu
+uid: 20001
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=hgranger,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: hgranger
+sn: Granger
+businessCategory: student
+businessCategory: wizard
+businessCategory: thinker
+displayName: Hermione Granger
+givenName: Hermione
+jpegPhoto:: /9j/4AAQSkZJRgABAQEASABIAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEg
+ AAAABAAAASAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD8sCvy1CymrIGU6GoyDivkz6pxZSI54pBEzvhQWJ7
+ AVYZRu716L8JNGg1j9onwlbXID2qagk8iMDh/L/eBTjsWCjHfIHem5WRNj7I/Z3+C/wDwg/w/f4
+ r+LIls9WnspP7OhuAWbT4yD8+zjM7gDaP4VJ/vc8f8TPF/jDV7lbHSZJbG1ndmSS6+ecoAAZNuN
+ seScZC5zxk1+gniXRTqn2fTL2UxQ6ba+fdxR4/ezFR8pJ/hDHHvyOxr4S+IfiLSrLxDfWOlXKm5
+ aTbNewqrSErkLFEMYLlj1+6ucDnNebiZtVErXO2hH3G2eDaN8PPsd3PrHiae+1OTBdknf96+ecE
+ kkxp/vEtg4AXNWpYPD9tqSeKfiJqlpFaIxFjYxS4AReAqgcBeP4QxPqKzvF2rXOl+DotV1+KV4V
+ mMekaH5+0XU4G5nmYZLRpnc7dyQo5zXjmkeHtY8V+M4NS11pL7UbgCRI2UhIkP3FCdE4wQo6D86
+ 6aUHNOc5WX9bHPUcU+SCufQj/EB9fu4rbwX4UtztjxDfaxFmOFPWOE8Ig9SMk9c1o/8Izrk3h+6
+ 1vxr431mTTbIb5kSVLGxh7gELjHrt5Y8cenV+AvD+m6RpV5NJ+4tbZh9uvUG55H7Rx+r54HZeo9
+ a9X0b4D+K/jP4ssLnxJHNoXguzbdpejxA+WvP33/vyN3c5NcqqxdTlp6fmdsMNNw5pnxl/wAJFe
+ 6nrSw+CdGu7tA21dQuYmO5jxkBskg+pwa7/R/AHj7WZoJ9WtXglWTdvSzUBu+en0/Kv138H/s/+
+ D/CmiRwQaVbLIuPmKAmusu/AmjRQOsVpEhC7VwtdUpSjqkOlh4P4mfnP8NPDNzpmpodQ02SC7aT
+ MUyKyqRhgDgHgjP0/r4l420i70nVNYvYEZ4xdFpbbG08k5dR2z9MH61+qepeGrawTKWyAKmUwuO
+ lfCHx4srfTdTt78xYt45D5o24DKT8wOOxFEMRJzVxVcLGMXY7H4VeFbvTfB1heaXcm1029thJps
+ gl4jugPmhcngxSKVKjquRggg58d/aXFtqevRCaB7a6WGKSCXZ88EhO1lZgclT2z0H4Gvo74T3Fv
+ pfhFtJW5j1LQLi3W9t5JJDjYSWAX0dGPXPr6iua+M/gPT9Y8Paj4nske+tmhRZIoJMkKclg3PzK
+ AcjPIxjOOntusp0HBni+xcaikfltdJIuoyiZdku471xjB71XKV1fizQ7vQfFZ0643SbYRJbzMP8
+ AXxNnawPcjlSOoKkdq5XdXm2udVmR7fUUVIecUUiSRThutPxkdKZgdqfk+poNUrlduo9q+pf2T/
+ DZ1r9pO3124iVdE8OQ/br6RvbcY0Ud2ZgR7AH2r5eYHGcV9Z/s1aofD2l+LDcAKuoS2cTFnxmPD
+ y4H+0QpGPepm7RuJQu7H1v8cviTHovhHUtJtrxFM8Ym1BEl/eTyNkCNT1K7nYDoCckggAV8dfDu
+ 2tdY+KJOpSLNfTBo45JFzHahUZmcDoAqhgAOckd65T4p+KL3xL8eL6OMmaJLqM+WGJ3MG6ewBOK
+ p+DNdj0fxakizOZfs93LNcL0YHA3D2JyB7Yrlp095dTepPaKMX4iajZ+MP2j1srdivhvSY/skCR
+ j/AJd4cySsf9qV/vHvv9q7PQbG5fUIbSFFTWL9/wDSDni1Rhu8vPqF+96Dj1z594Tt3j0LxJ4vu
+ 1UiOKNI1K/flmkyF9923OP7o96+mPg54Ul1HxDbtOTLczttkkPXaWzIf+BMNv0X3rLH1XCHKjpy
+ /D+1qH0b8IfhZBrM2n3N9Bs0SyObOJxjzXPWRh3J/QV996LHZadpEUMMEMbR8KVWvO/DmmQ6Xod
+ taxIqKq4GFyM12cTMFXPD49e1YYVezV+p6uKSa5eh1Ut0WwWkHAxtA4+tZdxdx9mJIPzHHAqg7M
+ yIPMHTGT1rPugyoRk89ya65VGc0IIpapJFPDJG2CCnFfFf7RPh83HgK7nWNnITd064H/1q+wbiM
+ 4LAlnI7eleIfF6wN74AurdhljGQD3rPmW5MoPVH5+fCj4kPp3h+48KanOLhYle40Ny2CzLky2jH
+ P8akle+R0yor33wp8Q0ku5LOKdJw8K7lnUAXlq3KuD08xTw69yCR1r88tdefw78V9Stt0kURuBI
+ Ar4KuhyHX0Yfr+Jr0fw94pnluPs14kqzwzmSOS3+UjcQcp7E4YdskjvXo1ZNRTR5FKzlZn2h8cv
+ gfpviX9n+y8UaEbW2SGQyLK6DdayN1AYcmJjjcDxwGGCpr8y9WsbnTtfuLO8tza3SYEkJ/hbHOM
+ cEZ5BHBFfsX8CPiHpHifwVd+D/Ef2a4huYCqSupEVxgHLAfwsDwydu3Wvz1/aM8Dz+BvjnNpf2d
+ ZbBCTbTCMHzIc5Ac9ivK/QA1UJRlBSREoOEmmfN2MgZFFSMF8xtmQueM+lFKxNiXbz0NIUPXkVZ
+ 3D3pCOpqbm42NMqfl3ACvf/hLqBsNNdLmOG5muJH+yROcEYjMbOMHspIGeOT3NeMW8dr9utkbzJ
+ baNFaZTgGSQrkqPbOB9PrX0/8ABjwPfeIfGGliC3jkmmPmyFx8ltGuS0jH0VQW/BR3rOproEd7n
+ mOu6XDZHUZBhL2bVPL+0lD8kYXLN6knpjsPc14/pt5HD4i1253SiNLE21unYszgsPyAr6K+Jtgu
+ nQaiqu0axX8wUyff2AMV3Ad24NfL9jp+28iDs2WTdKCD8q5yT7cAc/QUsO007ixC1Vj2CCRrX4c
+ +D9FjBFxeanJqd0p6FyqxQLj0WMD/AL7NfoH8CdDitNO+3sN8KAQxFupCjBb8Tk1+cuk/2jquu6
+ Oj3UK3j+a9ihyVgQ42Fse4z+XpXqei3vx08EWFraad8RfDN19ljXdbtcJsKnqCpX19+MVz1sN7S
+ Wstj0MHiPZL4W7n7OaTcxG0wWUntzxW3HcIQcgA9x0A+lfnN8JvjR8TrnxXb6f410nTpdNlfaup
+ WEisi8ccKSCM19x6bqTXtnG8Z+UjmoacHa52pqaud5JeRBQAF3Hnis2a9R5dp2BcduteUeM/Gc3
+ h7w7fz2Nsb+9jQmKENt3t6ZPSvzw8c/E/40ajrE32/wAb6Z4GjL5Sys5Xd4wegOwE/ix59K6Irn
+ la5nJqnG9j9T59S02ORVnvLWAnvJIAa828ciG90txHLDLDJGcOpyGz6GvzJ8M2WkeIPEL3Hjv4t
+ eJ/EKBt0sULvFEOeRuJOPTPFfX3h618PaT4bgg8M6pqy6ftXbaz3rTxEEdQrZwfcEVnVpKGjJpy
+ lNXS/E/OX9ovRZPD/wAVX1ELttpZeCO/sf6GsPwdfNqOhNaQeU2oxpm0L/8ALVf+eZPr/d9enWv
+ ev2xNAYeDbDUlRo8ykMemOM818Z+CtQ228M8dx5MkUoUueQh7Bh3Vv5/Wu2EXUwykt0eLWap4pr
+ oz7S+D/i2ey8VxwXDfZ4/MBuAUzJbODgSAHt2J9yD2rT/aV1S58UW+kamYFN1ZSmzuWjbhwQGRj
+ 7cEDNW/hl4UuvG90niPw9axt4t0bbPcWGNy6jETtdAR97K569R6MAa634v6PpFjrsOi3yXCeGtW
+ sUImkUtLbKx3BsnkmGVcnvtLA9a48O5eh01bWR8CzRKJHKvHndjauen8v1orqLnRZtI8WanomqQ
+ 24vrOYpIJJfLU4PDI/dWBDD1BBorsuc/KzDZcHpUflFmwoJq0ycdO9aEMSFEj+X7u58+54H07ms
+ 1cs1dG0mXU720aQbUeUQqIvvTN32j1Hcj2r7p8Izah4b8Dv4T0e1js9cvUL6/fMCv2OED5LdW7Y
+ ABc/X8OO+Fnw6stG1O28V6/KIfsemNNp1myEPACu5pWB+7I2RyfuKw/iPy+6W1jounfDE6jqUTx
+ QXEHnSQq2ZZ3k+Ys7Hrx+Az7V52JrvmsmdlGkrXPinx5NJqer+IvN80wlVe2Yn/WhQQGyexAJz3
+ FeFxwuLxLEENJcNvlZT1UHhf93PPucV9JeI9ZTxL4z8R6tJbwpp1tD5MVvGuI1lkGxQD3KqMAe3
+ TrXgPh+E3fxyg02XG6S7WHcBgtyGx/StoS0foS4JyV+5c8Q+GfE1jFcXvh+wumUBLOBskHH3mY4
+ 5wSe3OBWxqXgb4mRSeDpfBut3/iJ9RsZINUhgvlt47a4wdquFGQgJBHynJGG6k1+kvhD4ZWs/hu
+ 2S4RZoygJ+XGa7G1+F1vaaqZIEjH+15SlgOvXFdODx1oaq5vicrUp/E0fHXg/wCHPjnR/AvhVdR
+ iv49VvNPV9YuisamyuTyFfYdrr0DFehPBIBr9Dfgxa3+pfC62bU8G9ijKSN2Yrxn8a5t/B9vDCs
+ Ts7BuCD3r2v4eWQs9Knt44hHH/AA4HtWM5KpU0Rso+yp8t7+p8u/E3TNZuvinDptqubcRtKyeYE
+ MzAcKCeBnpk9M+1fK3xC+Aeu+MPgxqUIfTbLxmNRt7mJWl32hiRw0kBUZ68jJB3Y5wDx+kviXQr
+ bUNclllhXzYm+VscgVmDwZa3yJIUBkI6jg5/CtMPUlTndbirUo1afLLY/IDw78ANa8NeB9c0p7a
+ 8i8WXOpG403UrEmBLOIHABbADZP8AyzAZQABz1r9Afgx8L9X0vwNYnxDdLd3Ea7mxGEyfoOPyr3
+ 61+Hmmw6mLmeB5ipzulcsF/OulvWgsdIaKALGgXAAqsViJVUuYWEwcKf8ADPz3/bA0y2m+Cd8mx
+ SYW3LX5G+FLx7e4tVdQRLHlww+/j5SD6j/Cv1l/agvrrVLC30SytZb27upGK26HmTb2/PFfmF4g
+ 8MSeEtfTSrlk/tGzkV5cdFZ8M6fQZxXRl006Ti+p5mc0XGspLoj60+Bnj258K/FbTRpt4bS8ilQ
+ iGU7Q6k8YPdT0PdSMkd6/Rr9pTwlpXjX9nXSPHekW0trDdKv2qPASWxuxyGz0G4jB7HI7V+NGlJ
+ Pquml7MuNV0tw8TofmaPPK5HOR/Qe9frv8GPF178V/2DtU8K35a41c2z2UkkjAqzomYZGz0bgc9
+ wT+Cgowm4vr+ZzSvOCl2PzE8W31jrFro07RXEGq2dqLG9L/AHZDGSFYdSOOMdhx2FFbHxA8N3dp
+ rcdzbW6RW17+/WGWZfNgkyVlhf8A2kcMPcFTzmipv3NbnnW0Y61saXA1zrdsiJvDkRuCOMHg5/n
+ WLniuj8Kun/Cc6ashHlfaFZwfuqB1Y+wGTjvUzWhstz7j0ZJtI+EsF/rF5Hca3La+dPDkviPblI
+ dv8Ttncew3DrxWnd61c+LPCOoXttAsdo9ikVmnmc72UeZI3oBkgD2rxzw7qMXijxWNTubi4srXY
+ 8VtD32YJBIB4O3BJPcn2rtIvE+mad4Xm02yDC2tDsj4BWRjgZ4+9jGBnjjpXi14KMr2O6lJuNjw
+ Tx/rmj6Dc6Z4L0orJNZ3YudQnXkPcMpwp9cAkn0JFeRaFrukWP7TVo1zqFhZTLqAnVbiYLuJIG0
+ E98dq6bxHodzaafrviiXm6gBuAG5BkkGF69SM9PavjzxHHc6n4uu5pV2yOuGyc84616+WYWNa92
+ ebjsVKi00up/SB4F1GKfRrUgjayA9OO1evxLE1sGXGT3r4k/Z18af8JT8BPCurtIPMuNPj84E5I
+ cKFYfXINfX2m3atCq7yGI9eK86KcJuL6H1PPGrTU11DV4D9ptgJBGhLF3J4AAzXp3hS/wBIXRIs
+ XUJAj5O7rXknjjT73VPAE0GlymO7VgyncV3D+IZHI47180+HtG8d+EH1hrbxPrN/ZTXGYbS9cSG
+ 1GOVR8ZI7859q0jV9nK5k8Oqi3PsjxDeaVd66Ybe7gilOd+1ual0S5EukIzYY5IOOmQSK+M9G+G
+ viK8+ID+Jj4o1+51C6H3Zbxvs1uueiRAhSfcjNfXekaf8A2R4KsLJZZJmgiCl2bLOe5J9c01W5p
+ XCVGNOKVzeuZc2+3djHp1rzPxRqscFhK24ZH610V3fLIrIshXA5ya8a8bXpW1ddxOMk1NSo5I2p
+ WgtT4h+KvxG8E6H+0dp7eNdcfR4lspZbRxEzbmDDjIBweRjPWvkL4jLa634qu/FESfZ7G9L3Krg
+ rtjwAOGJIJxnBJ5aq/wAe7o+K/wBtW5skbzrbTYIrdgOgYkyOD+BSr+p6OfEHi6w0SSYW+lQGOO
+ 5Cn74ADMvsoHX8K9KFOFGMHfVq7Pl8TiJ4ic420T0MH4fpdWGraVrhSWOG9v0VAf8AlpETtf8AD
+ BP5V+uHwK8ODwBouv3UUm4avemKzg56DBO0dTjB59Sa+HNC0OwvtYGqskdpoWhwrMEEZIRRwuAO
+ pOCBj1Ffb/w18TaFqPw+0zXFu2ur+5V4rWN12rbEMdyqM5Dlhg55xjFcU8Q51eZaG0KKhT5WeF/
+ tJaZHp/xjaSDRLaRJ2YzwJH+7aQY/eAdiQc++4elFa/xx1CHX5NGvYWtjqKAxTfaH2swGTnII5z
+ wfworsjUU1zIwS5NGfAVXLOZ7eeR4QTIUKD1OajjjMmVAAJxyegru/BHh4XfxA0X7UjMrXKNDCc
+ bpiDlcL3BI+nBobSRR794Zs77QPBvmWxiXxNfwKZo9vzQLjCA5HGfT35rpPFfhmG1tLyHT8BNI0
+ +P7REGyZZ2kG/H04/WrfhuKXUfij9nQM8s0jbHXBwYzlnLDsOg7cD0r0jUfDzJea3qV4EGmSSfZ
+ ZZiOGlflecdgB/wB9V5GOm+XQ7sLH3rs+QPiY2z4ayRJE62t3dW6yyE/KSox37f4mvmzXfAhiso
+ 9Sf91BMdvnY+VSTjn05I/Ovsj4xaTMPgnq2mCLM9u6TwKevytnH5V85eHvET3vgu78La3GZYrqP
+ K71yVY5VsexNb5dVkqSnHo9TmxsIuq4yW60PW/2QfHh0bWNU+HuqEwTQyNdWcTnBKlsSKPXDYb6
+ NX6m6Tfq1vFKhHIzuBr8AF1HXfCvjW01ixlYeJNAmLxk5xcRg4Ct6gpkH256iv1s+Cvxc0rx98M
+ dO1ixkIVwEntnI320o+9Gw9Qeh6EYIrfMKTT9qtn+f/BNsrxKcfYvdbeh73r3xa8LeG5JrXX9Ys
+ tOdUz5DyjzGHbC9TmvFdQ/aN8ONqEqWOg3N7ZnG+ae0mywHcMq4Fe9TWnhzWLNDqGl2k0wUbZWh
+ Uuv44zXLz6NDD54sWPkk/PCYsZHpnFZ0J0eW89z6HCRoqXvnlmm/tGyJIjaX4L1fUbVcjNrpcwV
+ R/vMBk16joPxs/4Su4t7DT/CviyO9dtskbafIscY9WdgAB+tTWWlxSLHDcm6jhBBSGMcficCvSb
+ CS00+wRbW3ERHUnvWlWpQ5dNx41UG7wjqQy+YuntJMNjZ6HqCa+bfi/4107wj8PdZ8QarcqlpY2
+ ryOe5IHCj1JOAAO9e0+Ktaa0s5p5pAmATg9K/KH45eNbz4qfFOHwxpM/meGbC4DNg/Lf3APB940
+ 5x6tk9AM8tCKlNJ7dTysTXlCm31ex4L4Ykur3xFq3jLW42e9vbh764TqSWOUiH/AI6v0Fex+G9A
+ vJdG07UdQYW7alcEySHJZ8tyEA6ntxXO6WdBh162sXMN6lpJvRCd0ckw48xhn5kU8AdyCeiivZf
+ BMd3rHjKG/vbmWZ0kQReYwwMEthQOAB0AHFdOMrtpytY8nC0ldJO/+Z6D4J1DTodP1PQbnTS+m6
+ xYy2RL43yBgQCD2YEAjHpXRfCSwkj0a60ZpBJcLO9wkn3Q5AwDj+HIBB9G4rze4+1T+F3+zZS+0
+ 28hmBQYPlSMAWH+6+D7V9GadZRt4IHiC1jQ3OoQBp4sANHKBtZfbftB9/rXFKL5VFdTpT95t9Dh
+ /i/8N9U1DRNDvtJhu9R1OJimoWEEiszK4LxXKH+4QGRh1DKPWiszXfE2rxaZptxDNcRiKPyIZvM
+ 2s0Z+cKQOQR0/I0V6EZOmuVLY5nFy1bPjKNWu9TSGBPLQthVUfdHr+XU17d4ReTT9XWaON7vU7g
+ rBauQQbaAZBYH+HdwPoPevH9OaOAXPlu7ySRhcgbTjOSM/gM19P/C1NM1T41eHFuHWURlLmRd2U
+ OyPcqHIxyQMfQmqlKyHFH2B4A+HcWiaI13cWIt9bmtFNyWXi1jblYgOxP3m/Adq5/4z6xFpX7PP
+ 9lWkZhEreccn5v3j7dzf8BXNelaVrskba1e6rmSzWeaSQl+ZBGMYz9SQPavkb9ojxbLc+E9PUzv
+ E95Kiuo+8gOdqEegJx+Fea5KpM3XNGOp5xceIW13w+qXeLi5t4As27rcwdAx/2gOv/wBevnC/0u
+ Ww+L5sYQrWuVNrInKtEy5GPTGCCO2K+hdV8L6jpfhzTtQUPBMsSyNHt+Zt8Y4b8M8epFeZ2BXVf
+ H10NiMbG3ZiQc/MQUX/AD7UsJJQ5rbWKxK5+W+9zxn4h2ckOp6TqUKgXbsMoP8AlowOB9cg4rsf
+ ghreoeBvjhrtjY7ktXEU0loTxIhHp6joD7Ve+IGkxt8S/hzYRkgyXCyzAjnYHVj/AOOqa7TxR4G
+ vvCHxl8LeP5LZ4NC8RvLBHxwoyWUH8AcV69Kalh1F9U/wZ50ouOIcl0aP0y+HviXR/E2hQXEU4Z
+ 8AOjHDKfQjsa9zsbfSRbhnhR/XNfmtp8mq+H9Qttb0O5aFJMGWMHKSDtkevvXuulfFLVmsV82E7
+ 8YyrcV5KSi72Po4zTVpM+xvs+kPECscA9CFxiuQ8Q3ulWNqZN8aFRkknpXgT/EzWhCVVVC46182
+ fFX4tNFpdxYXWqE3MqkfZ7d8sfqewrSzlokFScI63Of+Pnxol8R63f8AhPwzcMNOiBGoXaNjzO3
+ lIfQ/xN+A74+Ob69uLLw2bbTo2hvdR3h7leJFgHBZT/DuI2rjHy8969N0nw3d6iqalfWs1vaTv9
+ oRWGDIvQfhSa74e/dzypEBdnHlr3AAyFHoABj8K2p1IU5qJ5FdTqJs8T0rTLxNU0lrNMLLEsO0j
+ jgYIHsOv419PeC7+PQjbPdJJujmjlG7+6rBSfpzj8ayPh54XshNc6vqcfmqzMbSIvtQKOrs38IG
+ OvoK2LDWNE1H4qw+bFN/wjQcWNx5aYlmR/vSgH7pzgqnPCjPJNLFVlWny9EZ4al7GN+rPo/WPCU
+ nhbWrW9Fv9s0W8id45FO5Z7UurIBjqQspBHX5faus0WeS28KaPpZlS5guLi5GoPGD5kAVgVkHqv
+ X/AD073wrFplv8Fb/w7r95G2n2VtB/Zmt2zCUfZptypMmRhkxIquh5x0IZa830DTHfU7DQ7fWbe
+ w13TbsW8j43JO5GVnGf+Wcy47YV8g8HNRKlpo9TRVNdVoyLxn8NZ5JotIlt1+QrcW0kbhkuIWBK
+ yKTwVyxA7jlf4aK9n8XahF4J02xj1/Tn1PSppHZI7cYkspzyyxk/8spBlivRXTI+8aK7FWjHSe5
+ hbm1i9D8nNMQLqClgCWG0KemDxk+1eteD573SNdXUlV0awkJfb/HnqOPUenTNeWaSksmswxxIWk
+ kcKuP4eete7WtvDp3hie32/wCl3N2qCcchFGSzDHQk/wAs1nVkkrPqa04tn1ZFrZ1b4G3MmlEnU
+ bcM8yEbnRSRltv05/A+lfOOsaVB4q+NGmalrs5Tw7ZzrPf7n2snlFmC46ZYlMeozS6F4pk8BfGi
+ 1W6uhFo16V09QGJ3uybzz6AkDPqa5/xbBrEXxFhsdPjtm0y9vWa5E6bkMGCW3c5+UcD0OOa8zkl
+ Cb13OhuMopdTC+L3xS1N7m81q4ubKBp2ePR9LhYOLYH5VeTbxvx2yTnjgZrlfAVt/Z/w51HW7oh
+ ru/MESs55Ixyf++nxXH/FHTLK8Q3mkItpBp7K62jnJZR12nvxznqK7d7pbf4W+A9FO4X0jJLOmc
+ bdn71vwBIH/AAGutU0qEUt29Tmc5e2beyWh0unaHH4x/as0dIXR4tOsWtos8hW+UE/gC1fp78T/
+ AIO6b40/ZF03RXto1bT7WFrWeNBvt5I1G1wB74yO4avzm/ZwSO21rx18V9aRW0LwtZy3M8TcG6u
+ XkfyIcf3fl3Njk8Cnfs9fteeL/hl+0X4l079oO8urvwX461Jr67u5Y2YaHcOAEljQAn7NsCIVX7
+ uwN/er1sLhuaNu2x52IxLjLmS0vqdz4WnmtNOuNC1u3ktru3cxSJKCGVgcdD2NbFx4t8O6PceRc
+ yMjL12rnmvpL4i/DPTPG3g3TPiL8OL/AE7xJazW4Iv9LukngvYuqkuvG7B68e9fK178LfF+v2DX
+ unaDJdBp2hMXnIsxdSdw2EgjGOprzZYeUKjTR7VLFRnTUkzzTxl8T9Wv55rLw7/odq3y+dj5j9K
+ 6/wCCP7OOo+OtYj8WeMFuBoyv5iRzA77s9cnP8H8/pXt/wp/ZoN3r0GpePYorJUbfHpQkVpGCkc
+ yYJwCe35+lffNhoEFlpiWtnbJFBGgCLGuBjpXZRpNrQ4cTidd7nwR408EW0vxN1PTra2SG1srOF
+ ECrgLuKqB/OvnH4w+HJNA+Md9p0XFvbyQNFkY+V0Az+tfoRrWjn/hN/G0k4CO2q2cPzDOUAV/y6
+ 18ufFywg8Y/EzUdVhHlWbxrFC+cbxCQN31JU49sV4VZqErvuejRvNW8v8j451PxCZS2j28fk20U
+ XlxgZUvjqSO5Oc+wH1rQ0a0tNO0OaYurxWZZpJ1wqyTH09h+uK9o0n4S2nibwPqWp6PA1xr9qs0
+ r20eGkngQHzkUHuAQ2ByccV4n4QlsNf02/0qa3zfRXUc1qIz8rxo5JCnoSy4P1x6VvTacLrbqZV
+ G1OzevQ+kfAGozH4a6vYXdxPPFqmjGEhpMeQ55DL6AlQR24rgo7/V5bTxJ4m84z2WntatbANtNx
+ bNtU7W/vrywOcdqXUdeTwnoL6hJPZPfW9uqjT1BKks4zuP8AuqFTvtDMfvVpaxp+teH/ANmq6vt
+ Gs7CXwpdKtxYsGLbY5Zws1tvBBUxSMhIP8LZHetYScpbb/wBMya5YXPojVPGN74x+DXh+4QQa3f
+ vIH+1J9y6jVCBIR1SQEhXU9+RRXnXw6toJPgVDrOoNaGAXi20dmAEABi3iQd+fmzzzx6UVToV5v
+ mTEqtGGj3PjnSSsWoRPDm4lDjvt5/w7V3Wq6hfxxRXselXKxIF8vyEY7WC4ZiOc8881iWGjWVv4
+ XOqnVrVkRvntXIikJHOMscZ+lZj+N9E0LwtrWsWGvXA1uZhBZ2pnH7sNwTjvgZxXeqUKkdHd9jm
+ lWlCWqsu90Tayt/rGq6d9nuzLeSSiWN3b543yVY89MKevtXtOnanPqPwburm/R0luZmsdOuCg3v
+ GCE8wZ/hYqee+DXyjY61q+oPY6nfXk32trsiObAD4AGQMY9cfWvo6TWLm4trNAiC0ivTaxQpjbD
+ bwR4B9Bjbn6k+tceNpNRjF9zTDVk5OS7HhestNJ4t1GykAlstKfegPOT93HHqMcfXtWx4qaPThp
+ 2us7xWyaXN9kywy005LbQOvyoBlunzAd653UPEunS+LdZhtbmKOxWJg8+MsW2gAkdS3QfpXnfxe
+ 125l+J9zBGWWx06wS3ihU/LsSMEnHTJOc/hXfhsLKpNX00ODEYhQg7O5+n/wI+Glzq/7M2i6BMj
+ mHxD4rS+vwOj20FqHCN6guUOPevSP2jf2W9E8cfB+MadZR2mtadGTazJHgkY5U47d6+gP2cdHtF
+ /Zu8Kaqs1vdTxaWkbSxMGQTSKrzBSOODsTj+6RXtsksct09tdR74nOORkV20ado3b1MZ1dVY/l+
+ g1L4h/Cvxpr/AIU0LxR4r8KXLboNRh0zV5rZHzjlhGwByMHJG7nrXv1h8cPiRbeCbS/h1/UPEF3
+ pu03V99o8vUbSMnGJxtKzxZ+7NjK9G7mu18efCm2+Jvjj4jeLfCMN3ZfEy01m5m1vwhe/JJPbiV
+ kiubUt99WjRSMHacY4INfHMutajoXiE3WnTTaffWZdZXZNsgYcPGyt2OCGUjnuKdHEUcbF8vxR3
+ T/rZ7p/8MenHCKhFSmt+x9sfDb9pDxj4g/aF8J28/iXxm+tpdzXEVlDEstmWXAWOWOJdzxvGXWR
+ 24RiCAMKa/cfwbr+meLvhnpXiHSGRrS8i3KoYMY3HDxsfVWBX8K/LH9lv9nrVdP8I6jq1xpaeH1
+ 1iGKS9nEfzbGUN5cbN8yRjccID1Jr7p+FFh/wr34l3/gu3SVfDGqILizfBIgul5dM9AZVGf8AeX
+ 3rnpU4wm3Fuz6N3+45cRJSVtLlX4r2bWmr6jeR+Z5Vza5m2/3kVgpHuQxFfm18UvEmoaf4FubOC
+ 5MDqqRGSM4YAlS2D253flX6zfFK1jj8E39zMFCrAz5/unoAPz/Svx2+Irtp/jS8srgQ/akkJCxk
+ At1KsynI43Fvoa8DH01HEr7z08HUboP7jF+FfxSvvAviPSYA7pqFpIHETk7irEK24+pDJkUmuaX
+ aaP8AF3WL3QYTY6ZcSHULEM3y2pnZnkPsEBkCj2FeL6Xpt2fiPO5EqSK5bzHP+uDAkkfnnnua7L
+ VPEUmu+Mda8O20bypBaW/2gqpAkRGcOUbvtLgZHoa1UbVLx2a1Ic7wXNunZHM61rj6v8SLWYRyy
+ aAszK6StlpgygGVj6njA7AAV9RaJ4rh8P6brHwx1tbPVvDuvwC4so5G/dQusW9Cef4gApIxxjPK
+ g18rRRJYQ6gLkE2Vu2/YeDIpGVP457dq221/+2vFf9qXVzAum2GnwSSvGpDRARZZcnoSM/KOwBP
+ Wtqkbx06GUZcstep3HxE+JOiW/gvw5p/w6vpovDVuDFdI7Gd4blF2hVbq8TKSVc5JwwPI5K8Tnu
+ ZvAvjXxNock1vELC7jtXby0zIdhdDkgjGxlOPeivew9L2dNJRv/wAE8StWnObfNY4vxGWVRbSyC
+ ZmbeuSWx6dag8HeCNU8XePdM0bTIpTdzzg+cwGIV7vzx06Z6mrE9jLqPiTMU4jiaXaZHbcVHfHv
+ X0Dod9pPg3wu+l+ELKXWvFMsJkmnYmUrkYHI789Pur7115ljY0U0ldnPgcJKq7vY0NX+G9np3jG
+ 0stIuh/Zmh4kmnkmyz7V3PJ9C3f24q1pOpLrHwx1Ke1MiiZpAkarjcuBvxznrg++a4XxL40svCP
+ wevfDN1OL3xvrk4k1i5t5N5t4hyIt3dj7cDpXj+kfE2fRLmzuIY551h8yM2YwscaM4bjqTkcZ/v
+ e1fPrCV8RT51v08z3J4qjRqKP3kTadar42NgjtbXX2xGnE4wrIjbmdcdgB3rj9d1ZNc8e3+qybY
+ 2muWfaB1Ungj04xx65r3PU7v4deMdEfVrW+fSda2EMpwN4PUMpIIP514BdRWsOr3P2R3eEOVRuB
+ nHpXu5fPnWqaa7ni42PLs00z+iz9jLU7PUf8Agl58H1swqNBpJt7lQeRNG7I+ffcCTmvTPjJ4+s
+ fht+yv8RPGk6q8mj6HcTwKery7Csaj3Lla+Nf+CafiI6l+yP4j8OmbdLoniOb5M/dW4Czj8Muf1
+ q//AMFBfH9j4V+D3hrwBeaY2rDxncSefCLxoNkNsUfcWTnG9k479DwTU1U03ZX1NMIudpXPgvwv
+ 8atH1b4c6LpvxPu9W0TxpoFqE8P+PtH4uoWIA8q4H/LSMnrkFSBlgCM16Z8G/Afh39o74lahe+I
+ pfDeuan4bvYhe63pFs1v9vVlLKJEJw3Xk8jOcV+e8clxrt02noWSV7kx2wjjJMrBgoXr94kgD61
+ 9zfsXayfCH/BQTTPBNtdRyWmvae2jatIuNlzeQxmUMv+6yyrn13VwSybD0qvPTunvZbLvbqk+17
+ X6H0dXE1alOy2XXv/Xc/b21tUi0C003T7dYI4F8pAqYVQvy59+BWvD4ftxo0q9Jf9YJj95HByG+
+ uaU38MZRVOMjGSO2cVc17W9K8N/C/Vtd1e8t9P0uztXuLy6nbCQxIu5mJ9AAa7YJJWPnKknc8A/
+ aP+I+h+GP2OtU8VXrIywyiO5gQgSNOpIMQB/vHHttOenNfhFpnxZv9U+Lz3fiPRdD1y5nvD5ck0
+ TBotx4VSCOg4HsBXV/tDftDr8bP2ltR1iFNRsvhvBbtZadpj5HnRFWV7t04/fSAjAIyiqq5BLCv
+ IdE8OMnie3vLW8imtEljktrpGyhXOQT6cA5JwRzXPXwVNKUqi1aNaOLm5RUHomd54/8U6xB4r1T
+ SdPsrTQpW/itwXkk6AqG6g844rsG1N9H8P6FCNMgttZeALqltDKctG64kjBHSRkBcdtw+tYfjXU
+ bLQ/G0mtS2Hn6xMzyWEk8TNbrvbd5mQDv7YI44614Lda5q8us3U7X11NPczLNLMOGlfOA3PQDt+
+ ledhsIqtONlZL8Tvr4l05vmd2/wPo/U9GeS4/slLhb1SkLtdAfLJavnZL7kL29TiuT8Q6pYxXkX
+ hDwpAJYM7rtyQxHG3Dt/fdtox2UdsU1df1E+DdfvWkIe00/7PCW6oHbB59ARx75NeUy60bbQ/sO
+ nQJb5Ja5mRcPKxxuO4ksWIO3ceQMhQuSa2weDlVk77IzxWLjSiu7/I3/AB7rg8TfFvXdRtkzayX
+ I2NGuRMUjjiLnjr+6wPYD1oriW3ozIWynVVQ4xnJ/DrRX1FOmoQUV0PnZ1HKTZbutUu4NUmMEkk
+ QJOUx07HHpXWeENV1a8vL/AE63na2vbq1xBJExG8g4x9ea4KRfO1SR1fgFvmY5J5/nWno+ovpHi
+ 2y1KJik8MquFI+8Qw4P9a58Xho1KctNTbC15U5rXQ5g+cuq3T3s0rXiOVZ5CSwbJH5+9V5LbIXJ
+ CyH0rp/EyRt471h4kYRPdtKmPRjvx9OazYoVYk5BYDPJ5x1IropfAjGp8TMSO3Mc4O4q64AOato
+ S8bDO/wCfpnv61eeJQ/zkqoOQuOSKgJIuTtRUXOe/P1q0kjO5+kX/AATX8Xvo/wC0l478Hyz4t9
+ Z0aK9hiHQy28hRz9dskY/Cpv8AgoBrV/49/wCCgPhXwLoAS7uvDPhoNKTIFSGS5k82RpGPEaIkU
+ ZZjwAw7kA/Mv7JnjPT/AAH+374B13VpI7fSm+1Wt9LI2AkbW7yEn8YVA+prA8X+PtQ8bfGHxl4i
+ uGZLrxLqcmpaoxGHkVm/0e3P+xFEI129CwJPSuKqpKo+XdnsZTT55q+yM37bovgWS8fwvL/a/ii
+ RWT+2RHttLVmyrtZxN8xkIJHnvjjJRRnNfRP7Gvg3d+0z4Y+Iut3raT4c8Lavb4upGwLq9nJhjg
+ BPJP73J7klR3NeC/D34d618UfjDZ+HNHUxhm86+vXXMVnAD80rnp7AfxH2BI+5LK68A6DoejayF
+ a3+DfgbU4oPDkQOX8Ua55oBuyP40jfcQx4Lbn6Ipr57NswVCXsabbnK13u0unzeyXq+h9jSw/NF
+ t6R1sfr34o0eWDw3DeQgeZDGN+B+dfjz+39+0z/wkFxD8BvBuoSvpFg6yeMp4MgXE4AZLPPRkUM
+ HfHBbapyNwr9Gv2u/j3Z/BT9iLVtatLi3PjTXIfsHha0k+YyXMi5M23ukSkyMfYDqRX809zNNeX
+ 013Pd3F5PI5kmnmJaSV2JLM2e5JJJ9TX0OGo9T4HEVehSIds5DFmyMs3H4/hXXeFby5tobqztr2
+ W2upZI3t2D4QMM/IQRjnOORjNcuOUDhmj28kseB/tf/AFqikLvP5oZ92DsYN275z/Kt61JTjYxp
+ VeSSZ9Kp4nbVPDcWh61p9uJUX97bSDKFh/y1iU9M/wASDivPW0bb4smvZ7qwks4282P98B5rfw5
+ zyMfoK4qPxh4jtLD7I12t3bcALJGGKfiQTXO3uo3upXGy4keOInkRk15FHL6tOTSaSZ6tTMKU4p
+ tXaPVT4mshqLaTbyC6spoDDfXIHyMzZwR6gHn8a4qSKZNQHmmBSx2synGecZrDtECKybWxxjHTG
+ a27d5RJJHLISo6sD2NenhcKqK0POxGIdV6jvLRUZC8ZAYc4Lg8deOaKieVllLRlERgCFPyn8qK7
+ DmGygf2g+Bhc5LLjpSTKsRWbdu/iXcN3vxVkqVvo1UBoyMkN0P8AjSymN03nJ2g4+XH4UW0FfUz
+ fPkuZH8475HJ+cLyT7inBZGQJIXJ5IAHSn7pQVCMCo4BpdoQvg/vF657UKKByKzHfPkOC3K8dMD
+ 60zBM4fbtBAB7Hn2qyzFlKLtCYJyOCfemMRsOQwwcDf/jSC4/5djuCRKVO3HrjjrXa/DTwvrvjn
+ x9p3hzQbR77Wb5vLRP4UA+/I7fwovVm+g6kA8BNcBb+FSYzCSSuBwDX25+zihHgq88NfD24S2+I
+ PiRpG17xC6fJ4c0tGIJUngSPztB6sS3IXA8nOcZLC4Z1IrXbXZeb8l+O3U97h+KnieVntGg+EtB
+ 0fwzrPwv8MayumeDtIQz/ABX8dhvKa4YKC2nwSfw5HDEH5F4+82R8ofGT4mweOvF1ra+HrYeHfA
+ eiWhs/DWmqnlrbxKMCZk7O2BweQMDqTXV/GH4laNc6RafCj4aq9n8NNDkPmThzv1u6By9xI3V13
+ ZIJ++2W6bc/KPiXUktvLgLAhxjHXPtXh5DlUub6zWvzPVX31+0/7z7fZWi6n0+Z41UaTt0/qx7P
+ +0J8dfEHx6+Mlt4h1GS4tPD+kWSab4e01iP9GgCJ5rtjIMkki7mYdgg4wc+E/K4GFlB4yXOM9vx
+ qG0m3qVbLEjoy9D1GO2DUjSvhY8lnLdVP3fXj36CvsYqysfnjbbuNJEhXcmYoWPGcgn/AfzqywV
+ 0wJMKOANv+etSHajBFjSMIuHA65/x5pshXzGVSjOPm8xuhz9PypiKrxYlOFZ1A6qRxUKW4F3l8D
+ PQZyDmrsiBnaTciDA3BQRu9TxQVRtzBVdCBy/UmgAijb7RtY8ZypUYq7jMUxaYMT8yp2Knrn6Ux
+ drx4kKSMANpxx79O341FLIDFzGowAFI/LnGOO9VYSZTurkxyKyjgj+Fhx/nFFZ5AluWIwoXgYHX
+ 3opXGdFA5NhEwPKpjPXPNT3qBWcICFEQKjIbHGTyP5UUVXQlFWFFlty5A4HAXgcc96RVH2UfKeA
+ dvQf8A66KKYrlWNUfaXG/nkAcg04xkbkyRGx/g6EnoPpRRQNlORf30bEhpEfIJ55r23wl8QtV0H
+ 4G+IfB2iwDTjrd8H1TUEwsstuqKogBHIUkEk+hwOpNFFcmMw9OtFRmrpNP5p6Hp5PNxxKaKGhaD
+ qPiXxTb6PpMAmvJQz5J2xwxopaSWRuixooJLHp06kA+OasjXmoLc25W6icMI5lUjKkgo+09AQBx
+ 15oorOhNurKPa36np582lBd7jbS3uI53wsixKgRS33jjOT9Oa1IonSRpJWyzc/L2PY0UV2xPmWT
+ nc0gb7ueSq9M+uafBtMEjdZUbu/B5z060UVQiqzZYSAbWyc4x0PP4Ubd8qJnaSDjAoooAmZVkdE
+ 3EDHy8jr15x171QnVojIwbJ28ZAH5/T0oorMszY2KHdvZc9SvFFFFAH/9k=
+mail: Hermione.Granger@hogwarts.edu
+uid: 20002
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=rweasley,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: rweasley
+sn: Weasley
+businessCategory: student
+businessCategory: wizard
+businessCategory: humorist
+displayName: Ron Weasley
+givenName: Ron
+jpegPhoto:: /9j/4AAQSkZJRgABAQEAZABkAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAGQ
+ AAAABAAAAZAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD8a1HQGptoK1Ht5qdR8leU3Y9NIhKjFN8vdU+Rmg+
+ uKakFioy4+lNwKsEZPNNOAe9WmS0NVcjPPSlKhUJYgAckk4Ap+5URmPRQSeM9K+4fgX+zTd6nr3
+ hrXPGmkLLazyiZrW+G1kQdQiHr821TK2QTvVVIBJ5cXjKeHpuc3oa0aE6s1GK1PieGxvJUQwWs0
+ odd0YUDdIPVB1f/AIDnPavSvhl8GviH8WpryXwZoM13o9k+2/1m6fybG3f/AJ5+a3Dy4/gXJHG7
+ bkGv2guYPBHh74dajp/hDw3olvJbQGS71G7g+0SSuVxuyw3M7HCqq7ckjhQK+evGPjNZvC/hDw/
+ 4x12exnvbRNStrCSdNPtoFlUeZCRHEUR4ZE2NIRg8Z4NeFT4g9spckLdv+GPY/sbka55Hyje/sZ
+ /EyPSnm03V/D2oX6RhvsgLMJMgkYlQkKOO4bPtXzZ4x8EeLvh/4j/srxx4c1bwvds+2F763ZLe5
+ OAQYZ8eXKCCCNjE+oBBA/VrwN4lvdE8SaX4Rnu5FS9d/wCxrPVr9FS+AAaQafqEbNE7lQSIZNhb
+ HKrkNX0ZLZ33iL4eX/hfUbLTPE08Be3n0XXLZHtdXi5IzHICEkKEdMZfOCM5rgXEVelO1WN15aM
+ 6nktKpG8JWf3n8+JiAHQg+4qMx4NfoR8cv2R7aH4c3nxP+COn6iNHtYZJvEHguQM9zpgjJEz2uf
+ mdI2HzQn5gvzIMfKfz+yjRqyMrowyGByCDyCD3BGDmvp8JjKeJpqpT2PBxGGnRnyTWpVxzxTSCa
+ sd+BQVGK7Ezn5SqRim4yasEe1ATv1q+YViHBoqXaaKXMFiTbzU3bFNRMkHtU4RTWTZZGE4yKa3c
+ CrOMKKaQPxqR2Km315pCo7irBAqIpn3qlIR63+z/APDe3+Ln7aHw2+HV6b5NK1rV9urPZKfOSxi
+ ikmuWUj7v7uPZu7eZxziv1u+Keoaj4e+K7abMX0uOS2aS5lkmAa0skYxpCGXlQcHdtAJ2sMjJz8
+ f/APBOXT9MsP2rfHXxH1q7tYbTwn4TEEFu2fNuJ9RuliRIzj5WItnjz6zCujs77xt8Tv2wdHvL6
+ /m1vTbTxkbWSSy/fx3uoowv78LxiSC0DLArN8u9uhAr53PKDxElFbRV38/6R6+VVfZJyfXRH1zo
+ OmpP8bfDHhYE/YYrh7zWPOAXzLtbdpUhPbcrGPcBwvCj7or518aWuieOdL0iJrlUm0yRX02+ePE
+ sRkadz+GAm7uR2rT8X/FGw8IePdZ0tL5j4mOpT3FzPBICbdyWk2K/OAGkwW5LHPc8eEnVriztp4
+ 4YXnDslzaEMBunQKHt8fjgE9S2PWvmKVOpFabnvzcXudD4XngOja5EIBb20FxGNc0BwhS3mDZju
+ 7cMNqyBskAfLICwI+Yivp/w/wDE/SE1W3vJ79bCaKBIJdSll3Rb04jW43/Mq54WbkgbQTlWz8sw
+ Safrmj6hrltenSdVQMhuEj3FcqGkhuIj1BPVWHy5UjGNw8B8Q+MLh9fn8uT+z7rYYnaOQmKYD5S
+ rqeoPTd+Bzwa0WDeJk1tYn6wqMVc/YGy8V2MHxK0l47iKz1HW3WGNZJNsMtzIuYYZj03lkcI3R0
+ DJkkCvyI/a1+CsHwU/axurLRbaS08CeJrT+3/C0LLg2dvI+2eyI2jabaffEBj/AFZj64OPoT9nT
+ xVoPjPwxrHw6+IuoXkGmM0enQXTSY8izuZB5bxyZ3R3FlfCCaF/4UndRz09f/bm8r4gfsH+FdT1
+ jU9P1P4m/DXU9NfWblSA13p2qpJZi5TH3kluoInP91o2x96vqMlwzoNxb3PEzWoq0VNLb9T8ggo
+ yRgZFGypAu3g8Yp6qGOTXuXPJsVSpzShT+NWZIyrZHFRcng80cxLRFtNFWNtFLmY+UTmpUXg/Sm
+ dMHFSg5U0rlDSDSKOuakUjBzTW6mlcCIjIJxQBUkYyMHpSEYemLlPrz9lGLWRa/Ey78Pailprcc
+ FsIIpTmN3WK4FtIR/F5c08krKTjbDnGcV6t8NNStvBnwH+Engj4darDF4j1DQ7jTl1m5VQ1ul5q
+ 3m3pU8bd8MaAHrtGCRXhf7MHiaTw34/8YXDBXtotFkuCpHBfypoVY+oHmf4V56mrXnh/xn4ds4J
+ Zjb6Zai0tWIy0kWMlie5JOc14uKVSdWcL9n+D/wAz1MOoxhGdu6/E9I8UxWtt4z1/WrO8k1rSxq
+ 0i2t3KMNcxLx5hH+0wZh3xitnw94ma2161h1COK7ght4r47lzlMM+Prg9exxVO51zRJ/gtHAEmF
+ 5FcMJY2AAwysgfJ7bmXP17Vzl5fW0XxFu49Lnt/sn9kwW9vI06lGYwhXXP1zx7VxfV3Vjax6SqK
+ Er33NPxf4iiF3ea3o4nstQaQeay5C3aMu9fMPd1BADV4Tcat9qzcMqCNhiRNv+rPdWA6r6EdAfy
+ +lfA/hqTxH4E8RaTrMRtru3Kva3BG5HTYE2hh0I2/rXhviHwpHoWsTwa42llLjiGaPUlhuEboMK
+ w5z6HriuzB0VFuNtUcmLbcVJPRnr3gOCS0+D2mXpaDzP7dhtrTUo+RPBI4iaCcDlnhleFt3ePb1
+ 2h66ue/1zxR4X+LNjczmO1i+GN/oupQXc24RXFtqDT6fyeR5ci3IDdQXHB4I810XwPrekeF9dsr
+ bUY/EgmiinXSl0+W3uhKq/IwY4ywXI3AYYcDpWJrfjWaT4a+LL86XDp2v+KZrew1G7V3DX6W7b5
+ J5ImyIZWIEbhT8zAseTXZyWmnE5JNclpHhxAlPmqCqv8AMBjpnnFLswehxUtOAzx0/Cu25wLYib
+ LR89qiUDNW2X5CB+NQbQG64NNMB2BjvRTxwOeaKQDQgI96URjPHUU9VJNSgYPTNAFcp2pmzntVv
+ y9zZzTHTavHX6UAQ44xTdvYVLtJxxUgTAzQB6F8KNUk0/4pTW0dv9r/ALS0u4tfLB53fLIhA9Qy
+ fkTXVaHpMd94ytZBatqCTSxxSW5U70w5CgE4z9Oo6V4nEzx3CSRPLHIrBkdGKsp9QRyDX0zofw0
+ 8Z/EP4f8Ag/XrDU7W41Z9Glu4bWzcpPa/ZZ/3N5elPl8udgqhj8wYqCMtiuarCKlzN2udVCrZcp
+ 7XY/BPTPEug/a7WQBJIhuhLFQSP4WHUHsRTk+CMV3retX48NQabq2oWK2N3qBu2kURqFBMa/wOQ
+ i5cYOB9a9K8OXl7Y+J44r2+e5trnDQvNEYpgxQEpIvZ1OVP0r35YJD4anMUYnYQsyqQeu0kfXOK
+ 5Z1alBtRe57FHDU60U2tjzT4K/Cqw0vRvGNvdP8Aa3urMvbH5iIdoIyCc9ODz3rxuX4H2U8yS/2
+ dp2sbZ4ZnhvVZg00X3ZeTw2PvY4OeRX0D8NPjh8KvDmptYav4/wBJu71rGQ3sUYLSRSSDhTgcLk
+ kdOorf0PxT8OvFHjPU5vh54m1DxFZIol1S3utPa3axmJ24UkbXQ4IBXrin++prnT1Np0aLXK1+p
+ keBtD0Tw74jufGXjay0S6/szR7y5eAQg79qvKzMT952ZuSevAGMV+XPxp8R+DtX8VeH9N8Coo0m
+ z05bzVmSQyw/2tcKpuo4ZCf3kSFOH6EysowI6/QP9pDxMvg79lXxlqcVwbfU9YEOiaUFxueW4bM
+ jAHhgsKSOw/uivyWK7YwqD5VGFHoB0rto83JeWtzxsbOKlyxF6sTTgD1qIA5qyo461qcVxi/MSv
+ ekMYzUhBzmngg9eKBEaw5FFT4+UDsKKB2HiBR0alMK5+/n2qcLjp1qTCkZIyai7KIFiUISTUTor
+ dDUhXMhOKQIM8mmBD5eFyT0pyorcZ+tSyjC7e+K6Pwz4T1PxFcPMjx6Vo0Jxc6teIwgjJ6Rpjma
+ Y9kTnjkrxkHGDk7JFDR/DWqa7eT2+jWM+oyW8XmXHlsgESk4yxYgD+Z9K/ZL9iL4VeFvA/8AwT8
+ 8TeP9ZtoPFni34gW/2PVdPhufN/sTSI3YRWkyxsWhmZ2edjgMrFVB+UGvzJ1Xxfb6H4NXwt4Y02
+ Wx06BiJ764IFxdnJLOygYz9SeK4Lwp4s8VfDr4oQ+OPh/4hvfC3iiJw/2yzwBdL12TxjC3ETdCk
+ gIIzjBwR004uN31NMRg1ypJ69T7o8ZXd34W+Jlz4Y1BZpIRc7/DesScC/XORDMeiXBB652ytzwT
+ tr07wt8WLTTfD1tfvFeXdxFw8cMRmcMOo2DnI9CKx9E+InhP9q34P3qJpul6H8UtKsfO8QeHInK
+ uyAgG+s93E9qWxuHDwsQrcFTXg1za634V8XPMwuPNU/6WqKcyqOPMC9SwGMjqevrXm16PtNJbo6
+ MLinT0NXxJ4h+GfiHWL1vCnw98ayzSztJcyR6O9mIWJy21ZFByT1PHHTNek/Dv4g3el6VfaRpPw
+ 21LQEkKm/1C4v4WSUBsJGqgl93J4IwM5rl9G0vwZ4kk+333iSyhmYZljE2GH+8C1e6/B7wD4evv
+ idZX0E0uu6Bp8xuLe1jUGLUZYmUmHOQGXPU5xkBc8kVnJU5x5EtfO56U6sYU+br8j4S/an+Kkfj
+ r4qaP4Q0yUS6D4RjliuJIyClzqcuBcMCOCsSKIVPqZulfMKGHBAVjX1H+1R8GbL4Tftja94d0KK
+ Z/DfiG3/4SfwTdEki6s7mR2lsj28y3lEkYxzt2K3JBPyqrKwV0KspAIZTkEV6U4OJ89z8/vdx+x
+ AcjcBnpQPT5qd3p67c9MVAIZjHrShcuOtTBc9Oafs2nmi47DGTFFT4UqMLRU8wx+OMjmjkKeKlC
+ /IKR+FrLmKsVjkdqI1Z24yamK54/Oua1/wATSaIRpWmW4uNdudgVmXd9nDH5QF7yNkY9Bg966aF
+ N1JKPQxq1FCLZ0l49lptuLjUri0iBHyCWTA+vvXPXHjPTyIUtteMfksWh2zsFjJ6lVzhSfUDJ71
+ iL4W2zNc67PLq2qk5lVpMqjdSvuRntxUVxp1hJEyHTrUgdimD7CvbhSjTjZI8qdWUnds6W18VXK
+ PuldNVhY5ZmkxIxJ/vjr/wIVvwajZ36GazLMy/6y3lIDx/h3HuOK8iGk2EVwfsyzWkh7LKevsen
+ 4GmPeXuk3UTyzO8YbCXKjDIfRh0x+hrGpRjLbQ6aONqQ0eqPb/D/AIi1vwj8RdG8WeEtUuND8Sa
+ Tci4sLuIZKP3Vl6PGw+V0PDqSD2I/Vzwu3hv9pv8AZ9/4Tnw1Z22i+LLKdbXxLo0LZGnXu3dlD1
+ MEikSRP/dYqcMhFfjPp2sm+iJkSJ3UAsYD8wB77e/4Gvqz9mP4l6v8I/2l9O8ZafP/AGl4cuIxY
+ +LNBhmxJqWnOcuUzhRcQuBLGDyPnwcO1cVag2vM9CM/ae9A9l8d+OtB+C5h8I/EfQ7PVYtdWSe3
+ 8ixje+09YyUa+R8bgMjYq/MHwxIK1638IP2gPgRpFtPD4g+NAlntryN/DtzeaRMt5JFKNx0+4so
+ QcBSHJljJUOwKjnFclZeGPg5+1pq/irxdf6S8/j+PU3i1OyM8ltfaAokaKzgVdxBtxGseGGVZ2f
+ ODmviP4sfDa0+D/wASvB95oFjdX2lXdvKts6FWEOpWlywmYeblT8wRghB+42ARWKhC6jL4jndWd
+ m1sfe/7Yfxn/Zv+O37EmkXfwp8VP4l+IHgW9a8EF1pdxYalp1jJdRC8chwoeIZjBXG7cEkADKTX
+ 5kskd9aSa1biOOAuBqUKDC20zHCzqo6Ru3yvjhXIbGGJrN8W61f2Px+u/G+naTbaS+t2SapNpVz
+ EHtnjvoiLiF48KCkjCRiqgAbxtxtFZXgrWUg8bRzW8AitJGkhm0+Z/NjlgfINu5YZZSpAyeflUn
+ mu+VP3LGOHqLm5ZHQMpErKVIIOCD1HtS8Z6GvQvFnhpLLQ9M1mwZ57GZfLEp5LqACjNn+PB2se5
+ UmuDCccivPqQ5HY72mm0x0YGAQOtTMoNMXCnnpTt4I461g27hoOHFFNycCigRdKqqYAwc1DIv3S
+ O9SvIWwKhLcn2rFI0b1GMQkLSP8AcUFm56gDNed+CjJeeMr7xJcILi7ldhY+afl3nlnz2EcYAz2
+ zjrXe6gM+Hr/51jJtnAZui5B5/KszSbW2tvDFrfzRtDZPAIbOAH5ig5YD/ePU9+favZyyO8jzMa
+ 9UhLhYkj86R3uDISyeYSCQTknaOBmqKm3ku8yRrHBjB8kYx6+uabdSvc3jSOVLN0AGAAOg+lQRM
+ Y7pWIJQMCR+Nei5XOIqahp72t0Y2PmxMMwzL91lPQis9E+2RyWkqh7hEJQYyJVHJH19PxrvbyyF
+ yWssqsdxHvtJOi7+uPY57e9ed/aJIdUguI8rLE4I+vp/n3pyhZiTuc/eG40fUoL/AE5jFGwzheV
+ B7/gRXqfhXV21KM3+ksYb+1XzLuDOdqjHz46mP1PbviuP1CGI3U8KjNu3zoMZADcgfriuatX1PQ
+ fElvquk3U1re2rmWCaI4ZSPTsRjgg5BGQcg1jON0dFCs6crn1NJ4v8T+C/Hnh343fDzUJtB8R2U
+ iWOrlEV08zb8nnKeJYplAjZW4fan3WAavdviT42+H37Q37ElppfhwWnhX4mWvie1urnQ7q5/d2H
+ mxyx3l7C55ks9iiZmxvjbhuoz85+A/FHh3xyl/o91Yw6RqGo2n2bUrG0IWO7j+951upPDxsPNCd
+ V52kg4ry5Y9U8NeOXi3eRrOl3hHnIMB2jYMGKHqrgI+xuGUjINc1Sg6lmtJLZ/wBdDqrzs+eOsZ
+ b+p6b8b4dMX4wLZaQY/wCztP0y0gs4xbmBoImt43W3dD9yRGEj7P4VnQcYNeDJM2k+JLe73ssJf
+ bLjqD0DGusvNVvdX166vdRuZb29u7mS5uJpm3NLM5LO59yT24A4xgCue1S2MttLHggODlc9D/St
+ qUJKmozd2cc5r2nNE+nfCeqxa58Ktf8ACl3Ek8jW7ahpcqtl1mjX54s91kQn5fUE15oCCOCCOxB
+ zkVx/w68UX+na/p743i1mBdzyybTzgd8jjHua9A1SBbfxNqMcQ/dC4ZogFx8jHcvHYYI4rixcbJ
+ eR6sKimk/l/X3mazDFC9PWpNhPO2gId2K4nJFWHpgkgDmipFwvbnFFZ8xVhSpDH2pp6/zqy4y5P
+ rSKg5qUxvexy/imZx4at9PhJWa/n8vIPzBB97FcnrfiKFdXZLJQtpD+7togeERQAAPQcZ/GtvxZ
+ MzazEkeRKlt5aE/wBjlz9TwPzrlbfT4Bl3Xe5GdxFe9hI8tFLvqePiZc1R+RQj8VSRSf6QjAdgB
+ mugtNWtb6MMk69MEdxUT6VBLDkKj8c/J0rLuPDg2mW0lNvcKuRtHX8K3MDvY9Zt7CG6trpJZYlt
+ zM0ZHzHAyCh7HGa5HV0jj8VXbQyedDIyyxyDo6sAcj8c/jmm6XqiXMsOl6wVt76A4tZ34DDvE/q
+ h7H+E+xqtqltNp2tyWUoIaLYI89fLOSn8yM98VpKTcRJEzsXdWJ7AVvaSmj/wDCL6xPqWmx391I
+ pW0kdyvkEDlgB71zi5b5gCR3NbqxmLwhFJkEyq2MHp83cVhVbsrGtJK92efm3uLK/FzZyTQXEUg
+ aOSJyrow6MrDkEdsV6jqHij/hNdHs9Sv4Fh8X2FsIdQmCgDVLdT+7nwOBLFkq4H3lIP8ADiuMnU
+ G4fPfrVWHNrrFvNGSAsgIwOQcYP4EEgj0OetaEqbSaOiY7rwysMyHlmJ5Yn3pLpWEPzBgMDBx+u
+ KtSRmFFYhl7kqcqQf51Wl/1B+cdeM55FIkxtFiaDx1NKjlY2iLEg+4FesWkcUxS6DTNIyhmYyHr
+ grj8MYry21YjXEKnaW4OfTNek6VL+8jQDho24Hc7if8AGubExbhK3Y7sNJJK/c3ggxk80vlpnOB
+ +dPQKfb1p5RV6dK8C56tiuYxngUVKS2eKKLhZE5TPamFURGkkISNF3Ox4CgdTVogYqTFoun3Ut6
+ ITbRx75POXcgAPUj+LnoO54rXD0XVqKHczr1FTg5djyqexl1O5u9cnb7Lp4OTcTDjbnAVR/E2Og
+ HGe9c/cajp0V2USaGFSflW6yWbsDlT7enFdNeS6n4x12CzsQtppqS+XC0qfIhxksQPvPgEkDAUY
+ 6V3NjpMWn6GlrpcMEGnoxMmoXcZMl3J3baMF/YZCqMCvqI0102Pn3J7s8o+1TD5obTTbk4/5d7j
+ ewH+6SDWjYa9DIVtL60gdV/hdNrx/Q9cV67N9mttERb+E6jdzcwwNZqWI9dqrwPTnNbHh/wAG6V
+ 4k1dU1jRdPudOt98t+sIFsbREzuBmByrnk4HCKrEnIAJNKnFybsOlGVSSjFXbPB/FWkafLoyavp
+ 8sMQRglwryg+Wx+63POCflIPqK9o+AH7OPxS/aq+KOieHPAekg2mnqItf8AEt7lbDSoM7keZxzJ
+ JjISJPmfIztU7hd1L4ojQ4GuPAGk6VpVk0P2XRYtP06NZLqIZUMwZSyiQkKinMj5Bc5O1f6W/wB
+ m7wBovwL/AGN/A/w5vLywbxdDp6X/AIpuFID3OoTgSTO3PQFtij+FFAAArCpV5YczVrnTHDqVTl
+ g+bzt/X6Hx/wDDz/gn7+xXZfDZvCuu2finx942t7o2Gqarqes3FheRXA+Y+VDCVW3T5l2hR8yFd
+ zOMmvxv/ac+Hui/Dj9rn4neAPA8Wu33g/whqItbWe6D3MsMAji3STyquNolkZN5wo+UE54r9r/2
+ 1vh18arDxTYftAfA24TVH0ezWLxLpFmC011bI+5bnYD85hXfnb85RiMNtAr8ptM8e/EzV/2rPi3
+ /AMKm0mD4k+MfGfhq/tNStrRYWjntnRZbiXy5GCT4AyEU5b5cAmvIp4irKolJXPXrYXDRp+5Lff
+ rbqfBU64l79P5VXkQsuASrYyCOx9anchYYgjM6hAql/vEDj5vfjngHOcimHORznivaPnzUsw39m
+ ReYw3KuGZeCTn0qWTaAcP16+lR22DCeQG6j5M84pZQpjLNuztyPUikBjwn/AIm0q8gLkD6V3Vjd
+ +Tqlgh5Dq2cd8Ef0JrhjxrMhLHDRqRj1zg/j0remkKzWT8/K/wDPipSvKx0RdqTPU9u1iOmMjH4
+ 1IvPU1WtpPP023mJzvQEk+o4P8qtDGa+YmnFtHsqV4pi4U+v5UVMoBAxgcUUuYsmVS3A71xPiu6
+ e4vYdAt5ViGPtF6+eI1HIz7qOcepWu1muYrPTbm8mAEUEZkbJ64Ga8ySaPTdOuNU1bE+qXLC4e3
+ P8Ay0fOY429FU4Zh7AV6eVUrylPtoedj6loqBv6TqNppNhqHlwmKWCOKGJXOWiR8kIf9tsZc9SS
+ Bnitka5PLpsU1y/mzuCVJwAgJ4AHavM9MaW48NXc80jS3NxqY3v3bCAkn33M1bl1cBrw26fcRVB
+ YjoRX0EZux5DRvXuuNY6bdamJw91hYrVN3Kuc/vG/3QCQO5xUragtl+zzpGg2010NR1RY2vCJjm
+ T7VcM0qnHJGxFXDHkO2Qc15PrGovPO4UbU80lFPOMgAc/7oFdHaXrNoumbnZBa3UIdd2AvGAeOe
+ uRXNUfNa/dHRRk4c1u1v6+Vz6O/ZY0qz8a/8FYfgrpN3a28mnnxal1LBMdsSxWcckql/wDZV4o2
+ 571+2/jb4Y/EHRfjN4x8a+D/ABY/iO31O/kvXtMjzZDwCqfNtJ4OF4Br8Dv2e9Vh0f8Abo+G2o3
+ t39htX1iS0ll83BYTxSxiPd/CXcxqDxzj1xX69eCp/imNDeGc3SWltIYyYdX3+btJG4oeQT3rgx
+ 95WR7uRJJTknqeteB/2i9a0qW5ttSUSW6sY7i2lUxTW7HIKujcg+oPfpmvjD9mDw74O+HH7bXjH
+ x5c+Dk+2wXFxLo00u9/sskkrSbolBwoII4HpxivWPFC6pe6rPqHibwJ4osZo12/2pZ3Vrd+ag/v
+ orhzx0BBxXK+Fra28XfFK0t9P8T6paLHE0lzFdae9ikEMY+Yv/fIB+6MmuH2Dl7qe56M+X4mtUf
+ BH7cPw2ufhx/wUN8XyjSrfRtD8XrH4s0S2gOUjgvAGljxgBHW4Wbcgzt3rzzXyQuCw616j8Z/ij
+ q/xc+OF14n1S6M9na2403RIw7MsNjC7iLBbkl87yT/AHgO1eXRt82Tz617UE+VXPkKluZ22LsC4
+ bLBjg44P+cGpsI0brnL5PPtUMBbdlQOTjp1qY4YkNlSOmBzVkGZKf8ATQ23HyHGPqK0p/nRVBzl
+ SRx0wM/0rOnH+mKpIOFYDr3Gf8atM+TbnkBvlI7jKn/CofxG0f4bPTPD0hm8PFXOWjlIz6hgGH8
+ zW6FXFcf4TmUs0RPElvuAz3QkH9GFdljJ/nXhZhDlry89fvPVwfvUl5CggCinUVxHaLq0U3/CL6
+ itusLTfZ2KCRNy5HPTvXgd1JJJBaec7SSMpMjE53EnOfrzX0y0W6NlPQjB/GvnHXrVrDXJbQqyi
+ KQrj2HSvYympeEo/M8rMqdpKRoaJMRpM0WQGS4WRePVcf0q1cykW91KdxLZAOcDJ4FVdCg/4lN9
+ dSECMsiICOrDJP5ZFNvJiltkkbVYykD0XLf0r2r2ieWldnJ3TEX8iIAQspByPwJFdFZXIj1YMwB
+ icBWB4GRhgfzH61xaSmSzy3J3FmZfUnJ/nW/DJ8kTksNuMj1waz6DvfUu3Fy8gnktpHtZmfzI5F
+ bDRSbtysCOhB5BGMYr9iPgH461jx38E9E8QrqWll5rVf7QackGO7X5ZkZRj+Ibuv8AFX47z2ssc
+ gkixIknIZRkH/69dN4W8beJ/A18brw14n1rw3c3cqxrb2MgKzScAM6OChAHViucADNYVaXtUrPU
+ 78Bi1h6jcldM/dCWx8dS2Vzdvr/wvmjDZhhSyuwxHoSJMZ/Cvlf47+MLXwf+xt43m1WSy0nxv4i
+ uf7D8PxaPLLEzRth57rcTu2KiyKegO4LyTXw1/wANN/HVWmhi8ebYo5WRSdIt9xAYjJIXk15l4m
+ 8Y+KvGuvLq3i7xBqfiLUEj8uOa8cYiTOdqIoCoCRkhRz36CsqWHlGV2zsxOaQnTcYRabOccKHIR
+ AiDhVAwAB0+lC4yMenNDgjGe68UwZFdZ4hoxDOeODgAg4INWGyX3FT1zll/DHvVWLlcnkg/rjir
+ eQUbcrYI5HOT/WgDOnJGqQnkjdgj8D/iadljYQKxzh1XcR/s5/rUd0MXkGM4Eo3Z780+Y7bSDrn
+ 7RgfgoqX8SNY/AzpvCs+zWLVSR/rDGx9nU/1Ar1AqQeQM968atXWz8TSFDhCVljPsCGH9fyr2dm
+ O9iOhORg15ObRtKL+R6GWy92SF8o0VMEbywc0V5HMeidC0R2EnkY59q8f+I+kML601REysg8qfn
+ owGVJ9iP5V7VtIGSeBWJrOmJqvh28spcASJlHxnYw5VvzqsFiPZVU3sTiqPtKbR4c0qW2hWVkuO
+ I8ucY+duSa5/U5o5NBnwBgowLbsBQRjPvzj86hu7mdiwlBR9gBHpUF+3/FtzNjMjyMrH0+dQP5V
+ 9dKWlj5yO5x0c/lseDg9cdq2YdSiCLmVQQOjVzBZsnk9aTJJ96SYjtf8AhIfIQpaeYzHrhiF6Y5
+ /zmmaI8l348spZ3L+WWlYkfdCqT+WccVy0YccntXSaHlI9WvQcbLTylH+1Ido/lTjuU78pdtmLx
+ Bz1Y7vz5q8gyhqlAMAAdBV1f9U30pEkzj/RYXPqy/yqr0IFXGGdNB/uz8/iKqN94n3oaAu27fum
+ JB5PpntVuNcr1yoXnHWqtvt+yk985P5Vsadbi6vmg3KhIxznAPbmhK7sBz9+f3kLkn768DPHIqy
+ 3NhgDGLgH81/+tUetwmCwmVyC8MwViPUEfpQ7ZspVHUSqf5/41MtGaw+FliOTfZWNx8paGQ28nr
+ jJ2n8iwr2XSZGuPD1hMcMTAoY+68H+VeJWZLXF5agDMu7y/wDfU7l/lXr/AIQuFuvBBQZLQzt+T
+ AMP5n8q4s1jeipdn/X6HRl7tVa7o6Mtg8DIoqMtu5wwor57lPYudjlTxjioiuZcYyCaKK50jokf
+ KetqF12/h6SQvk/7SHj9CDVeQA/DPUFOCEfHTuSGH8qKK+4ex8rHf7zzxufxNPWMHg5zRRSFFXZ
+ ZGVXafvHpXTQp9l8KGLHz3F4oPuqLn/0I0UVUN2VLYlgPTmtBB8jL3xmiim9jMtwfNpU65GN4PN
+ Vpoh5CyAcE7SP5UUUNaAT2+FtkYkA9888VtaYH/taNlzhcsCB0/wA+9FFOC95Cexn+KlU3WrIOM
+ gMD2PyiseGQvbK3ZoY3x78g/wBKKKmotS6fwsUOYtR8xBhkl3L9c5r1DwZciPXry0BBjngEyD1w
+ ckY+jfpRRWGLinQqX7GmGk1Wj6noEqfPxye9FFFfJXPfuf/Z
+mail: Ron.Weasley@hogwarts.edu
+uid: 20003
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=fweasley,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: fweasley
+sn: Weasley
+businessCategory: student
+businessCategory: wizard
+displayName: Fred Weasley
+givenName: Fred
+jpegPhoto:: /9j/4AAQSkZJRgABAQEAYABgAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hANJFeGlmAABNTQAqAAAACAAGARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABWARsABQAAAAEAAABeASgAAwAAAAEAAgAAATEAAgAAAAsAAABmh2kABAAAAAE
+ AAAByAAAAAAAAAGAAAAABAAAAYAAAAAFQaWNhc2EgMy4wAAAABJAAAAcAAAAEMDIxMKACAAQAAA
+ ABAAAAlqADAAQAAAABAAAAyKQgAAIAAAAhAAAAqAAAAAA4Y2VkMGNlZWQ1MzAzNjhjMmE1YTZiN
+ zk2NTE2ZWE0NwAA/9sAQwACAQECAQECAgECAgICAgMFAwMDAwMGBAQDBQcGBwcHBgYGBwgLCQcI
+ CggGBgkNCQoLCwwMDAcJDQ4NDA4LDAwL/9sAQwECAgIDAgMFAwMFCwgGCAsLCwsLCwsLCwsLCws
+ LCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsL/8AAEQgAyACWAwEiAAIRAQMRAf
+ /EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECA
+ wAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNE
+ RUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaq
+ ys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQ
+ EBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQ
+ VEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNU
+ VVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i
+ 5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A/Fsq2a
+ QccU8KZF5pQBH368VqAKmF+brSMpBx2zT855pAcnigBmwk8ChlJBJ4FPDZPOMCmvJ83b8aAGxZJ
+ OwE4BJ4zipIoJpomkhikZE5LKpIA969G+BXwN8XePdetLzwJp8cphmGZLggQjjuCQWGCeBnrXt0
+ fw08D/DXVom8f3Xh+31+1cC5GhWksQL5+4zK5O7kAjA9vSvMxeaUsJLler7LV/cehhMuq4pcy0X
+ d7Hy54c8OzeJIZWsCJHEUkkQRgdxTBYH8D/jXUW/wQ8V+IbKG/wBK0O9nsbeKO0il2f8AHy6Llt
+ iDLsAWIJC46c19Haf418P6X4p/tTwnoNnciW7ScwrGYXuMcHzDJkbWA2t03Agda2fFHxxt5orct
+ o1rodyzSJNNZTeaxVmyNhGFjwAF5OOBjpXk1uIZL+FS+89WhkCl/EqaeR8T31lPp900V/FLDOpK
+ vHIhR1IPOVYAj8qiYA5z1r7M8Z+Ifhf8T9LhX4hXGm3N5ApCyvcC5nQ+kmyQZI9MkCvnj4g/BO5
+ inu7/AMDRR3mkxL5uYyyyKnT/AFZ6j3BNehg84pYm0ai5Jee3yZw4vKKuHvKm+aPl+qPPFY9u9B
+ TcSaRVweP/ANVSIhx0r2DyBijJ+nWkVdslTKmKQr82KAGMm7pgURRkdaeV+XigLz3pANkjO75Rm
+ ipeh+Y0VdgKyR4b5aQICSG607G7v0pAm5utSAPGQPlpqdhxzU23ge1NMWenWgCJnyfl6egrqfhD
+ 8Nrv4neObXT7LZFCqNc3Vw5UJawJgvIxbgAZA+pFcxI6QKzz/Kigsx6bQBknP0r7y/Zj/ZQvvhZ
+ 8NdPg120tbTxT44FpcXIuOZreKUM1pZopGd5RZLiQ444UZ4NeVnOYrL8O5L4nov1fy3PTynA/Xq
+ 6jL4Vq/T/gnj3jX4gN4E0aS08ByTaTotuPKW6mU7rkqMttQEMzEAncx6HgV4p4g+OepQXTTfbJm
+ WX97ABGIktiG4IUfxMRnJPavpD9pr4F6v47+J9r4M0mOOxsPCVo51K7z/y3nlzsOD80pCc46ZUe
+ tVdH/Yx07w34fTUfH+n3FwAoa3tt+GJ6jd/tHI47Zr5bBV6XJGpNXlLXz+/z3Psq2DqOThDRL7j
+ 5k03xxox1FbjW5ry6uJYw08omZRIxydoGQBjPOOMmugm+Kvh3R4UgsLi/tJJQN0M+2eCYDt7KeR
+ 82K90uP2e9NvfNuLvSdP8AMmGBGsf+pX2YD/x6uTv/ANkawaBj9kWaMscbjloz9P8ADtXdVrUZe
+ 9Uv95hDCVqa5YNHnVp41sNcd2vtHh1G22nFrADbzov+wNwXj1FdT8G/Hdlp/jZNOieew05pTEI7
+ yVtkQZflG5hmN/XPykUxvhZbWF9FpF1FJa3EbgW8xONj54G737V0+jfsp658RvGMGmy2E9vcXEL
+ ES26/vGwpJYD1yoO3oOexrhxVfDqLjN2Vt/1OvD4StdSgrsj/AGj/ANma48M+GW8Sadpstq6sHu
+ 4o4yqNG3SbAyAP9pSQa8IQ+5Nfff7BfiC7+L/wpbQ9fdb3V7tpdEWEfvEHlIWcqmflYIpYj/ZbH
+ Tn57/ba/ZC1P9m3xp9oSBDo2ohZoWiHyoG6Eeik5HseO4rsyDPH7aWXYp++no+67f5HjZ/kqjTW
+ Owy9x7rt5/5nhacnJp2Pm5pB6805PmOG/wD1V9kfHjWTPQ/lTlXA5pwTrkUbeuaAFVe+M0UkY2A
+ 80VVxlcDApMDPT6VJtwaAoPWpERumVJJxzQc+lPKEng9O1JtIxQB3H7MXwot/jd+0F4R8Latew6
+ fZapqMZuZpHC/uYv3rxqSR87hPLHPG8t/DX1l+3b478R337UGnajo95cQw+GtQtL2xmiyQ0wX/A
+ FkZPGNj7F9AoI748F/4JneErTxx/wAFB/g5pXiC0S/sbzxIEngY4EiC1uWb64AzjvjFffX7SHw6
+ tLXX/Cb6/GkGo+OfE8ltplp5eDbwmbyoyq9lSJABn+9618PxLipUcZRguqdl5t6/gj7fhbDQrUK
+ rfdfgjWP7J2oJpWhePviD5qyeJriTWzbfd8wsxAaTuSFxtXt161y/xjL6j4kaXTbFYLS3BSJCAx
+ YkAbmHbGAAPrX1Z/wUS8exeDfHml+F/BZubvT/AAzp8NqIrSBj86oOMgc88EjpXyT4r/aM1eOYR
+ 3vw51Ca0Iy8u0tLx3AGc8+uKHhadKpyxfwq35HfRx0p0lOS+LX/AC/A81udcu7O5mjkttpmAU/L
+ jIHIGO3NWxMdKP2U2f2o3WJWUDJIYA5HfoRzXrGnW3h34u2MDaPpt1p+pkMZYZVwEG3PPpgim6F
+ 8N08Mo2oavYS3scWVLR5IGMYXpx7V1Soxa8hQqtyuZfjH9nLwx8bNKWC4inZ8mGO6t4xHNEuPkY
+ 8fMMlsehzTfhp8MfHPwC+L3hjUfibcf2zoS3NtYfboIAstuEJRXkA+6SjbWPQjB4KitO6/aqvPD
+ 2tjTtB8Ga1JaRZBkEbLJPjsAVAx05zjrXc+Gfixe/GlRZzaNqNgk8Xlus0LHzQeGSQFevOM5x0N
+ eViMDTnQdFyvutUdtLHSjV50rLqcX4Q/Z0t/2cv+CpGny+A7i3t9H8ej+3dKQhUia5MzOsJ427w
+ zOMjqHzyAa9G/4LQfs1/2b+w7qfjD7LLBDogutysw3xlriIlDnkRq7OQvO0HjgVzn/BUU3PwZ8M
+ /s/a7qsd1KbXUka0vfLxIY7ddxR+nIIKHHXcDX3F/wUq07Sf2jv+CbvxF8KaP9gimt/Al3rLz3G
+ f8ARb7yEkjHmDO1tyOvc189CjUoYzD1MQ/ei4387SWvziTj698PJUVeE+b5aP8AU/mYxtkIPY4p
+ V4NEMi30Mc8YdEnRZFVhgqGGQD78050x0zX7LY/MBQxOO5pDy3OaciZHXGaNuDzTENAIGOtFOPX
+ gZoouBXKliDk8U4Dr60oz370mec+tK4Ao3DmkK5HNPJx1puO1DHuemfsTeMpPh3+2X8J9etorib
+ +yPFunzyRwj55IzIY5NvI6JI7fRTX7AJ+z7q/7Sv8AwUs+DF2+m6hF4d0m8e+Y3UbRGyjtZJXdC
+ h7u4Qj1BFfhdd3LWtlPIlxJZFYXzOmd0I2nLADkkdcd+lf1A/sKXMWneOdAsvEJC38GjswnnOXt
+ I5UTZGcfdwCMk9S2B0r5XPcBLE4vCVI9JWfpdH1WQYxYXCYvvy6erTV/kfHf7aXxA8XeLfjX4jh
+ +Fml3lzFaTTTX9wIR/oMKvtMjAZO0Z5ChmPQAk8fnz+0F44+Jfhn46G1h8QeboiRNN9ts7KSFUI
+ JCqPMOZCwAY8Lt3bSMjJ/Sz/goR+zp4g+H3iu8v9GmnhW8laVXtiSZckkbiDjpzivinxBbX93rc
+ a+NbOC6cHG+dMuB9Sa0h+7co1I63O6GHeJhCdKdo26fqer/ALKHxelb4Rf2x48uYb/UgjMrGHa5
+ XbwH5OTnI44yDXvn7PPxUg8cfsj+L/sU0uj65cSS/ZryC0ime1KjKbY5AVYEkZ7815v8LvgS+o/
+ BHxhrFhB9un0+yggtBDt8tJZyf9WrEeYyqv8ACDt3c13X7F+gazD8H2Xx5oV5D4el8yGaa1VZpD
+ ImAxEY5PDDPFTT5uZSSOipCDi4N7fnoz8zdD/aJ8fXmh+MoPiBreu2XxB0m6FvYWstiFF4dx3yu
+ r4Kr0wM4xyCelfX/wCx18Vvid4f+BGk+IfH+jxaxrH7xtRtTbLY/ZlSTC+VKzlbgyR5IwFKnqCD
+ x5l+2J8TPCOkftH6h4Yif7XNpV0YGe6iCXNuSqsmCOcbWVuuMEcV6N8DvhDqfjC+tJrua8uoImV
+ ohncqjsQOlaVppR0irnLSwjcvjdvwt6H23+1F8OvD/wC1l/wTxs/Gd5YXd0nwi1uDxPPaeSBNJZ
+ bl+0ooXOSEGcA84NZXxs8LTfED4FtpF9cT6TpfjHT5tRkhhA+0ThreRrkuXYcfvoVC4wp4GOK+0
+ P2H/gBBpP7MesWHi+CIxeKIXszGQP3kbIV+70BJPT2r84f+C7viuHwB+zb4lOiX91pXjLwTJD4U
+ W2CG3nih1K+tpReowJDgm2bDjGRkY4xXh5rw/VzHEUK0Zcrtq/O6tp6fkb5dm1HD0q9CS5owcmv
+ S23zlp8z8OzbmwfyGdJGgJiLocq+04yD6HFO25U+tI+XkZscuxY+5Jz/WmkkV+gI+Ce+g5QacUo
+ Q5AzTnOe1O1xCFQRgjFFOGTRQBVCbhhsU0qR1pytuNO28YahDGhQTj0oIweKfnb2oA3DgUeoFLW
+ 7drnQNRVASTaS8AEk/IcdPev6Tf2HPDWsWmo3ni+/1gahoHxX0fT57GJ4Skmm3UcETGJXyRKjgs
+ 4YAAYGcnp/ODb3D2lyk0WN8Z3LkBhn3B4NfoT+yJ/wAFldf+Cn7NPgrwZPYDU5fh/ClnaXbXJRp
+ rSOTdFFJDg7nRSUV0+8MZANebmK5Yxq/ys9fKKl3UoXSU1bXy1X4o/Wb9p6WbxR4II1gGQaa5UK
+ TyvQH6Cvzq+L/wsufiN8Sd4Bs9GtZAznGGuQp+6PYkcn0+tfpP42mtPi78I31jwzMslprlol9bu
+ pwMSKHBH5/nXxf8ZWuPC+uWy6DosmtzMwSSM3CwIikHLEn3ryMVUbqJt6PqfRZZJQp8qXyOA1q4
+ 1GDV7K8XxDq8GmaVbGG30e1CRWrsQQfOwpL5yO4xivTPh9ruk+NvD2m6PZ6/4q8P634evftELaR
+ qUluyvxkTxjCToQSPLcFec9QDXzt8YfEHxBgsZJdC8O6HpdqG3CJLhrqeUg9Fx1PQ4AFUP2cPGP
+ juT4iwnw/YaSl5qkxNxdXwd4iGPLsMEhRznHcV0Uackrpo76kPaa2t/XU7b9t/9gYeJviXf/Gvw
+ xcfaprkL/wkkOoMC92qqqC4hVcLG6IoXaBhgOeea+jP+CdOv6Q2rpYzW7OLRADG6bWCgDGc+2Kx
+ v2itY+Lb/A1dH8NaJ4DuZ7+8gW4mgllE0tuHHmBIcMPmVf4mHBPFemfsffDu1caHqy26213bWos
+ nj5BKhjhSep25wPyrOb5K0VHU86cmqUlLr2P0h8GX1tL8O9Du94trLQ4xcTDb8rBVOOe3rzX4s/
+ 8ABwj4LW5/Z28TfEzUr+ae78eax4f0qK1EyG30+K1vZJVhI+807GaZzyVCKMd6/Rn/AIKHfHrVP
+ gR+yzoWhfDKaKPxD411eCyAOA0dlF++vJFB4GIUIyeBuya/nx/4KKft++Jv2ptefwas+lp4B8L6
+ zNe2ENra7JdQuQrQi5uZc/vWCs4QKFUbt2CSCO/20cRi1QitYJSfbXZep4NKLwmEqVW/4jcUvJO
+ 7f32+aPl9DluD1pxUdaAuDxSyLmvWPFEUY60fSnIvrQF9OfSmAj8qM8fSinbC45P6UUykV0Xa3N
+ HJbil+tCuAfrU2EIUJ60qnHFO3ZPA/OkIIHNGoAVq1oOqHR9TjnUZAYbsfe25ycHsarFcikxkGp
+ aUlZhGTi7o/Zb/giB+2Xe/Fn4ceMPhprpS8tvA9tb6npd0jg/ZrK5d0FtIPWKRGAI42sueRXvHj
+ 74G3epW+o6hp0gkAQuq5yTjkmvhL/ggnBZfCzVNU8Xa7ci1T4hR6n4QtGlkCxXN3YrBdx2yZ4Mr
+ LJdvjuI8DkGvvWPx3carBqEfgS62TyAhrRydpPcxnqp9U5HpXzWKo04SVJPRaH12Br1asHXS66n
+ yP8VvEes+EtYlGlxRxTWuSrMnKt04yetZfwT1fVNY8UQGFFGoqMKYwBvGSeeegJNL+0r8TtV8He
+ ILm28Y6RdQPcS75HMPmLMAc8N+VYX7O/wActO0n4lrqGnadqEiPJviAtSwQ+h9R1rClScVqem8X
+ TbP0I+Anhy/8YadFca/AA8JAYtzlh9frXqngPwSNC8QeaWCRK+/akeOfTrzXnH7PnxL8S/Eu2tz
+ baellbDORKgRW/Be3ck16oPE1loEpja8FzcE5nnchUXHULn7qjqT39cV2qKsrHkyqSqTaifIX/B
+ f74+XPwK8G2V+brGs+INGg8PaXEHG63gupZZL9k7rmGBFLLycAZFfhQowoHAAAAGc4GOlfpx/wc
+ X2Vz8WZPhJ8ZfDN1JceD/EK6l4Rs+TtnNjtljvAD0SXN3sYfeQI3QivzKCgivTwNCFJSqRd+d3v
+ +C/BHgY2vKtNRe0Vb/P8RAAcE+uKVxxxSqoZSKQrnp1rvucQA9PenHkjPBoUZbGaceowRxSbAaP
+ VjRQzlTyaKauOxCepA700Jg5anE7B9acAHHAoQbDCNnbIpQO/enFR/F/hViy0i5v/APjwglkHXc
+ Fwo/4EeP1oAr4rW8C+Br34ga4LLR0ZUUb7mcqSltGBlmY/QHA6k/jU2neFIDuk17UbeCNOCkP72
+ RyOqg/dz+de++Fbqw0H4KatDolrb2SizkCZb5mZlO1mOdzt1yef6Ukr9TKdTl2Pvb/gmf8As22H
+ 7Qv/AARZbTILi10Yav451u8069lt3WS2uIZPLt5kljYNHtELliCCXOCQDXzr4T/4KF3HwD+IKaJ
+ 8Yr839lCf3HiGJNk8ahyqNexAYV2A3kpuCg/Mcg16j/wbN/tC2vjf4ceN/glrI0yeaG4l1W0juw
+ z25RnJnkkGQCgEisO4AOeSMeF/t36jrOkftN+MrD4zafHcRaeXu7LV7fTCFmslw5TyELOS/mJsX
+ K4RFyFHX5LGc3tpy5Lt+dtfnpe2u23oezlWNqYZuClp26f10Pqz41/EfT/2ifh/aykWN9HcRB1u
+ bchxICOGU9sj0Ncj+xn8GDZeMXWTE9uZMrGwzgZ/mK+Pfhfqvif4NfBjW/Fvha8sdItRrkVrb+G
+ 9RZbaw1eOYHH9nOzYt7hT1hZtrAEjack+m+B/+Ch/i74MeFr6az8C276w0qxhbnV7aYWzvyu6KG
+ UuR3J4UDqRXRRpyVne6PanisNVWitLsfq58S/jf4U/ZM+B154k+K2uaf4d8OaZEDcTyDLSN/DGi
+ r80sjHAWNQSxIGK+G7P9tHXv29Ide1SIX/gH4V6ZPCBZpGj6rrkTyBUa8kIIjgeQqht4gWwwLtt
+ ytfnr+0B8bPi/wDtheNtP1v4pyap48uLJ2ew0GxsJINI0rKkALEgJldjgkIJGONpfBK12fwd/aW
+ tPjt8WfCPww+KN0/hW3gmtdBtIrm0229ndNKsbJJuTfAwdyu+ReG2524Iq8fCtKHLSW+9t16X/w
+ An28zzljIRvGLt/X9f1ofpP/wWK03w145/4I8+HvH3gXwnrfhHTfAPj/T5rvSdZl86S/iu4pLC5
+ jUhioTFwpDAgZjU4BGK/IL4ufBu6+G1yl5pjSah4dvMSWd6BkorDKxzf3XGcZ6NjI54r9UP+DjH
+ xxbfsY/8E6vhP+zImsyanq2sSwalcgR/PLHaXAdpZmHyj5iij5iSfUZI/Pnwz4sFt8NbK5uViur
+ aGxEFxG8e9JQqchlPbGRk+1exgE/ZKMlZrtt8uv3nzk58rutUeCRgk/NkHpSOpJFd74h8G6D4rs
+ jqnwumayVV3XOm3Um9rdv+mcnUqeuDnH0xXHf2LPNb+baRtPCeRJD+8X9OR+NddrM0jJMqEY7U5
+ B8mGpVQj7pBIqQR7h1o3KIm4PHNFOeMg8iimtEIkTRXl2F5II952rltxY+wXNXo/D1hYQNNrWoA
+ bRny4gAx9MFvX9K4U/EB7ZHy3mlsZ3AbRjjI9DgYz1rB1zxxcahMzBiWJLEnt/jWTkLVnofiL4k
+ aToMRi8NWUBm+6bifMrr6lcnH6Vz174k1jWbYT6pNfSWhGV3ZWMJ3Ixwo46iuN0yaWG7S6mUSlG
+ D4fO0n0rdi+KkutagkGt3E0UaYjAJJQKOwwOB9RUtgaum66ItShlmdmjRhhS2Fx2A7ACvZ2+Idv
+ rHwtvI7CcLPBGWMfXIA4Hp17143eT2l3ZRrb2qKJMOpjxt6YBwO+Opqppd6YWePznghkypl3fKo
+ zhsjuM4z7Z60RlYiUbnWfsdftDar+yj+1B4e8W+GnkU2k4kmh3hFvlGSYWJ4xIu6I5/56fTH7If
+ 8FO/iD8N/Gn7BGs/GnRwdTgks9JvPD8tsRbX0ZvlOyzMqYIiw3lsxy4jUrX4Q+KtOeMsyqylDkM
+ p6HqNp+nI719afAP4wa5+0j+wf4q+DehWMl1e21vb3FpIZ9siyQXKSxxAH5TAu4lV6rvfGR08vH
+ UYXjOW11f8AL9fW2hvC9047o8w/Y/8AGEXxO/aM01PizbW2rWQAisbS4QNa2agnAggPyKF/hyCQ
+ CeSa+u/2nNCfwZrFnbaFFBaafdR+ZCkMCIrDPbaBXw3YaKnwF/aN0xvDs8p+zS4VZ0YMsv8Aq3X
+ d0kAbdhlJ9+1fpbrHw9s/ir4Z+EdlNK8lzf8AiCx0qRguC0cjbpPyRXPtVTgnVp1I7bWM6lRxjJ
+ P1Oo+GOu+D/wDgnL+yhF8Y/idZWd7451sMPDUd3mTyccGYR9+cAdSSRivzD/Z3t9X/AGov279Bv
+ PEdw1rqvi/xeNYu7uQklCbn7VK4wR02BAMjllxXr3/BWX49337Qn7UeswZEHhnwxu07QNOIBiht
+ 4i0SSooPUiN2ycct3rzb9lnXZ/gH8IvHnxF1F1g1jU9DTw34Ya6hDB5Lu5ZLi8iPUNbR2xYEjG5
+ x1HNaVZ+0hL2fxNWv67fJBh6TglKf9f8ABPSf+Cxf7X15+2H+33fyXV1PeaR4OCaFYRmfzVDx58
+ 8h8k534U5J5RgO9efXfiYN4atoJbiWVBEAUClVPHKn1x09K8b8DaSbxDePHI8gbcrE7mx1+b37k
+ +pJr0a98QMunRwXB2yRjfG4wfMHYEgYJHQ59+9dmFpqhTVNdCaj55XOeu/Ep0O4b7GWgL5VWU4P
+ 4+3/ANaqD3+ordvqOi3EomXAlRGO8gdCMd+uccH0znMc2iXfiW9ke2jnus5bKocKe4LHjPfr0p9
+ hHYaXDv1G/UYG1orZTPJH/vBePwJzWjd2B0fh34wyalJt8UW9rqSMp5kjUOPowwR+dadl4l0LUp
+ issV1YHY0heOYSxqo9Q+CPoCa83iv7e71B5NPgmiglUb1l272IOSwxwpPTqc1DqMxgY+SGVQMMC
+ e/+e1Pm7iPUb5tMgcKmooQeQxi+UjsQwJH4UV5ZaazLHGfY45J4/CijmK1INbhFuhARuR0HU59q
+ xo0Mk2GB4OG45HPeu58Z+HDb6NFLatDJICruFk3SxnBwCOxJP4Fa4i3uFOpI+EkzIWIfJDdc59e
+ ST9azGjoNLtBe2E/KqI1JBY4U49T654FYUMHmawoVCzEHAA54GfzrqYLIx6WpWTAAyMAZJJ/+tn
+ pWbFdf2ZrUTwLsZFZZH3sROjdmXjC8Y+XGQM9aaVwuS6RbWlujXFw29y0f7tFYblJwzCQHgqMHB
+ Bz0rTUyWWrtExhv7abo+0K0i52gq5+725PQfnWZcW4/tKR7GFIEmYlIwx8tOnyhjnP/ANetOHSm
+ Nu01wyKqlUkdVIWJmPyKQfXnr1pCKevw/bWeV3wrHb5h6NgYx7kY+90r0P8AY51W48Nap4juXu7
+ Kz020t4mvrmdGzbRmUbZ0dSDGwIePfyP3i5GK4Oa2dLeUOkj+RnfCoyyr/ewOig4/P0rp/wBmDx
+ lYeE/j7p8PjxN3hrxVDNoGsAjAltbpfLJz22SeU+R0K5rgzOUoYWc4Ru0r2721aXm7aeZ1YOKnW
+ jFu19Pv0v8AeeyXnjuX9v7/AIKTaTqHiZTc+Go9Ti02A2Q8uCKxghdo1DgfekZSWbqc9sCvvHwL
+ o1von7RHg3Sdb1Ga3s7LXdtgIFWMWXmQtHHKucjzELYDNkc8g18of8ExfhOfB3x98T+FPGsccWu
+ +ALt2jfLL9u8wkCbZkg5j2MpyTtkr3v4sSyn9o7RzAxG28ikAB6MrA9R34rkw1WNTl9l8Fly+at
+ dP5nPi4uMmnv1/yPkD9r9PBHwG+P2r6BoEN297DPNDqbX6+ZIt0ZHEyH/ZbekyEYGWZeBgV5H8a
+ dJ8Sr8B/hhFrCW1v4WuBqkGgBINtxdxrdg3V1M+SX3zkIrEjhSoAFfol/wVe/4Jw65+0V+1t8Nd
+ V+D9oyXPxbuIdMubpEJSzlWIvNPJjGNkUTOCepwO9fIX/BVXxloOsftd3Pgj4QFY/A/wa0i28Ba
+ NtmMqyLZg/aJWB/je5eUFuSfK5Nc7xSpZnTwNF3k06kvKO0fRtvTuoyO2lT58I8RPTVRXm+v3L8
+ 0eFeEfOks1t4g7hCCgjXLcnHbnH51oazeG9meF5PMUrtUhMA+4U9D71P4FL2c6S2TvZl04nRgBb
+ Djlie2Rz/wHHer/APYs3iXUWa0hElxIGkDSToAEUlmcgkYUnt1yc85r6RbHnbs5LxTpl1qMUmy6
+ lltlQD7PLKTHGq9MADlvw5rE8NxmwSa1vUMbA8KeOD19s/Sun1mzfRpJnjZHSBVDOrsrCTdjAx1
+ PXg8YzVAadLrF2rxzQ4kYZ2IV2gDlz2bA5JHNDvcpbEeiaWXleIru5z6cY4P5VH4mi+wcXatGzD
+ LBhgj6fUHNa3h6OEX5eyElzatgeY648wjOSo9D2zWf8SFMdygnk3Kf9WCANoPv3oewk7s5u2c+e
+ 23BGOjGimxsttApcnnjOePpRUlnbX+pJqfhBbi2AVpP9I9NxYknODyR07YzXEeHtOkvZZJpVZgv
+ LEjgHpj09K6jwtp32PRde0mUs/2by2S4HKrubBUA8g7gfm/p1h0S1j0a4nieWCYwtgLjIPYtz78
+ dO3egm5LBlZTHcgI8RWMqPT8+Sap6jqSxKYbwYgDskGTva3HJ+9jLDJxk+nGK09OSGeaSa+ZYI2
+ RyjurbXkwccAdD69B+NZfiDTvLijJiOCpwQwYbhjOQDkdcc9e1MViS1eOa42z+XCHAKiJdqLwPm
+ GB0OM8cnmpo7hJPMdHWRnTaRkMCv95QeeOOaydM1CO2EdvqQRYo8BJiW/cZ6gr/ABLnH+79Kvap
+ C2gXklm6tG5IbZIuGQ9SG9Acg47gg+lFh3JGDW8m5FlTKdScb1I6ZFYusO0Lx3Ftw0JDKoyQCpz
+ j2zjpW1DbvfWu5B5UJyc8gKwPU9cDPc8HtT9c8NebbSHSJHIyDJHIoBcgcFQp7c/41LV0VF2dz7
+ x8K+Fte+IfwV8MfGf4J5u/GmlWY0jVLQSbX1u3g5jIPQTKjEDP3uBVfwn+1no3xA1601vxHObB7
+ CYG8W4TZNaMhIZZYsZBBBGMdjUf/BM/xvPrP7EPjPSbZnW70TUvKjIOGCyxLtP64/Cvqv4s/wDB
+ JXwT8VP2yPhnrWg3ktjcW2mDUfHOmxoWGqwoqrBI8gPyPLKpjZSD5iRk8bcn8aw/FtLhnGYnAZg
+ 3yQc3BpXtGKUlF+TTSj2dlta332PyB51Qo4vC/FJR5l5vRv5dfvPaov2lp/BH7I3if9oPxjYT2N
+ l4a8MXB8G6feL5U7I6bVupEb7ktzL5e1TysaKDgswr+fuG8utVmmvdana6vL6d5biWX5jLKXJck
+ 98yM7fjX6Sf8F4/2/8A/hK9Cvvgz8KGtW8NaVc2x1V4lBjmlg+dYEx/CjhM9vlxX5uXFsunWNtB
+ C27EasxI+bfj5snHHJ/rXv8Ah7QxeJpYjOcerVcRJNL+WmlaEfld+u71PI4lVPCypYGh8NNffJv
+ V/kdFoFqJdPmjkfG1VaZmbHG7gA47df8AODe1d5LC3WeJSgRgJXfy2EKqu5AD13854AGOpzgVle
+ CbpYJlaaNJkOcKzFSCATktyAM46/StvxpqEcUcqwRs8RZGZTAgkdyOQioMHsCDz6ZJr9JTPlXqU
+ PFEs2rQxxvKpuCiRR26jHlryxUE4A9e+QfasA6mblG0vQnWe1eQG6mt0ISYjpFETz5Y5zwNzZPI
+ 6x3+peVaQadbTKl7dAC5uJQypZ8NmBCM5HTc4GcnaO5rR8AaOUjyEkKIBL5JHDAdSSDxjjFG4jr
+ 9B8MrpkLfv0iWNVKhf3hXnIOR17dOv4VyPxZSeXW7S9maUpJv8xiQzM2c5z/F1IzXodxZx6Rp0k
+ RIlgmTzGaIcHIDAZ6HHGQRwTXn/jHWrTXdTeKxna8DsURlUs3tnGcEetOS6Ewb3Ofn0towIT5U7
+ KSSYmDxnoQVYdeDznvRXceCfh+uoyyDXLe9M0cSfLDHjyweQGHByevtRSSuWY3gfWJdS1e6guY7
+ eVkhEh8oYEWGG4/Nweo4z/Kux1JzdCa3lFpvaYuYtiyIqldp2D2z0GMZGPSvK/C8Y07xpLa3K8X
+ UJUJg4VuDtHXJBB5/GvUNPso3jL2U8hiubqIOgZvMA8vdwCMFdw29ck9B3pJ2Bq7ID4NtXFzLpc
+ Nykh3p5iSqsEJBBCgEbeg3Y96wNa8JP8srXJXdbb1JiAQYz8pIOeMe/WukltLp7e4CrDdqwSRon
+ jZXU45YJyMDkFvbpVa7a/sL23lmheR4GZSWYooz2DL02kg5yOuKL3Fqed6vpc1nLsmEEyM6jzI8
+ AnI9P7opsF4loxh1Bj8pIJkB3pyBzu5xjHHauh1hJZ7pxcQuJlkWKWQLu8tsBR0GBnt61g3emSy
+ 6tPt/eeQjBmwW+8doHTjp1NBRvxzx29tDGACApVncD9+pIOFz1I/rxWlYwNDFBcYjEfmMud4LMq
+ 4+8vrzweM9s1j+G9ZfRtKuLO4EEccpUBygeSNhkEE8kIcAlBxuUHtW7p0CwKZo50jWF0bY7jeSe
+ MAd84J7YHPNNE7n03/wS51ay0v4r+LfDWrSzR2Hie1s71kbCkPbXH74L6ExMD/+qvtf4g/tmav8
+ M/2dNV8XeDrewufH3xhGo6jFd3l0LeLQdLtGW3g8pTyyxrIncLuZmJycH8ppPGd/4J8PT634JZ9
+ N1TT0kEbREtEUYFZFyfmJ2ufyU16p+0x+1XcfF6x8CeCLWKOPSvh7plxaAtGuZ5JyrEZxkhU49D
+ n2r8s4n4ShjM2hipw5qc7Oa20hG3zTkqbt1troffcP5u1gXh1K046J+rv+Gp88Xni5viDqNxb6t
+ vnuN5mklMgkNx8+5nJ/i3ZJPru96o64oWeRlfYDyABhQO2K0YtLOmeJFWwjEWQ0hCgDhef845qH
+ WAt1C85iRHM/mNJHlgVI5yxPr047nntX6JgowUW4K0T5TMXP2nLN3khLfUbi0idd0sMkY+aMrtK
+ jAO7HX0I/OrWteMY9AmkFzNbjUXB+YMZTbg43OS3/AC1cE7e6jJ74qsfJ0pBPGI764KmaFXYum7
+ aNsgkU/MinGA+Mv1IAFc5deFrjV9RFtNeCa7uQfKAVpDcSZy43e3JLEY64zXfex5qVzT8FaRceI
+ bsmC1kmtoAzBi4j3KfvEFuc5wSeuOa7vw14QuLEpNbTC0kRcIIgpcNt3h1aXgptJBO3njHJqp4G
+ aHTvDr28klo7xJsMqzM0cynJbaQM/NtXjGDgdOtdh4d1SH7dGdPikaXEZDQ/6xdp5O7GIpMADHI
+ 596e1hW7k0nw80+81CVtQS7vZQ7oyT3Pm4kGGDBDiNeMHIUdOnpJp1vaWVg0en2UXlSReZGdxXg
+ knAPIZcfjnA6U7VHaRoUgt4o2uS6SbJC0pzk87Qo4IX5DknJIxVLwzpyO1s2rz3IjiXyiYSsQjG
+ ccHjLDOWPfitGkmSr2NebQr2O4b7Y8LC4xMm2fy3YEYyWIG7GAOOPzorq/Cmm2+h2zG2mjsZGAU
+ yr825R0QMwzge/fpwKKa5nsTr1/r8T5EvNSuV1SG7kkDCGbzCEXY6jJJwAcDOTwD1NewnUzfRxN
+ B58bPDCWAkVVkIJIK/KCMcDk8HPPr5R4t8LiG4eTTXaRY1zJFI21hjIIBY5Ix+nSur8HeJxf+B4
+ oL3c2EC71PzbwRjk9Ohz659awNmdPo+p+ddn7IYppXUIIyzIAoPzKeMMxBI98ZpmtKsV3cAJuwh
+ nWIsQEX+9g4B4z9T2qrY2LmNEsyrJcAvKFyMlfnVnJxk4BwB2NaOuSGfQPM4xFGrRBgSQhO0EYP
+ zHr244z0pbslbnOzSraKioHijWMXEZgcBvMLZGwZ9gc8gZPFZWn+HLmXVZxe8ZRWk3I4VWLEguw
+ HIyDwORzxV7X7pb+7vPscDBrmZEG0Es+OOcHljg5OPp0qzFGk8szLO/2SOWLcxbAbI2naASFXgY
+ 9eR1NG5Rj6zYeQrLDDbypK67WVPmTJ243LnjI4zyc55rW0K6M13NZ3MFp5YyIWb5WUqBkbifmUH
+ rnrjAwag1HTzd6hAZTI8MbLI5ctkLwfukj5RlcEc9cGquh2BmkleZ/Jw0m9t37tFJByTwQBkH1O
+ apPUXqdhfaZ/auiXlnC58y4sJI5MoYxFIQx2gD7wxwCfXHavL/DPiWZriKSeR3mVACzHJYYGOT1
+ 9K9c8ORiS6to5ZLgrIqhmIU7yQclTjG3POTjGa8Luw3h/XZo0Ug20zx7QOoDHj8sVliKaqRs0dO
+ CrOjNtM9aN5p+s6HFPbvs1Es0TKY9wIxnIP8JPTNc3FBLaTyG4aaaO2+ZVjc4fuF44x/ET2xR4G
+ vEu47xovNliKBCqx5Yk8gDJAB6dc/StTxdpDXFli1Ant7RVnDmMRyhG/wBYyE8KpwQfcBuc4rHB
+ 0fY0+XzLx1f29Vy9DHt9QMsSyPAZJ5R5MkpkYB4i2OM8KuRjIJXA4xyak8BaW6+PrCaITNBGDAr
+ iJ2wMEnYFGWOVIGwHrnB5p+nvFq2oLHcQTQSsizw25bygFOSgG4HcqkBicAMpOACa6u88Ppaw50
+ sTG5mQvJ5e6GW2b+JVEZ45BcdCB1PBz2PXQ5L8urDw9Z2wuUh2sJbi7ld4MZkcfeXJxzgE8Y5Nd
+ h4Xgs54hJIonecGBC+5ZfkYnARcKCVxxn1IzXJPAunSQXVzG0Fz+5lEqvu2qVwQ0Zx94c5zznsK
+ 7DRbiLUdVhSVFNqZQiubVlKyMg3J8vHHBBCjr1NLWL0JXvFjxvfomnJIkkUaxTrJbr5IVsthQAx
+ IIXA+8TgkdMnjI8M+RqQDx+WDCru3mTkmb5iGXJ6MTggDOc8VteITHqeirZTKzC0DyJLKdqo6ZJ
+ CtwRnjK5IJx+OHoemtHY21wbVdhLxtJsChi7fdBJOT8rEHaOue9a2vqyOboQftKeNx4Z8JaU+mO
+ 0U80wjMaEbUVFYYAB7Ej35IPSiuM/a0vlufEGkWL7olt4JJdhz/ABMMHkdDg4orKW5cFpqeY+Id
+ XbU3djKzLgH5zmRj3z+P/wCs10/wtffot0GfIikzsK7ueCPpnnk+mKKKkt7HYWV2ZdRAgM3kInz
+ r5mBjac4wPbIGOgxVrU7sQadO11AjNIqtCs/yqwU4KqedvPOffoe5RSvqSjL1m1/f7reM2wF0G8
+ yM/Nb5wQflPzNg4xxkc4q6zxNApt5yzoRtAAWPYoJPfqD7HGcdqKKrrYLlBbAPd2sMF1Puupto8
+ 4NFiMDrluCp5XODjFZ9hMMyiYsHCFNrKTvBb5s4ILfSiikB19k08NtZ3GmvFcFHRptzjy9qncCR
+ nOOMDPOQAe9eXfF+32/EDUpYyuLmRblSnGd6gk/XINFFJu6NKSXMdR8BR5VveXiyxQtazJK8kwL
+ JgDHTPJyVI9+elbWvNPcXJjs9NsLddVzmC3t2/fBRlZNmSdzZ3cHlgSQOlFFUldGctJNIqx6P/Y
+ N+kl6ZIbiaIGIM4kAVR8qEY4OdxznKjPbAPSaJpkY0GG71G3eMDMEkkch+Y87XVjgEcbcEA4Bzz
+ RRVR0ZL1TZFqlnb25e3aJ7eCKIyRPGNoJJGCC4ycnOcsRz8p4rb8GeI5bSFZPLbyd8dyLgRbZ4j
+ vG7Lx8ZyOQcj3ooq7XZHM+X7jpdXs01vwtqkuowzBnWbjcQrA/PvyeM5IOMc4+lYnhW68rH2OX7
+ QHiMqux3s4PClh2OMcHGKKKcnqJK6PIf2p78XnxOQrMZfIsIIss+5l+8cH0x6c4ooorGWrZ0R2R
+ //2Q==
+mail: Fred.Weasley@hogwarts.edu
+uid: 20004
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=gweasley,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: gweasley
+sn: Weasley
+businessCategory: student
+businessCategory: wizard
+displayName: George Weasley
+givenName: George
+jpegPhoto:: /9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBQgMFBofBgYHCg0dHhwHBwgMFB0j
+ HAcJCw8aLCgfCQsTHCI3NCcMEhwgKTQ5LhkgJyw0PTwzJC4wMTgyNDL/2wBDAQkJDBgyMjIyCQs
+ NITIyMjIMDRwyMjIyMhghMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wA
+ ARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAHwEAA
+ wEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIh
+ MUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUp
+ TVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7
+ i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAtREAAgECBAQDBAcFB
+ AQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygp
+ KjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJm
+ aoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9
+ oADAMBAAIRAxEAPwD5/ooooAKKKKACiiigAoAoqe0t1kYB5Cg6FwucHHZR6mgCMwSA4KMD0KHqO
+ P7v0q1/ZEgRWdkUMSsK93SPqR7K3H1r0jQfDdw6AXNs80OQ4FyEym1f4FGTx9atXWm6TI5GoWEX
+ yr5dkxH3o04CQIPRjn2rllXXZ+Z0RovuvI8vtNEup1Jt7d35CKR/GT6HPatO08D3kxxEQTjcxUZ
+ CsD0ZvevRby0jsowHsVxyV3DhUx/7KKxDrV2APs8UUI+8qgcRxkegrH6y/sRXZGnsF9pvzOCutB
+ vYSRLZXKgHaHKHDfQjPUVRZSPvAg9CD2I9RXrFlJvwZ7xkb/lmqnO4+rg8c1i+JfDBuAXtXiaX7
+ 8qqAN4x1P0Fa066+2l2InR/lZwFFOkiZDhxg9CPQj/Cm11nMFFFFABRRRQAUUUUAFFFFABRRQBQ
+ BLb2ssrAQRs7H5URf4ifQV6HoPh+KyjD3rkMfmODwM9k+vr+VW/BnhJbZS99ECdu+4B/5Zo5GET
+ 3kA59uBSa1M9wx+0qYzkR2NjEOSWPVsdOPyFefWq30g/VndSpdZr0Ru2njTTYB9wl+fLfr85Hua
+ 5nUtUuZHDrDEQCsyoOMFT/AAL7/rWnpHhS3VNyLGz9XKjpzgDPuQauS+HgwzIWx0x6fTFc0Uvsp
+ 9mdFn1OWvvGd3dSqdQupjECWa26AsR0x6HrTLi/WYkghFPyxoP4FA6L7KK6E+HLU9bVW7ZaqUnh
+ EA/uVMfuPStrLovIzs+vqY8d26/6o4Hrjlh/tH3q2NeRf9Y7ueu1cfL9TVgeDgejurdS6kjd/vD
+ 2qwnhCY481FYE7VnHVCf7496zk11TKUWZl9odnqCE2o8q5A3JkcXe0dHx3PrXBTQuhIkUqRwynt
+ XqthpRt5tsqkEHEkY/jGP4W9gQa5rx/pxR1cKg3g+cAPuzRkf+hA5FdGGqa2b84nPiKfVLyZxlF
+ FFd5xhRRRQAUUUUAFFFFABV3R7cSTRhkDgukbIf4w8gGD9c1Srd8G2H2i7hUg4LqT9EyefptqZM
+ qK/yPf73TIVjCRuEyfNuCODIseBlm7ZwBn8BXnOqo6zf6MxOMohUcAN/d+lejXMTSvmXY0X31x0
+ cIOC30JJxVXwjo8N7NI7xDy1Pkxlh/rHHUsfYV4cL3909ma/mDRtCeOD96NoIAA9lXjn2FV5Y2U
+ YCAjoPauu8TNsUC3ifptCr2HvXGC6uU+9ZSt7Dt9a62jOLIlT1TH4fyqdYFbotNh1NWOJreRD7j
+ p+NakduhHycH1pgUV0+JjxlT6itm00PK/u3X+8M92FVUS2j5uJ0B75PStnTtSsiPknjPsD/AEoU
+ V1SE5djzLxTpdxaXaSZkCOcOjHgMigYx9KpeOBHLatmFPlKyRSdw4fBA/wB5Dx616D48NvLHFu6
+ 7mGR6CPsfY4rybxtdSW6bFKtv/fyM3/PNcY2D/ZbmpgveVjOo9Hc8+ooor1DzQooooAKKKKACii
+ igArt/hdYpLd5dypVJLiN/+ebBQM4/2UZq4iuy+GWpLDexiUxBHDacxk6FrlOA3++4UfjUVFpoa
+ Unqr97nucOow3KulmrsAoMTgcQqRgKD/tVu6HpK6dagBQznNxMf70sh7/SqXhvQIbGUi3cCF9p+
+ yMSxt7hFOQ0pPTOMcV1VzArghwMdhXDTh1/7dPSrT6JeZ5bqmtXUjkXF4YI+drquTu/2vpXNXEF
+ wJVaTVpZLcfNcW8b480Y/h/H3rvNe8OqT+7OPYVxOoacIRlmx2z61S8xNLoOstVYyny0l8nrEjH
+ OAexY+ldVbXAkcKkfOOB/eYDtXO6VFGuNwkLHhQBwPqa1tOciYebG/X5QAev0qWykjmfEd/MjkL
+ bxyfxgOD19Me1Lo2pKyBrnRHh/hcwEkwn/bjx2H1Fdj4is7B3+WMbvvNkYIPtUem2sgIEO5R0z7
+ f/Xpu38qIs+5BriRyxxBZFIybuKZukUaJzu+oNeI+M9fjvrhjbFvKGLe2J/jVB1H/XRua9W+MVx
+ HBaxpHciGVm83yh1ngUAEcdgSDXhFa4enrd/4V5HNiZ9F/iYUUUV1nIFFFFABRRRQAUUUUAFOjk
+ ZDlGIPUEdiPQ+1IFJ6fj7Vqw+E9UkGU0+YL1VpMLuA/u7yKTfcaXZM9M8D/EnV72aFLuWCVjIlq
+ 82zDSRgZzKwPUhTzivf52yOD7V4p8PvAEuk+RLrMAjmllFssbY/0CDyZCC5He4kwPYYHWvZHkB6
+ H8PeuTTXlO6N7LnOc164OcR9erH+79a5aXTlmH75d3cD+7+FdZqkDv8AcXJ6E+1cqumeW52yzIx
+ +8ynoR7GsW+50R8hkcM0YCwzyIg5ULjIJPZiK0YJZXPySKkmNkberH1rLu7K+H+ovw3fDAc07Tr
+ XUCw3XMadmIXOR+dWl5lNeaJtZimkANxIfOUbQ+Mb1H98D1rU0G+BA4+YffU/wmqOs2l6XHl3Ae
+ McMdv3kP976Gqmu+ILfSbdpPlM5H2exi/56zkcZHpEOT7UlvoZyff1PN/jJrH2i8wlwjqiLBtU/
+ 6qRiSQ3v92vOqfNMzkmR2Yn5mdursT1Y/wC0aZXfFHmSYUUUUyQooooAKKUIT0U46E+n1NSw2U0
+ hxbxSSt2jjBJP0C5oAhqezsJ52C2sMkjn5Y40GTIf9lR6fl611ei/DC/m+bVc2EHDb5h80w/6ZQ
+ fT16eldtZ3Wk6au3SbfYxGJLluXuQvrL7n6Csp1F0NoUn9rQx9C8DQaanm66kT3HWzsTgi1k/vT
+ +pTsOg9zWn4S0aK8uWm11jMiP5VlC/IWRFB3FT/AHM4Hv8AhWVrWtSOOWJPBYHsT71Z0HWI1JS5
+ n8rAE6gf8tSev5HFc1Rv+uh1JLp6vzPbfEFlBdxFZmYKwDxSp1hkXBDQn1iIBFcnZ+M7uBhHrmw
+ TD/VXK/d1BB/FGfVu4qxp3iDegWc5H3InB7E8Bj69wfwrK1OKKcbbpRIOTG6j7xGeYx/eTuO/au
+ P2n/BN1E7i11S2m5V1z0ZTWTrGnoeYmA9MV5+mpXenkea7TW3UzDrAvq3sO/cd+K6dNYM6jypQw
+ PQ//XroTRKXYiFswPzyMfQZrX060RupKnsQeo9xWKmn3zt+7uto7lh90VFqetCzwllPJdXR4AP3
+ YB6uq+nb1p+o2/I1PE3izTdKTN/MXc5FvbL964KjsPRe5PAr598SeK7vUpS144A/1dvbr921iz0
+ jHv3PevRPij4feK1gaV5pJQzR3kpJO57lc/P9GUewryMgjqP8+1dOHS3SOHESezYlFFFdBzhRRR
+ QAUUUUAe12vg3w5bgH+zvtLH5DJdEtyp7J0/StmC8hwv2KO2t4hkTGNQMlT0AHqDXDXniHK8OAM
+ 4AHbI/+tWDcavck/wCj3DKBhNhPDjk9PrXE0/tSZ6V0vhijvtTvppT98uv3WI/5Zr7j2FcpqrrI
+ f3TFR92NSPuIP/rVBY+KWUESsYnOEDN02d8v/tdKkuLkOCS209EwPvD2NCj39EJyX6mR5rlgGkJ
+ Gdx/3R/8AqokuXUo0LMHUkOfVX/wIpojJzjAP3B/un1pdqbSN5J6qB0GPeqf/AADI9D0TxAkqDf
+ j+4Pb2Zff/AOuK3fMV+hz0LAn7/p83qOx79DXlem3rxHManHSVfYd1H+zXbWGp5H3weNyn+8p9P
+ 97/APXzXn1Idjopz7jvE3iEWMeY1EkzZW2iYcPsAy8y+sPTHeoNCvrZiv2e8aKTAnniGNi7h/Er
+ dNx6YNcf471BmugN5wqJAF/uggk/nn61kRMR9xmA64z1HuPauylR0Vnb7TM3N30/wnr1/wCLYkU
+ j+1bOD+F5E5P/AABf/wBdcEvjZ7WQNp2nSSxhvOuLm5JL6iRj7zYwAT0AH5Vixr/9b2q/d7BA/m
+ DjG1P+uh6Y+hrdUl9t3FJvo7dT1LUPF1jeWkTxODG0gtLiNxzFIYzkMPVDXDa14DsXY+S4tG6hl
+ GUkJx96PsSPQ1z1mxjt0WSRgXk/tMRf3YY4yoJ/66EnHqK76Cfzox5jIzj93vP/AC0XHGfpWCVv
+ gbHGz+NI8x1TwjqNrzPas0f8NxHyrAD1HT8QKx9p7DP0r1c39xCf9GZ8fxwt3x6D6VMkWj3v/H9
+ plizn5fMUAEn/AHx6Gt1V/mRk6P8AJL5HkW0/3TSY9RXr58G6MqYtdNtSeoabJzz0L5yM/jXK6j
+ 4Lgl3f2VDJbTry9hI+RKP+neU/3+364qo1V5mcqL8jiqKc8bKcOrKR8rKRypHqPY02tjA6DzCQc
+ MOox+VIrrg5PPB+nNU5Jio4Hvn2os5UZv8ASdzJ0ZQcbiD/ABMPU1z2Oq5ZQNJkQxGRu6j+Hn+N
+ j0q3BYrCMXNyz9lhQ/LHn0b1H4CrNxJGB+5hSFeohT19xVR5OPlUg9Mnr+B96V+xVu4xkA6jA6Z
+ Pf8KEKjoM+uf6CkZSeTk9iaXAI+UAEfK4H8/xpB8iZHKng4HXHp+FatheuuPKG5SdrIP+WbMesW
+ f1HQ1kod3XGRwPcf8A1qILgow5AHb2rCcewXM7Xb77RcOwBA3eWnP/ACziwBjPriljc/xjH8S+6
+ t6VY1TT4kbeih4z/r0U48tz3U/7RqKW7gkC/Z/OyMo4cDhTjGGFdcXtyr+76EQ835l23A9KtXVt
+ 5zRRgkBj58+O0MQJOD7gGqkIZSAQD347D3robmSKOEsI4/ORWeIscebHOApCt/s9adSXb/CjeX/
+ DnLrf+dKSY1C5CQx/88YF6BB/srXU28hx+5Zx3256gCuRdds5wMDIk/AqOgro7aZSOTjALEe/t9
+ Saxl6eZFJ9ya+vZ5VyiE4+Sd164HoB6CqumysMiM4PVSO8if8AxQpHnZDlCMjgEf8Asp+lPgvoH
+ yZkKv3Ycbuf4vxpW8i/ma0WrSAAqzY+4y/X1+tV9Vm3qGix5qfv4ZO7xHqCfeohEMHyJEdPvgA8
+ r/vL7Go1cOuCAOqY9VI/oaSG2c94ijjl2ywrgP8AJckdrhR6f7a1g4X1NdPoUUcgZbldyA+Yqns
+ wyOB9K1v7F0//AJ91/Kt1I5nT8zmpIBg5/D3xVIREZ47fpWrtHYdjVbyxzwDwcgdv/wBVJMbRNZ
+ XAfiZuehPqPX8KtEqpIY4H3X9sen0rKSNl5XIP3hV2O4Eg9GH3x6Cpa7FRY9sqcOPZsdx7U0ZU8
+ HPqP7w9/rTyMjkAEcof7y+n/AajXB4OD/dPof8A69JDJAoHK8qeh9Pr9KjNq46dOoPtToXXpIOO
+ hP8AcPr+FWkYqMMOfuj6e31qJvsKwW0gPEi5U/KyHupFZs2m+Q/Gdh+a3c919GPqta0MB4yQO35
+ mrc1mkq7ZsDvG/wDzzf1rKNSz/MaX/AL2g+BNSuTG32aZrdx9re5tyGZbZJVVtgIxugdhkHkDkZ
+ rnvGF7Ekrxaa8j2yN5Mcsv3pWiJzvPor5Hv1rS07xNq2nIy6bqE1sCy3MiofuXNueGjB/vjg8fM
+ MA1x947FsyNkkl2PqWOf1JrvS7+qIq36s1b4YkBznKKQf8APpU6zOo4OP8AlmB6Y5qvej/Uk912
+ k/TFTyDAGD23n6sf6CuddPuGhJJmI5Jz94n1+v4U2SUjptHGZAf4t394ewpGTJ7jpHz2A/wpGG4
+ 8Dj1/2ff8Kop/8Au6bMVPOccAg+ue34VrLb8HDDH3wPYE/wA6ykK+UCp5BJb/AGdw71eN1thkIP
+ IXzE9yQOv0NQ/L0LT7+pl+HRuZyg9/wZu/0roPLf0rG8PxCNCXIGSIxn2Fa32pP70f50SfYUEc0
+ 0pyQoA43fTNQBJBn5VIxgY75I/pUqJ8x4JGMH25FSwgc8gfKcZ7kYqyLFUEYO5SPXPp7VHHuU5g
+ YZALEf3go7iryYGeR0OPqBQkanOVHQ5/L+tFwsRrIjjMDEDrtPWJh/e+lTOueVXB6OB/CT6f71V
+ ZLYJzAuD1ZM8Oo9RU8E6sMqcjoy/0P0oa7An3E256df4h6r/9ap0fI4HzD5l90Hr9KiKFeh4+8h
+ 9R709GUEFBgdQP7p96loZrW2SBhF9sD371cYt/Dsz6Y6nFV7YjaMH149AfX6VKMdh/9auCo33Li
+ vIo6zbs67lUZXicDvGO+P8AZrjnLSN8oyT8iD3r0AFV/wBewCdJc9Ah9awtE0VQxdlOwEpZK38Q
+ J6key110K2nvvb4TKrHt8w1a1CiIIpGP3BP/AAH+lMfBbjG3qo9FUd/wFW9cbATHB3HGOw2Gqe3
+ A5P8AsfTNOi9NSrDI8jPXoSPq1NGcHAx249D/APWqTBA4zyeMdlT/AOvUeOQDkDOG98+v4VogES
+ 62gjr/AB49CP8AEVajuQY2ycZAiK+pJ/rVFwBnAA7YHbmp4k+6rkY/4+Jj/djUd/1p2/zEmWJ7k
+ QoigknBnfjpv6ZH0qt/aR9P0quLwzSMdpx92Nf7qZ4/QVN/wA0+XuF+xImM8DsU/HHaliJJweMg
+ xnPqR3/GkdgD8n+8v4+3tUchwflz/fQ+x/wqRiRgFuVGMHP+zgVNEuAcMc4wfYFhShOTxjjeB6b
+ sUAHB+UgcIcduf64obCw2MHngHg49uP6VRkZonyqnYR849x6fSr0QPPAxjBP1IpGiDA5GeD+tNP
+ uKS/zHxSK44YbT8yN/dY+v1pEJB+cEfwuP7p/+tWXDOYWw5Ozqf9n6VrLiQZU5YdSP4k9Qf9mho
+ UWaNmGI5YZHQ+qn0+tXdhI++g+p6D2rLsZuzfRT7D/CrodV6kY6n6VxVVrt5o1XkzPeUzyMrLmN
+ B5roP+WrL/e+lX7C8lmHEShf4Sh6A+v0rG0afdcNg8EHP4EV0jELjaFUYyR7j/61VVstHHomvIi
+ Hr5M5fU7xpJcc7V+RR6sfappAOAvPcn/aPt7VR3K8zEAbc7ifQD/GtCPrluP+WhH0/wDr4rqS00
+ Qo+YyY7e+cfuxjuR/9eoiTxz+Xt605mBByf9r6kGmHp1PXH6U0DGSqCTjkZ/Qmorm4wpKjG79zF
+ 7Qp6f71LcMR/EM/dz6Z/wABVG4l3H5c4H7tB6Af4mriiJM0NGhLE8Dp/Wtj7L/siqvh6E4JxjsD
+ W3s96iTNIo55yNo6ZHyN7DtTBlscf7Gf8+lLHk8AZ7Y9CP8ACnxDg5Hoc++f60gLGCAMf3dufQ7
+ qjY/KevUAfTBqZ8hRkdgB7ZyagP3eo6/yX0qUNiDODwB0GfTmnRDhsnHHH5imL0OMdQPyzT4xw2
+ Vz0Gf7uWqmIo3VsGB6HjI9qg0+7eM8uQB8w/2Tn0960ygIOAegAz25rNkgxnA/zkVafciS7GwHX
+ IMXCn5tv9xvQGo9amkjX5T14z9aqWtyY+JFDL/Ev90Vc1cBo0JAKhhvz3TP8VYuOqv6Db7CaBZF
+ AWkBDHhf9mMf41LqusooIjOW+6P9kf8A16deC4JBtGJjwAFXGAmO4+tczdltx3UQhd3k13t2Jcr
+ bLyLGnsd3J9z74rXYgL05J4P+wv8AiaytKjLHjk9APStG5lBYbOgwEHt7/WtZjpjU/izgcFQPfI
+ qMnjg9+npxTgeT17n/APXTGIx1xz/SkUVLyTJ/8eP1xVNASaluzhjj6fQAU2BckY+mK1RizqtGQ
+ qnHGefwArQ3t6/rVNF2ooLY4GfY4/pmk3j+/XOzqRmRqAwwOPT2P+ANTRxYHX2z9Kij6j8P5CrH
+ Yf5702Sh1wxHT14H+6AKgYHaPqSfwxU9z/U/zqFvuD6n+YoQMZggcDvx9QP8KenCnnHIH1AzSHo
+ Pr/7LSn7v4j+VNgIDwdvHQZ9BntULxgq2BxwuPqalX7p/D+tNT7rf8B/nTYmVy7sMOF4+QuByy/
+ 7Z9hWnHGJISHHqF/AD+VZqd/w/rWpZfc/P/wBBFZ1n29UKK/4JD4duSyESZO35V/3WHr7Vma7ah
+ H+XHPH1HvV7w10f6j+RqDxJ94f57UQ+LQze2pBpPyglev3E/wBkHrj6irUnbGBxtP8AwE/4VV0v
+ 7pq1J0H4/wA61kVDYaowT+I/Co26fjjH4VKOp+h/kahfp+P9KRRm3RyxqbTotzj07+wH/wBaoLj
+ 7xq5o/wB/8/5Vq9jCO50keGPIBGM49CT/AIVN5Kf3Fqvb9fwH86s1znZY/9k=
+mail: George.Weasley@hogwarts.edu
+uid: 20005
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=dmalfoy,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: dmalfoy
+sn: Malfoy
+businessCategory: student
+businessCategory: wizard
+businessCategory: malfeasant
+displayName: Draco Malfoy
+givenName: Malfoy
+jpegPhoto:: /9j/4AAQSkZJRgABAQEASABIAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEg
+ AAAABAAAASAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD8+vGEcC6AqwIAcZPGMHHrXkDRneFDMSVycHr9a9r
+ 8Uwu/hFGA5UZ2pzivKdOiIvP3gypPOR/nmvk8uqP2Ld7nsYuC9pscvPG0JON3A4yeRTbRpHvY8l
+ jg+pr0e90FJ9PkaPBIXd0rhkt3hvguMc4wD1r1KVdTjuYSpONme+eCCVurUH+8OTk/h9K/RjwrZ
+ FfB9lPtLnyugBwOPpX5x+BgWvLHaGU7xznFfqX4YtAvwzsXOMmAZIIx0r5DMas1Vdmevh/hueqf
+ D3S4bnQoJJNzMTkqP/1V4T8XvizB4Y8cXnhLwvNDLrsUoW8umXcloxGQiD+KTHJ/u11/iHx5c/D
+ L9k3xX4tsZoV1S3t/K03zsbftErBI/rgnOPavzG0XxTHLrWq3l7fzarqL3BaWaVt7zyMcnHqWY5
+ Jxz9OK66mZ11g4wpt36mWHoRliHKR99fDOx1rVNUi1a51S9uBJJueWWYIHcnnGTj8s19waHcx6d
+ p0b6g1jYwZwJbidTvPpnH8zzX5VaX488b2eh6fovhGPzvE9xEJbm+kiVlsVPRI1OV346k52jpk1
+ 9A/Cvwl8YfE3i+ym+IvjPWtd0ApIr2dxKpBVl+4cAAqD0zkg9DXzWAniISbbu2e7XwU6kbpWR+g
+ 4uvCGq6cbOa+0hp5PkWMyrhs9iM4OfSvi/X/CenxfGTxPptnbsjWdwSY9mVEZ5BB64+vSvorw/w
+ CCvDvh7RJLKG3a9Ln52mYMSfxrWtPA2m3Xid7+3hNvemMqTxiRcfdNfS08diYuLivU8yplapwcp
+ bM+e/DXhOKDWfOitkUuoyNuOn867/xKiweWFRceQRheK7m70EaJqg+VvKmQtE2Bx6r+Fcp4piWW
+ 8hGcL5R6Ec/pXTmFfmgmrnn0I2bSPn348xGT4D3GRtxb9c89P0r8dfEhH2KQ/MWGRweOtfs78dr
+ Qf8KFunYvtMBzyOa/GzxGqiwnIw3UdMVll8/3jRdWN4XPIRNKGwpbHJ5JqaIOxy28k9ME1p2dkj
+ wvI45B+UmpREgnIiycfwn1r6eUkeYoXYkMbCLhiB/e9aK27eIGDdjvg8UVze0R1ezR9L2+nw6jp
+ CWxjjXjByPyrj9W8Lw6fqG0LGS2CT2Br3fwL4f+22fnbJNo6jbn/wDVWf4o0D7T4lWOOGV13AAi
+ M4/H/GvlMHVitNTvrR948hj0GRtHO1Rl1xnPGPyrynVdOSC/JAIYPjGMV9oweHXTwsYXWQNsOf3
+ Zr5l8aaU9vrO9VYASZ9K9bBVISm0mc1ZtRNnwTG5v7BcLjzVHrxmv1Q0pHh+FFucQ5W3GTnjp9K
+ /MfwFEv9v6aRn/AF6naE9+1frHDBt+Eke1X/49x1Xpx3ryMxhR53zNo6qEmlY+Mv2oPEQg/Zd8F
+ aQSd9/4geV4kJ2nyYXI3cdmIOPUV8L+ExDaeIY71/33zEYPzAMerfWvrf8Aay0+5/4U34C1qEOL
+ K012aCZ8fKnmwtt/MqB+NfFnhrUIbS/Et/PBb2oO8s49/wBTXbgqUZYW8Wa0ZqNe7P0m+BUlnFe
+ ky2aSTOoKSsMj1GP8K+2tA1SW0vRNFDCYmcAqoxn2r8x/gv8AtB/D3w7qq6de3mPMkHlu65/A56
+ fnX6KaJ438M3mjyXttPCbWXbLGwxgDGeua8OpRhRn77cT7GGJjOK5GmfQOmXUd8hPlIFBBIYHj8
+ cV30cSw+TcoI8owYHdxjHTpXzFY/tB/CDRp00rVvGmi2uqOwUWolVpMnttBya9807XNM8QeFrPV
+ vDOo22p2kjBg8JBAOOVbJ4Psa9vCyw7p7nk47mnFo2PHzaMfh1LqNoYRPb3SqYyRlSfvD+tfOeq
+ 3CXfieCCMo2YyccV7Xr/h24v0msppkAmQztIgHLL0H4E14jHYyW/xBhtxhigIycHn86jGUlyR0e
+ 58rh78zOK+Pemsn7PF25iiCC3JJB5Br8UfEsX/ABL7kHOcnp9TX7uftFRBP2cL4BST9mY4AHHHa
+ vwv8QKTYznaduWxu96rCU1GvK3ka1Henc8ijl22kqLkdTmrOm2zSNJJ8zKVyeas2+lSSwSMBxnk
+ jmtWxh+yxOTlcL8xznvX0VSWmhwUk7ogS5EcZQhQQemM0VXEYlupHDNg+9FZ8pbkz9JPhHFDJor
+ hzhSNoU45rpLnS7JvGDSeXuRXwTnrXA/DzWEsvDZcckckk9/yr0rStRgvdVdpC7TMcnmvDy3D1H
+ S5v0O3E1Ep2ZpapYWcfhwokaKRHn6fpXxh44tUk1vCqpHmZXHT8a+3NVaGTSjlW8krgDuK+W/Hm
+ jpuM0cbBi+cE4yPSvYwdOaqb/gzirz93Q5vwFAieItOz2nAPPTmv1hs4YJfhVHGEU5gAHucfSvy
+ 38CQ/wDFUWClQMzrtOenNfqlony+ErOLIIaEBhnnGPpXBjac/aNX/BnTRa5UfmZ+19qPiDTvhD4
+ c0mOZo/C769u1GIKMSPsJhLEjorDjGOcfSvg2awuNTsUaz/eLDlnVecj1r9t/2o/g9D4y/YU8br
+ bQBtUstPOqaey9RNbnzQOnIIBFfjP4C1qPTvEsKFI5rW6QDJGVYHkEZrpwsZ0qCfVGkXGpVSb0Z
+ QHhq7vPA13epd2cpRENtCuPN35+ZSNuQMd8/ga/Tj9kjwRqviz9jHxPNrn2ue7tbhhZxuSGCAY+
+ p/CvCDDpVr4GbWIrWJESPKkRAsSeAAB1ya/RT9iO1uLf4F3M+qRkPe3khERT7oY8Aj1x2rzK+Kl
+ jLU9td7H0uGy+OEbnF3dtj83PC3wp8Q65+1EmnSx6HaaV9tnjuVNrueNUJ2eWOHZ3OBuzxyTwMH
+ 9j/gt4O1TwV8NGtdaW0W4DqpEEYVH9CcdWxwT39BXSy+CfCx8dtrmk6bafaC5YtCoBDg4YH3rs7
+ q+RfDkipbrIUk3LEHVSz9gWPA9MmtIc0dZPWPZbhVhBJ8l/e7nzf8c/jNf+AYY5tPtJrq6vyRby
+ ABoY4skHGDkvlfw/GuA+F/ji58U+Lba6ugys67iJPet3xN4Rh+1WnhrVjZXFzZebPLHagtHGZnL
+ hQTzwCM++azPD+gweGPiDZCFHRZeg8sYB965MR7XnjKpN69Ox42JhSp1JQp620v3PQv2jmRf2cr
+ zJyfs55z04r8M9aUf2dO3JBJJ9+a/cT9oGZZ/2dL1FL5NsQRtHPHSvxB1m3dtLuMLyM53cfhXfh
+ 7e2evY89yfs0c7oqRvpkoJxljzz0qG4smNpIUycjoTyR+FUbG4ltrW4CnD+3Q1ZjmeSykJPUEkD
+ k16U4tSbRnDZHIuHifP7zB4wM8UVoujSzOVK4zxuOKK6U7oyadz7W8KSQwaMFmOF5BOen15rtdN
+ uore63xzBgXzgv39eteZW5U+DHmjKEDkqV61hwa7JCSh2hwOCeAOfavByzHTVHlO6tQ5qt2fQt9
+ rnmQIoaPGMZL8fzrzzxfcxNoJYlJDnIA5xXKr4meRcKVEfQjHOayde10SadsIUOBkZ44r18NiZ8
+ 3/AOXG0PZpeZ0ngRlk8X6X91cXKk7j15/Sv1E0iZRoFkFxv2DgjkcfXpX5RfD++D+LdO8sDJuAV
+ B/h+tfqf4ZLzW+mxuEK+WNx29Rjp1rjxeIqOo7fkVRgnE90j043vg6KKSOKZWhKuGUFSCvIxyMd
+ iK/FX9tf4P+EvhZ46+HOseC/C2i+EdL1Nbu3uodJtRBFJcqUkRiBxu2LIBjAxX7r6eir4TtFVAA
+ Y+CF6HH1r8+v8AgoX4b0mf/gnrqWuX3kx6lpGt2V1pDMwV2neURNGueTvjd1wOxNetShUdBX/I4
+ lUca1rn552l0mq/sx6gIZ2hvo4N1uyyFWWQdCCOnNe8/scx/FrWfAd14ak8ceIfClnqy3ZsNTsw
+ kl3ZvFIAxUyBl+bORuBNfDXhrXRL8MNTsJJ7iMow8prdwHxnnGRX098C9O8LtqOj2Y8cfEnQJLt
+ /OuLeABQGzw0cm3Kn3zXzUqM6XNG/W595gGsTKL57Wjbex+0/g7RNT0i8v4rrU5dVguNsklw5VW
+ MuAHJAwBuI3HA6mqHxA1K80T4fahLp10bS7LKsLxlepOSeeOmazPAP23QtMkWfxZrPiq2uow8Uu
+ pQQiWHj7paMLu+pGa434ma0Z9a0bSmuY0mvYJrqK3ZQHljjdUd1GeQCyj2yPWtMJQm5xhq/xOLM
+ 6vs4zlfY5XwbaXmoa5PqN9PcTzTNl5Gcbic963tf3W/j+yjw4Cr69PfNafgizZZi7Kdmf7g+Ufn
+ Uvii1iXxhEmGLEArwOP1rszrDNRi2mfN4WtzNnLfHC4874E3Uau/MB6MMdPWvxl1mJhpl2WBwGP
+ viv2L+MrIPg5NlzuEHBAAHT61+RGvKqWd2mSDubrzXBh2lWbt2Nn8CPKLaDdaSnOTz+PtUDM0en
+ ugZV9Rjp7Vbt51SCUEg8nioJFLWMhXkn27V7repgnaJmrPAgJxvbpgcUVl5y7Y4GexxRVcqIuz6
+ e0y8uE8ElH5Ux8ttJ/z9K4q+1Hy1ZgwHJyAOv4V117Mtt4KmWNip8vsev1rx6S9Z1DSsWGOmepr
+ 5rLqN3KXmdeKk1JJHVW/iNbdQrqzK3TsTUl/q32mEtwOMgEV508m+/wAs5wOoLc1tyzRDTotsg3
+ ADjrXtQpRjqmcuIxMqiUX0PWfh9ckeKdPIb5fOUcqfWv1y8GyeZY6SQsRPlDojZ6V+OHw/lI8VW
+ A83GLpQCc8jNfsd4JOzT9JfzyAIBkkY7V42IjP2+jOumr00fWuixFvDVmzBRhOhB9K/H3/gqb4z
+ 0yef4ReBLTWLWXVLCe61bVNJjyzQo8TQ280nZSSZAoPJ+Y4wCa/VnVvHvhnwT8ErnxR4u16y0Lw
+ 3psBmvb+8mEcaqBnaCerHoFHJJwBX8uPxh+IV98V/2nvHfxE1Bpt2uaxJPbRzDDw2q/u7eMgnjE
+ aqSvYs3vX1uEk1SSPHrq07lfwL4osdA8YQS6nareaW7gTx+gzzX69/BrxB8GpYdGzY6KyXyfu53
+ UF4/QZzxX4gh9uCDn096+ivhb8QvhV4Y02zuPF+ia3dalC53w2VoZUnUcjksFUn/a6V4+cYGc2q
+ tOLb7I93KM19lF052sf0F2esaDeaXJb+G/JGlWgJvr1WCwxqP4Qx7nv6Cvy6/aH/AGuPBs3/AAU
+ M+GF/oEjax4H8Brd2uvajYdLtrkBJVh7SRw7VY/3mXAyRivmv4zfte+Mvib4Hj8C+FbEfDv4cx4
+ EmnWkwN1fgdBPIuAqf9M04PdjyK+SAcQMNqbcbQOgx0x9K6stwtWElUqaPt/mY5jmcKsXCn95/U
+ X4K1DTLjQLTULGaG4tLuBZoJ0YFZUYZVgfQgisPxDfCfxyFLcBcD5xjFfnb+yL+1N4StvhH4Z+F
+ vxF1e18M6xpqLp2g6ndsVtNQgH+rjllPyxTLwnzEK+AQckqPvW+eObxjFt8lw65Vg4IYeo7H61j
+ n+JlyxucmAScmznvjdMB8I5QuFPkE8uPSvyY1sb7S8JQ7fmzk/rX6xfHO32/CQsQqEQHBz7V+S+
+ s/Lpt2OOC3Qn1rx8PWcq2p2yiuRHjBdvt0ke7AyenFXo2zp7p8oJ6etYhb/TZcH5t579quQNhX5
+ yBzivoqjujgg7IpiI+e+7yz9VoqKRgs7dVHqT1oouUpH0ZqkD/8IqwwCpT06143ex7ZSFUkZxtA
+ xmvb7t1Ph9nm5BXHPb3rzGSGB7hJDgAEdua+dy2q4xd0juxdK7ueeXMcsdy23I49anVpgF+ZtoH
+ St7X4URDIg2ADOegH19q89m8TW0URjijN1IO5fagP16n8K+gouU43SPMnHlep7f4Gu0g1+0luWi
+ hiWZWlkdgFVQeSSeAK+zPF37bnw08D+Co9P8Dwv8QfE6W+xDAzR6ZC2Or3BHzgf3Yg3Pcda/J2+
+ 1i+1K28m4mb7L/z7pwn4jv+NZeSWBJJ9yahZRSlPnqK4SxbUbRPXPir8cPib8aNetrrx/4lk1Ox
+ s38zTtJt4/I0+wbGN0UAJ+fGfncu/JwwBxXkzH5m5PPrS4BjzkfSomOG5JznqTXqwjGMVGKskcb
+ bbuxc98Hnv60mSSBkDig5K8nj3pCBt6hqoRIPujP/AOukzkKuMAnikUDb2FKPvDBHBzgUAWlPmW
+ 3lH5lOVKkZBB7EeleqfD/42fFL4Y3lqfBvjPVdOtIDldNuSLqyI/u+TJkKvtGUryRf9Z1wDwQKm
+ Y4YHA49amcIyVmrlxbWqP0luf284PG/ww/4R74heDZdG1cRbBqmhS+faTcY3NA/72Mk9lLgetfP
+ NzrtnquhXl3Y3UV3AzE5jfOPqOoP1r5eOC3U7qtW081tL5tvLLBKwwWQ4J9j6j2rzZ5XTUnKGjO
+ mGLlazO+k/wBdOwBA3dTxWhaMht5Mtu4yDiuRtNYOwx3YLM/AkQDj6itW3uDH5qFmH6VpKDWgKS
+ a0ElkDXBznAHXNFUZJFW5baR7g9aKfKWmfVmvKLfwYxO3he+M/WvKBLl0LfOuODkjBNejeIVnHg
+ 4mVSAq84HIGK8K/tB1mOcsc/L6V8xldPmptnrY2okYfj3UruTxDb2fmFbNbcN5atgMSeSfX2FcA
+ o7kY56ZrofE9x5/iZTn7kQHPbPNc7gFGI619fho8tJI8Gq7zbEGBkZOfpTBhipzwaccFe/0piAc
+ cY+tdCMmiUZ9Plx68H3prEFM8dcZoXG7Zye+M0H7pyG9qRIh4UZ545prYKjGc+9OO0rx69KRs55
+ +agB3GCDxx1Bo7Zzgg9qMAHAUdPWnEAqBjj60AOUdz1/zxU3YcZBFRLnORng8VLxkEDPbr1oLWw
+ g5PHIx6VMASh5/+vSqmOcEE0xiQwQcn2FAFm2+bUoRkYU7mrcWbLue5681jWHyAytySenfFXA+b
+ iQgE85rGqtCloTl8uc460VEpzIcg59qKxNUz721jwjLqXwgub2J02iP7ufb+dfF1xEba/nhkJ/d
+ sV571+hfhgy6j8K9Rtt5JVCoQEEHIPT8K/P3xZbtY+N9StWwNsxxlunJ4r5Xh+tfmgz1MwWzPPt
+ ULPrUzk5HGBVA4yeAPxqa4k8y7dmOQDwfWq5Y7VxhT6V9pDZHitjCefU0qYDDpj61Gcg8jOfanq
+ oPU8Y7CtOUh6hkeac1JwWx26EVEwwxHBFAJwDnB70mCYvJ4449aacAc446elOZTuJyMH1qNsYxy
+ QO9IRIOW6Zp4xknnGcU0E9e9KNufp3oBD1PyH36EDmpol3SLjpz+FRKRyRjGeavwoDGpz27d6DQ
+ Vh8+Soqi/3zgnJ6VfmIUY75rPJ+dVYnGeaBNHQ28KiwBAY4WmBcXrAc5GcelLC8lqFYgmNhU0hT
+ 7SGRgVK5Ge1ZVNEXFalRyYpSCV/wC+sUVBMd0uWI/AUVMUrFNH6feCZpLfw3qSDklMdOgNfB3xL
+ XZ8VNULYDbzkD6mvuXwXOjaJqu/Y37s8g4/Kvhb4mXTH4o6z8hXaTjj9a+N4bX76SuexmHwo8kJ
+ yT3JOfaojyw7gHsaUEbfrTWxsJJz65FfcnhJ3DI28np3pAw2nnim4yc5PWlAy3oMVSdiW7iH7xz
+ jHFGACe5NOIUgZAz2ppJLYIzRzCHNjYDTDjj/AAp7fcY8E+lRZyeSPwqQJ0PyFgDk8D3oJ4xg/W
+ kweOB160J94HByD60ATwg5ORg561pLgW6gbjkdCMVQUkMMYH41b+YqSwzk+tBdrIhm6DqDVAHM/
+ PzevFXpPU8kdFFUYfmucdRnmglHV2g+2aHNAfmeJSUz6VTVsWsZGcjK1BZzm11FWztU/Kw9jTCs
+ jNJDGHkZHzx6etTLVFiyndJjLbh6UUxopw+Wibp3FFSlEdmz9IfhyEur++tZGxuHZq8q+OXw1g0
+ b4aeKPFW3LRoioQONzuFH869I/Z4s5/F/7Run6DbjeZyWZUG75R1OK+7v27Pglp3hX/gjp8RvEN
+ tbxLqlq2nyLJjnAu4t3P0zXyGUZfUjUdRbXR62NxMV7rP57G+VugxnHWmEE5JGD61PINsrexI/W
+ oiSV6g89c19meOR7vmPJzj0pc4QbuM80MTtzg564qIHo2P/AK1UibDs4JPPPoKcxJXIqEk4IHXP
+ SnKSoA4J9xSsImU7VwcYI6U1Vy4Bzgc9KQ8KMAfXFSIMhi2D8vrSACc8cU5yoUKODnnihAPMLYO
+ B7cUxmJkJ+XOelAEyN+8B3cZq4T8oGTj61ViX5Nx5bPAqz951+UdB1oLQkiqLeTg7sdcVRiJD7u
+ BzmtCXIgfIBwvrWeoJP+FAnubssQk0sXKADkBhnmvVfgx4WfxX4+8Rr9mknitNKilcLGWwzyMo/
+ wDQDXl2mN51nPa/xMvyZPcV+s//AASc0Tw54s+IPxz8J65p9pJqR0/TdRtLhuX8kNLE8f0DLu/4
+ HWVWk6kXFOw+bldz5Hvvh9YwXbLJZMvPH7s4/lRX9D3iP9mjwhdzLKNOtJPn6BcY4+lFef8A2Xi
+ VtM6PrlPsfC/7HH7MviP4d/FubxR4kdJbp0VIFWMgIvU8n+VfUf8AwUmuLGL/AIIv/F9bi5t7bf
+ bWkUe448yRrmMIg/2iSABX2JZaZptokYigjjbH3jX5ef8ABXPxRNpf7A3gfw1aMMa945txcDOAY
+ 7aKS459fmjWu2hRVGlyp31OapUdSd2fzt3BH2uUjkbyR+dQEnYDjkeoqRySR1ORxTGByM5+hNdB
+ RG2QucDPvTDkEDHP6Vca2n/s6O7aGYWckrRRTlD5bOoyyBuhYDkgciqqqSvcn61SIuRENuz2PoK
+ AcN6+vFSFTjAwfrUXzADOce1NaiJd7FckYpVbMTZznioTnbn161LGv7sngnNSwJc7YUXvnJ9KYo
+ zLgjjqeKQ8tn9KmjGZOfWkNFpFyvHBFTxpmTOBRGuM/e9wBVuNV4I9etBVilcqRbnOWyePSqKZD
+ cVpX7HCgAdTxntWYuSeozj8aBPc0tPkKagpyc7s5r9OP+CWmrS6H/wVdvLVW/0LWfAV+kiAfxwz
+ 28in/wAiNX5exSGO9Rs96+7P2CvEa+H/APgrL8KWeTyodVjvtJyDnJmtjKB+cH6047ik/dP6e7z
+ X48rhUOf73NFcdLaqzLuYgY4z+VFdF2Y2OqSX5iFy3OST6V+If/BYHxTM3iD4D+DYXVoVh1PWLg
+ Zxg4jt04/7at+VftWJhsLbiM88MK/nT/4Kp6zdal/wU403TGlJtNI8C2SJHnkPPPM7fpGtcTTuj
+ VKx+azdVyBjvmkxuZQOSTxTiADwTSpBcTTpBZlBdTSJDAzNgLJI6xox4PAZgenatCm7H2T4h+GV
+ 5af8EHvhj8SorRmS6+LeobpXXGLSeN7ZHB7qXQY7HNfGCqCvJHPUHrX9DP7Z/gvwh8K/+Deh/h1
+ FBNcWekWOi6douxsO975qMsue53bmPtmv5632tdSlSNhkbb9MnFU42bJRBt/L3pmzcMf1qVhlc4
+ 6Ggrz+FGwEJX5ec596kRMWjEdSehpWGR6V2nhzwTrfibwbrur2H9nw6dpLxJcyXdx5e+WQZSKMY
+ JZyMHsACOe1S2ktQONUfdHOKeqkYHQZ9KVVbrgkduKsIPlJ2g/4UDSLMO0xBSMn3q2ijy/4QQet
+ ZquQuenNWBIwtsr94nC0D5ipfMWnwOQv5VRUnfxxXS+GfDeq+MfiTovhbRoftGravfLaWqk8eYy
+ swz7YRqwry1msNZvLKcbZ7a5lgk/3o5Gjb9VNAPcVlKhTkHPTNe9fs86lc6Z+3F8CtVtHZZrfxz
+ p6kof4XkMbfo5rwwoX0lHGdynk+1eufAKaJP2yPhCLhwsS+N9NJJ6AeeuOfrimiZH9ZlzqEfnsA
+ ejHv70Vxl5O0d7Id2QXPYev0orZNszOXsvGd9Jb6aL/AMWGFriNzdEW0RMTAZUY28ZxjnOc1+IH
+ 7Z+jfD3xx/wUf8W3/iL4/aL4f1BrGztPJfTEm+zeWp2rKQ4xkSb8AA4NFFJpXQ7nyxpfw9+DD2f
+ juHVPj/bm60+2t5NDvIbKGKC5d2kEitES7ybAikiNwfnHbBqOL4f+EbD47fDLSvCPxP0n4i3Gs+
+ NdP06S0tkjVoEaeBxIdpJYZypPAHTkg0UVSSC7P1//AOCr2tvpf7E/w18OwFWGo+OofMQMBmO2t
+ 2cnHoCK/A1SeM84GetFFZt3lL1LWxKfvcjBzSck0UUAIyt/ertfD3jPxR4X8LahYaFrd1p9hqLZ
+ vrURRSRzsF2q5DqcMF4DDBxRRUT2A5NFUFEHGF4yc8VYjTLk/rRRSLiNwHJ2nPrSxsIrfzP4sYT
+ 696KKa2FI9b+Amorof7cnwO1FpDG0nxA0uIt/sySNEfz8zFc58atNbRv2zfjBoxi8iOw8davBAo
+ P/ACy+2SSJ+kgoooJXU4mwPmQTxf3hkCtjwnfNpXxL8N6grYa017T7hSP4fLvImz+GKKKFuB/WL
+ qM4doZFdCJI1cHI7qDRRRXTNWZktj//2Q==
+mail: Draco.Malfoy@hogwarts.edu
+uid: 20006
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=triddle,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: triddle
+sn: Riddle
+businessCategory: student
+businessCategory: wizard
+displayName: Tom Riddle
+givenName: Tom
+jpegPhoto:: /9j/4AAQSkZJRgABAQEAYABgAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAGA
+ AAAABAAAAYAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD+f+iiigAooooAKKKeqljjmgBlSCJ2XIHH1rTsdGv
+ b9gYIz5eeZXO1F+p/wzXe2HhzQLdQt5dyahNnGMmGEf8AsxqJVYR3LjTlLY8vETlgMYJ6Anmjyn
+ zjFfU+k6b4JtPDr3l14f0K929YHkKmTHVTwcnuDmubtfBPhjxfcTyabG3hkqrbYVk8xS3blznGP
+ 4R7VisVBpt6G7wstkfPFFeia/4A1LSDK8Lx6jaJkySwEExj/aHX8RXn0kbRuVYEYOORW8Zxkrpn
+ PKDi7NDKKKKokKKKKACiiigAooooAKKKKACiiigBQMn1rvfDPhpLu3fVNSxFpUJ5BPMzdlHt3qp
+ 4M8NXPibxrb6XGMBkLscZAVepPt/hXrHi23jsNPj0+2YRW0CgRIR90dNx9Xc5xntXNXqpPlW51U
+ KPMnJ7Hnmq6qXuPKiIgtl4jiQYwPYdh71k28zJdJLGYo5M8MQGb9c1SvCyM24lWyeMZY/596gtm
+ le5GMR8dQMn86cYpIUpanrmnX91f+G20152jiX5t0jIob8MdaqW2oS6BLEzEzeXIxYxAE7euaxd
+ IuBCu6Wd+vyk5YE9vrWfq+oXf29nAZSmcHyyrc96x9km7Gqm7I7DVfF9vd61FeWN6yuwyyvbiMj
+ 2JUkfnXMavoUes6bNqmmwrHdRjdcWyDhh/fX/ADj6VyolmnfJVcHuBXpHgtJodZTczpCwJD9dpx
+ nPuD3FVyKHwkt871PFnQo5U9RTK9A8faTFpvirz7dVjgu183YMYRu4Hsev515/XWndXOSSs7BRR
+ RTEFFFFABRRRQAUUUUAFKOWFJTl/wBYPrQB758Dti+Or67kA2i18objx8xJYH6hVH410vjCxnlj
+ u9Tk4hWUrGT0kl/iI9l6Af8A164X4YX0Vlaa6+AZtiLGPUnj/D9a7DWdVn1rW7bRQS1jpP8Ao8S
+ gffkYBpXJ7k5xmvNra1mz0aDSpKPc8PvLab7QzPkd8eo9TWxofhfVtZuVS0tZDESMtt4Nd/Loi6
+ l40i0+zg8+eSYIqrzvbOBj2zn8Fr7X8F/CMaVo1rHLDucKDJx95u/4Vz4vMlRgu7OrC5e60/JHi
+ vgj4F3F3aRy30hUMBnCZYfj2qb4ifs5avb6OdW8PLcXYi4kj2kseP1r748O+G/IjihVCBgHpwK9
+ s0HQLdNDLXMatkn5SAc/hXzzzSu580We9/ZdHls0fz7SeHb+21IxS20kU8bHdGy4IxXSXt/No2l
+ WpSAJ5gJBIxz3H59q/VX47fs56f4n0O68QeEUh03xLChl8oLtWcj+Rr8p/EMuo2usX2j6/YPa3s
+ TmOSGRcGKQd8du34V7+CxyxCtszwsZgZYd+R5rrF3JPp6pMzErLlFPOwc9PbmuaruvFHhzUNI0r
+ w5qF4Fa11rS1v7Rl6BS7IyH3BX9RXDH7xr2oWseNUTUtRKKKKogKKKKACiiigAooooAKKKKAOo8
+ Oak1lqG1XC7ymQTgHDZrvdK1tLa5up3AZ2mdgx9WPBrxxW2t3/OvrL9mX4TaF8dfibf+CdW1fVd
+ H1UW8d3aXFjGrfuUfbcllf5XZQ8LjoQC3WuXFRiouctup14VzlJQjuek/sz+GP+Es+OS6l5HnWt
+ ghdSRkbj8qn6/eNfqDJ4agtreMNCEcY6DOeO9eBeF9Bj/Za0i+0J/DFh4mhNwWOoQavEt7Mufl3
+ QuF5x/Cv4V3/hL9onwJ4811tOtLbWNL1AOY3t7u2xgrww3AkcHr6V8bjOarJ1FrE+xws4UYqm/i
+ Z6LaacsM/HyjsccGurgd4rZ2aRIIUAMjucACufv766g0iR9F0yTUrtcbYVYDOe+Tx0r4u+J3iv4
+ g+LvEmr6PFDBr9loUkZ1Hw7aXbWsKhyMGXb+8uiB/DlI+oOa5sNQ9rJJM6sZiVTjqfbFv438F6x
+ rv9n6d4n0W+v2ZozFFMGJYcEcd6+I/2tfgd/bnxd8C+INDtBayaxdjTdWeNMKGCl0nYgcHajrn1
+ K19W/D+DWbBLTTLS28GS6DDbIPP0jSjZruOf3YQlsMowG+Y8nGcg16j43h8OWvhxL/xXqlpoeh2
+ itPdahcXAiS2QRsC5c/dxng+tdCUqNe8FqtDmtGvRtU2Z+MH7VOk6fp3w8+CLaZb3EFs/hi4jQz
+ qFeYR3caiboPlfO4cdDXxO3+sb619W/tY/F3w98Tf2gLWHwTvbwR4c0qLSNFkYMv2lEO558MNwD
+ MFCg8lUzxkV8oE5JNfZYGnKFCKlufIZlVhVxU5Q2Ciiius4QooooAKKKKACiiigAooooAK7j4f+
+ NfEvgH4q6N4s8KahJpviHTZzNY3CAHD7SNpB4ZGGUZTwVY+gI4enIdsgOSPcdaGk1ZjTad0f082
+ d74W+Kv7P/hD4o6Ilrb3esaXDfWl2IUM1rIyYkjyQcYO5GHoMV84+DfgCZv2jx4paWysbW3unuT
+ 5CbfOkbrx05ya8H/4J8fF/wC1/DnxN8HNTnWSSzLav4fjZwP3TkC6gUYH3XxIBzxIfSvta48TX1
+ n430ixtQkNvPdqss5HCITya+FxsJYerKmno/yP0HL3DFUo1GtV+Z65JDY6b4u+yxQR4lsc4AH3g
+ 2Ca8J8R/CLRP+E8vNcSBYb3UZvOuU4KyOOM4+gFem+IZZdQ+Pti2kXtuuji1CeduyOB85OOhyKz
+ /GKz3WjWNxpt7vnguS4MakLsA5VgepJ6YrlSST1OmSvJM3/C2mxwWdvHJEixwqAqqOPbpXy5+3t
+ dMf2EvEsEDKm+7sYiB3LXKcfkDX1JpF/KdGW4mKoSg4UYya+R/wBszw94p8Y/shXkPh5ElWy1e3
+ vdQj43PGpKog9B5jJlugyM8HNdWAtLE09dmceZR5cNN+R+GE7l7hznO4k59eagqaeGSC5eKZHjk
+ U4ZXXDAjggjsQQQRUNfdHwAUUUUAFFFFABRRRQAUUUAEnA5NABRUgikZchTt/vHgfnXfeFPhh4z
+ 8YXEZ0XQ724tWx/pci+Tb4P/AE0bg/8AAQ1AHnvWtjSdA1fXNWWx0rTr3ULs4/c20JdwMgZIH3R
+ z1bA96+tLX9nbw74I0OHWfiZ4iM07Rh49E0kGNiT/AH53GQvI+6FqxouvR75otC0mz8M+GYCEhs
+ rKPY15KOnmOPmkA4JJPJwKlysUotl34QfD/WPhELr4ta1NbW2saLC8mlWsdzmJWKgO8zLjcNu5d
+ gyO+ScY/Tnx54gi8P3P2lbK81SSOQB47SME5IB4BPHB6Z6V8C+Nb9Jfgzc+HbiWSXfp5ilJUAMS
+ pz0PBBYn/wDVX3B4S0s/Hf8AYx+H/wAVPAuuWMXj2DSrfRvGukXIJtLu+tUEDGQDLQyMEXbKuQR
+ gkMMV8/nOFdZRmlse/k2MVFuEnozitW+LMi3dsbTR/EemSAALPNEvK9WUhW44yMHpXpGmfFnU9e
+ 8MpNp/gjUL+5DeWktxqMUStjqSvJx715HrPh7TdG8Qix8daVqXhbWn4W21JdqyAd4pR8ky/wC0p
+ JA6gHivT/CUnw48NeGbrUrnUbC3hiQu0j3IVEA5JJJxgCvnpSglZRdz6z2lOaWp7Lp+rzP4aUz2
+ 0dvI3WMNuwTzgetZnjbwtN4i/Yv+OGtTCSDTNJ8E6kPtZBAa6KK21T3KBMkj7pIHXOLnw+0q/wD
+ iJdQ6yUuvCngLgxajdDybzUlP8NrG3zIjf89mGcfdHIat79vLxzo/wv8A+CW134F0eOLTbzxrJF
+ 4e06zi+8ls533T/hEr5J6k88mu7KcFUlUVSWiR4Wb5hCNN0o6tn4MfEv4bSa1fxeJfC9uktxfkN
+ d2KuAxl4y6ZwMkcleMkEjnr853um3mn6hJaXdtcW11GcSQzRlHX6qef6V9vQXRl8KSIQ7Kqb1DY
+ BjI5xj+tWpI/D3jPwktt4hsrbUZYvlV2XbIuejCQcqfUg9q+zUj5A+CSCGwRg0lfS3ib4DTiGe+
+ 8H6gurxKxBsLzEVyvGcK3CyfQgH3r591LRdT0fUns9TsbvT7pTgw3MRjfrjIB6j3GaoRl0UpBBw
+ QQaSgAooooAUAs4AGSTgCvpLwT8KdGj+Ba+PvGIuZ7bUZnt9F02KYxfaNrbGuJGHPlhztVRjOCf
+ SvnO3JF0rgAlAWGfYE/0r7q8dPcaP8ABD4QeHJfLhWHw7aykJlWfdhjlT0OSc0mNbnQ+HPAfw40
+ uSOPRvC2nX2qnBF1qbNdSQNxhwGJC4PQY969B8Q+NtC8G+H1itib3xBL8wQnCRHuqr0XgYrxHT/
+ Gb6boUqC4LSXGGSUSYMRHHbr9Oa8r1XVbjVtUaa6eTLE4B7Y9T/SsnI0btsb2sa1feJ9dlu9U1B
+ LTT4sG7keZieWwEXrkn8gM1YsNVsYfElpdxPCbOBcW0SjIGeM+n/168+mnlhBmWNGnI8vDdH9VZ
+ fQ/nV2KcSabBKsbRxSRkgOMlCOOD/EvoaVi1M9E1/XpL2W5gn3rvVjgnCggc88+vHrXo37LnxyH
+ wG/aTgg155T8P/F8SWOuoT/x7ujfuboKO6bsN32c9Fr5yN150lqzp85f5hnA9Py96qeKIPtHgrT
+ 5Ub9/DqBCjPPKHj6HHek4XVmR7Sz0P1b/AG8fjRB4V+Hvh/4YeHF0rWdX162/tS8murcXSWWngk
+ QvFk/JJK4O1h0WNz1xX5meHPHBvdZsYp57211AXCMkEk0bWpYNlWiMgKpJnGBKGQ8DjOazfFfxB
+ vfF/hn4azanfzXGr+HPDf8AY73XmEvtinZoASepCs2c561i2kOn6h4wDTy2OkyOjPJMRttWYDJL
+ Yz5WepOCueoGaypYana0o6nPi8ZWg209D+iH9k/xz4Z8d/BfxJ4i8YwyWnjTwbOLbxA1/C0Q2NE
+ JYbhEYkIrp1CkqGVgpIwa/Gr9qL9oLU/2j/24tQ1qG4YeCfD6SWPhm1z+7VM4afHdpTk5/uquOp
+ rhvDHx98SeGv2UPiv4G0e51VZ/Fc1jZtqn2kt9l021Vw1tESSRu3sMjhVYkHOK8j8DQRzJLcMCI
+ zcAJjgDaMA/TOa1hSUG0loaRqSlFOW57ZbThEgicKFUDhQCrH+Z61hadqk+k+N7y1t3DqG3REjg
+ 9x/hUbXrgIuQdowr7CDnOcVzF7NNJqtveNBIZkJjQJwZQT6e3StATPXTroaSO9tjLHecvIAABn+
+ 7z7dfpXYPqmg+K9KOn65a6bfwlAxW8tgwVvTnp65z1rxKK8Z7gqGkMgRfNjRuFcj5kB7j3rVS4e
+ GcyxO+eGI/vkHnr1xxj0q0gbK/if4GaDqUUt14U1GXSpFzizuwZYcgdn+8gJ9cj2r5/wBd+HXi3
+ w/Jem/0a7WC1UNLcRYliCk43bl/h9yOO+K+soNYdYDEZJhH1DE4wc8DH+eKli1EzfEPTrKQxvDc
+ 2TxMC2FKZAZT69T+dGoj4QIIYg8EdaK3fEmnrpPjbVNNVWVLW8lhTJySoY7ee/ykUUwHeFrO01H
+ 4gaNYX2/7Hc6hBBcFDhhG8qq+D/ukj8a+5P2jTC3xd8OJYq1vp626wxRFCPJUDhcflXz9+zZ4HX
+ xn+07oIvLVbjRdLc6nqRclV8uL/VrnGMtKUwCeQrele7ftITInibQdQhJEcM373echcOOjdxj8q
+ iY0eG3cTC7VQwVUIG1u/wBKzvNInfcmGXnBHGetdNqVtt1OX5dyBdwZG9cnHp3rLurZPLBX5iVB
+ yvUkDj6jH8qyKGWcNk1h9skDXVwshEcbH5IuAdzDq+c8Dp65qSaUyXLqzAFV3SSZ6+1VtHhCxXS
+ uCszLuUHnJXnj8M/lTFZTdyFsHcehzz71aExjyqLAM2Fl8z5WUZx7fSrGqRi8+HWoRypiUXMUm4
+ nAHON2ewHB96hgZmtrhVLZVt0b4GMY6Y/Ors6CTwHrUJXLmJQpPTqOPpVxE2ebi2kvbV1LMLiN/
+ LlCjqw+6yqP4fevSvhzNp2g+IrHWL2JNW1W3LPDamNXt7d8HBk3f6yQdkwVXhmzha46dJf3N9YI
+ TdrEpkRR808bf8s/bGDzWpa6zpkFyZ9Cha51e5INrCPuWuAMsD3xyDnqKoznBSVmR+PLwNfy2UM
+ Vtb3E8pnuktkASBScgDHQnuK0vDMaweFYjtEavFuHYZPP4dq4PXv3M8lul0by7kkZ7qYD/WSEdv
+ QcgYr02xV7fSoIoVlX5Apfscen0qZMpFjUZpWsIjGWSzY5m6/eB6Z9P51E13CUVLVWikRT/ECwH
+ fH9e9WdYikgstJso34ly0i4zke/+FYM9qV1lIoGKqxBG052mkhm3bux8t+ATkYzwx6V0dpHNJMp
+ CSh8lOGyB349M9fSs+0055LuFoy8giOHcJgO3ckdOtdcsaRWdsCERs7eRjIAIJ3evTkVYDILN3c
+ iaRkYKQfQn1z0z7VJYW5k+Mmm2iky+XpskrM6AeWQw9exwa2Le18xWKSTEu4GEbIL4P8AMD8azN
+ HCX3xw8RXUztJBZW8NkqFj8zhS7Y/76x+FAHzh8XLJrP44awTkeeUnAx/eQZ/VaK6j422G34p2F
+ 4AUS608Z9NyOQf50UAfSv7KbQ6J+zL8SPES24N1NqMFi82zcQkcAcL9N0hJxXMfGCI6l4KeC6V4
+ 7hoTKpbjqOf612PwjtpLL9iLQraKFYf7a1a5u58/eZS5ROP91OK4f4zagmmeJ9Ct1CCIWCMygnB
+ 3dc+5xWM3qUtjznSbhtR+HWnX06jzvKMTM443RsVYj/GqzFpZxHbq8rABSV54J7H/ADipdCijXR
+ NY0pXACS/aYWI42ScH9QfzraiksLSW1sY3dpsbXVeWOe/51LLijFvy2naK5+/clQS2AMY7f0rNl
+ YcSwDMbLuVs4ODWh4ghlgupYpPndWIPrtHt25rlLC4d9F2AZkt2MeDxlTyP0/lVRRLRtaSrST3a
+ lcyBhgYxj86vXUYHgHW3BBYwjgEFlIIIz+Oar6Du/taeME73QHk8H3Pr9PpVy/byfBmtlQULOin
+ Jx1cD8T7U4/ESzhrebybhMfNFsdM7uo++Bn6Eirc2pWtvZ3c+l2n2S6uYVaZxj92w/u+nBHTiqC
+ IRp8JQPztOB67WU5/KsaeUi3XGB0xwOPu/rWoimqm48TW0RJG656ewIJ/lXsmlRy3t0sYVx5bA8
+ SYG0evr9K8g0RWm8XWxUfOELAnj2/rXtWnSpbqzlNpJJbPr0Az7/wBazuBU1l2ufG7rEEcxxiMb
+ WwufUVPplv5mstMWLlRhQT1NVAshhLsCHdywJ6n0rsdF09hHbrgLk72LMOf69KpAbMcCWHg2d9y
+ OwwV3DJOR97OOCT29qymuZbjQ7NxJ8xIVi2OGzn8ATV/xRcrD4adWcF2G1Wdz82B0AHaud0iVZI
+ IVMm9IypO3oOenTpVAelWk8Wl6Y93dkIsS+c7xkYUKCRk9PbpWR8NYppfB0+p3Ye3l1K4e5HmHu
+ 7ElfwzjHasbxvqWzQrTw3blDPqkqq5YjKQLhnJPoeFz711Ph2YR6RHGrssSuFKAjZ9fpn0oA8i+
+ PNmP7A0K+8oI0d1JCHB5IKhse33aK7L4raaureDtOi2xqVvA+3dnA2OOh/nRQB9E6HpX9k/BD4b
+ WKRymaDRLcKwwCxKBmOP95uM+9fOX7QYY6lo86KU8u38p1KbeQeD1546n1r6r0KWO9+EHgjU4pI
+ fLuNDgkCj+AFBzzwexr5P+MP8ApNpIJGDzxNtb1wOhz09Kwb94q+h5Baa2bSystSBJjiUxXIC8m
+ Jup98Hn8DXrfgmwtH1fUNeupxPY2EIljkIDCWVv9WB6jue+AK+ddLuw0dxYzvhDk89BX0x4S0y4
+ 0f8AZlsIgQj3ty88hbkdfkXH+707daco2Q46vU4TWJTcahNLJIWeVy0spHJJOenauMtWW01wqc+
+ ROdjntnqP8+9d3qy+VG2Ru3xfdCjLj2/zwK8+v1KWrnONx+X1FCfQHoztPD6F/ENy+WQRxndg4P
+ P8+go8Q+XF8JL9lc7pL+AAEcjEgJIPfNT+FEa+uTdhTGP7PeaVgPubMZ/WqXjUmD4UaVA25Wlv1
+ 3KW7hGbr6cU6aCZyLyKunBo5G3cAAdfvN+VcndPtEag8EDnH0rpWeVLRVClVzn8Nxrjrxj58frx
+ 71qQb3hpS2uuQdu2DAJXPJJ/wr2GJfL0obNm7OQevI7+wGa8l8LjdqVwQD/q1yB3AJ7d69Tu7gw
+ 6Yu1wWYLnamM8elS9wHWo83UT8ofALykDG5v84Fel6Xb+XpflPF84+Z32ctkjoPTpXmumyTw3cP
+ 2eNJpo0aWVW+6SFJUH2rvYjfvp8TrcSoZEVn8uIKRkZx9OaoDK8bTkW2x9i7icBVBIAwCM9Ovas
+ Tw3FNFZXN+Yi6RJvLgZztBOD+VbF3o0d6V+06nqSHJJVVQDH0xVw6XDpXgTU7k3161lBau0ib1T
+ eACcEgZI9cUrgeceGLy51/W7vxHqQgEkgC28DAlViB5AHb6969q0dnezEgj/AHSjDcYPJH58dq8
+ Z8NW72/gyyYoqSvH5nBAwD1x7DsK9k0IouhwSJNIR91lB6gdz6DtTAh8WZbwzbyPGJVa6BHXI+U
+ 8fliio/Frsnhi3LK0Ja6BBWQYPytRQB7r8NLs3X7Ivw3n4OzRfKw/fY5QdO3HHuK+aviQPP1bUE
+ RgpBO1RyB3I+mexr6H+AMhvf2OvCcswhlkthd2hRuqKs7f05NfOPj5fs/ijVYot0cazHKO/6Y9v
+ 5Vzy+IuK0PlucPBrrhTtz719621pbt+zn4OUKXk1LTo75wkf3WZcqu7p0Az0r4a1mHGoM+MDa2R
+ jp8pr9GrlrfS/gv4S0mG3CG00i3ErIvy4CAZI79cfnWk3oKC1PmDxNAY70wjG8AMArcL9K831Rn
+ dWjdT8vAXOSK9O8RzfatWluTKu7PVhgY6KPpXl98TJfNGBlQ+N2cgfSoRckew+D3i0/wCB8EkYj
+ E13Fcx72ONxLHHJ6dK4b4nzCLT/AA1pu10EaPISTnJwF6+27FdZZY/4V94Z00MA+PP55B5PP0yK
+ 4b4qTb/HGnWqFm8ixbqepLjn2zitIbESdzlROx0zapKruXJ/4ETXIXpP2mMdCQK6AOBbCJyd6uB
+ 9fmNc9d4MnOc7ecf0qyTr/CIH9pzfMVOF9u5716LLNFc30k5Obe3XL+jbRkn8TXmPheURTXp2Kx
+ 2jaGP+0f8AGuwvZXh8HogD7ruUrk9Cinn82wPoDS6gdZ4Nke5upZ5VDSuspcY45H3foBXbajr9p
+ pGm6Uk0FzcSXCJ9mt7eNmeRjgADHUkkKB3JGBniuO8CKhuFiYMS4PIGQeMYx/Susj0zVdf+Jvwy
+ 0nRbyzg1meYSWE91IEjilh2zKTjqQ0XAHU4HHJA3ZXEzXi8F/ErxT4E1nxNb+D9ZFtaQQSaVpcY
+ t0a6RrjypWlR3WUYH3AgDFwcgrzXmt/f3Evwx8V6Be2V7aXdqwt5llKs0cvnbGiJU/eBBU/TvX1
+ xb+PPib4y8N+Co7DXrXStR8ReJ7i61jUYvDCqLFo42UNZM7MQFCSJg5JZt4JXg/KFtaR2ngvUUP
+ 2kxXHiB082ZcSOsEzAFh2clCW/2ia58PVc27jvfZGfdummeGI/MP7x0CouP0PvXrHhKQr4GtX2L
+ 5pzwv8I65P48818665qz6v41hs4mfylcIFzxn1r6PsFS38J2tsgJYKMFWJOMDgntXSBzfxBumt/
+ CVmg2bvtS5wORlX4ornfjHcSW3w80pwZCz6gNxJA58t8D06YooA9x/ZbvrrVv2ddX0lEjd7XWZk
+ X58HZLEkn/AKET+VeR/FaJrX4harG+0lGwTkkkH+tdV+xxrBhf4gaXLho2s7e6gUDncN6E+vGFr
+ nfjUdvj2/k8zqcbvU4rCfxFxdj58ktE1PxHY2MjEC4vIoXZTnhnUH9Ca/Qvxsscl00C7raxitki
+ RSMKQhQ/4fiea/P3R5TD8RfD84Acx6rayDJ6kTJX6KePbPdC86E4llGJMnPLYbOecccetOQI+U/
+ EcHk287NayQ26SMYi+ORk8DHvXl9vbvPqhIBAByDjr6179460SQ+Ft7Tb2iPypu2cd+PXNeRWCf
+ Z5l2gNKz7Ru7+w/wAakuXQ7ywhhZdBKIC8Nu8ZB6EGQso9u9eMePZxcfFHUCu9glukY3DkN3P61
+ 7hpcDR/POWDCPJc4ODzx/Svn3xBMt14z1i4Uj55yOO2HC/0rWmtDJmSH+T73Rhgfic1kTjIzkHj
+ r+Fa7gqVx0JHH51lv80fz+gJAPsasRseGdz+I3t1+Z5YztGOhBH+NeseL9MjtJNMtoFKiG0QFgT
+ gkgnOa818ERiT4qaWgO3e5UgfQE/oK+gPE+kfaNCivLcp5m3JXoWX19M9aAOe8DErrkalwZEO9S
+ V4Bzxj9a9N8Da94f8AB3xj8FeLPE0cUun2MOoQwNMrmFLuRQkBYqp2LjzAW6DPJ71454cvntfEV
+ upTEm4gR5wM9Me9esrYwXWj31pLElxp80hZVc5T5jnafTackEdaipHmi49youzueqzfFLV/Adr4
+ djttOs5bnToXs9LttP1V2TUZWyBP5bRlbc7SC5UuGxu+XJFfMXjy6bR/CVhE5QTyXE88zA8tK7M
+ 7kZ7FnbHtXfaZ4a0fSBLcafY28E+3blWzgdfvHoCe3TivCvjFqTT+O7WwDs/kWweTn+OQhiOPZf
+ 1rDDYb2Sd3dsurUUmrKyRz/g23k1L4gQvICy797Z6YzX1sqhbCNIkcx7f9SFAXJ4Gfoa+efhbYG
+ K9N60ZLMu3sMA/WvosY8okM4BGApboAcYPv711GR5b8VNMfUPh/p6LKQVv1Yqpwf9W4z344orC+
+ M+qSx6TomnWrvFcSSvO4R8fKo2jP4saKALv7J+spYftRWumzTPHFq+nXFjtH8TDbKv0PyvXpHx8
+ ihj8VF/kUsnCMm0nBxu989PwoorKpuilsfP8A4D8N6p4q+L+m6bpNlNeTxlrt0jGdqxYO4k8BQx
+ TJNfoj4qikQxSS2+SAsc23kBgByDnrnofeiipmuo0fPfj26QWsCZXeVKyOxyAwYjJHqK4nw74Wu
+ NVS+1ebFvptiFa4umwEQZwB/tMeyiiikVzF7UbqCHRbma2w0Qh+XLfMR8xOcd6+a41e4ZpHG9pG
+ jOTx1y2OaKK2hsZEzRKYo8DOSOP+Ak1hzJsYnnBXOV/3TRRTsB0XgaUJ8YtFfIYFmHt/q2P9K+r
+ tShi/s2FVkBxFvcHOFHsB+AoopgeT3+nC31mWeP5XRiwcD754z/OvSdHnSTwwiBWEmzkqTnqMHr
+ 6cUUUAa/mGQEkQyEt86Y2gjkZPb2Ar4y16SfUvihrE0/8ArjfSKRj7oVioH4ACiikncD6J8C2n2
+ LwnEhjEe5CxY9GI5XHsK7mR5xbFdyyl8HaQMkH29OM0UUwPlv4o6obz4rXEasGWyhS1GPu5HzNj
+ 8WooooA//9k=
+mail: Tom.Riddle@hogwarts.edu
+uid: 20007
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=ggoyle,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: ggoyle
+sn: Goyle
+businessCategory: student
+businessCategory: wizard
+displayName: Gregory Goyle
+givenName: Gregory
+jpegPhoto:: /9j/4AAQSkZJRgABAQEASABIAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEg
+ AAAABAAAASAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD86LiFvKRd2FxwRUUcMUQUzbmPYg9avGOU2IEgBPa
+ qsltKY0PzMK+cckdSWpk6oJpYojayxRrHMjP5w+QgN3x/h2rj0to9Q+KVrbG2kvYfKaFhboQisy
+ kZUAckEscnq2fw9Kit7eO5gN3cLaRF8tI3AGBkc/0969l/Z6+B2q+OvG2vza+01k9vLsWaFjGWf
+ jDA+mCTxVKqkj08DhZVnZHyzc+END8i5vtTmuIwXkWOGGPgBWwo5P1/DPtWLonhy9s/FE8Ef9oP
+ aXcbA26SEeZEBuJYDrjj06iv1p1H9lrQrfxLbraWMsmnFCVUR78MQQQT19eSf4q8/wDHH7NupPp
+ D3OiaHcWmoKUZbtsY8tcAx4HYjnnvVU6zsd1XLHHVo/JDVrA2muoGE8ULsWe3QASRjPAOeN2P60
+ lzeW9gxj0uG4ijk5JbufXg19Va78D/ABDZeMru91jSwLVCS8nmK204PJUZI9APxzXi2t6AtnPZx
+ 21o00BjaNUAy5YnAIHXrW0cWtmcU8pqp3SPLYLK61C/Z3LswUncTnoM13GmeF5njDsGXevIxggH
+ BxXe6b8PtaOnxC4tZLQHDAGIggAdz713MGiNbyNv5PA6Vy4jGdEengcka1mjwTWdGurZBC8BeLB
+ 2sBXHSRNECpVt3fFfVd5pccljIrKGJHQivFfEmibS8kaFShO4r0qcPiruzMcyyz2esTH8BXY074
+ qaNeMVEaz7H3dCr/L/AFFfZ8srtcK+4jA6dq+DovMju85CMp4I7N2r7V8P3h1bwVpWpeYH+02qS
+ Pn1I5H51vW3ufPNGi0rCXazMM9CDirKFo7xWaWUAD1qrIitKAG5Bp7SSFgGwR61kIvtcK7DErnn
+ vUkd7su1YyPnoQDVERiO6i3HcjEZIqe5giFw8sD7uBwDQkRI1NvnzNIXJBorPtnuPL2/d79aKpp
+ CucJcyKYVYYxTrdi+FB4qlJA8u3OePSnxwNbyZLNz0qZU7o0UrFPxOGj8PNKqBnjcFDjuOa/WH9
+ nrwcPDPwR0m7Esz3mp2cd1Osox5cjjcwUY4BPOPXNfllqaTXXha4KFf3SF/mHHAzX7M/DGQXvwl
+ 8L3SEFG02E5HP8AAvFZSilZH1XDes5M9m0vR7m88uIAsSM7RwSfStC+8N3kVlI00QjKDgA5B+vp
+ Xf8AhqWwjsIpmj81wgOAevtWd4u16N7N4YkVQAMY449DXp0sPT9lzNnsYivJ1OVI+YNf8J6XqX2
+ hdQsLWcFCpMsQ556f/q4rwrVfhv4Zs7prq20TTY5YiCJfKGV9hmvpbxBcGQssYw33ifWvJNf8w6
+ dMhBy45P45rz5xVzqp3Pl7x1Y2S2LrHbRrICd20Yr5qvrDF2SD9cV9OeMQxmlU7sk968T1C0MMz
+ O68YwK4asNTv3Wp5bdRYkKsO3NeTeKbWeFZPLx5cg+YnpXst6uLts85NcrrWjpqOlSoS27adoFY
+ 058stTy8wo89N2PleVgLqRCAHVz+lfWPwqBufgdpRLZ2PLGMHoBIQK+V9VtSmqzE5EqsVJA6/Wv
+ TPB+v33h3wRY/aZbyOza4ItreHgFmO5nb1yf/AK1e1WkuS6PiMNgZ4iryLTzZ9PJbxrI4dcsPWr
+ oWERb2iDY7dqW1EN1otpcZG6WFXP4jNSyRN5HlZBrBK+pwVLwk4vdGXJ5ZckKQB29KjyQpZRn0q
+ 61oBEzsSOecVAqRRwbPMBk6jnirjYylsMjnZW+7jjvRSbf3pUkcDtRVCOJRZFmOSSfQGrZDPtLL
+ +lV0Y+YWB5xWjbyZyH6jpSbNCJlLWrx/fU/eiI+/7V+qv7Kuux+J/wBkTwvcl83FsJbScYwQ8Lm
+ MjHrwPzr8tNwdjjCuOhr7Z/Y48aLpXijXPBF5MogvnGoWAx92RRsnX8Rsb6hqylqz3MixSpVuV9
+ T9NtLtm8iONWIGOdrc1PrGkMLHzjESSOq9qLO8s4dIF1HNE21ckBgR+dcjrfjSbzGto2UJxkZOT
+ +dejScYx1PqpRlUehx+pW8Ut40YTDBsMWrh/EmiNFZI5VVznBz/AD9q2NS1iSFmuEI3uSWJyBn3
+ rzjxv46tbTw3PNeXIWER5ZiQOMc1hUnCxvGDTufPXjOOB9VkjG52MmAMfrXjPiG0i060aa+kEUQ
+ HLMc8+wrB+Iv7RGiWN28OhaZNqWoFiqzSsBEOw/HPpXzbrPxI1/xLq0cPiXxFBpCSIGS2SMh2XJ
+ AIAGccEZrldByVzmqZtThLlO91TVtMk1HbBdIxzjGCDTICGfJwVIOD1rzq0bQ/tDSW19Jeyf3mY
+ 5PPoa72xVmgTCMi9sivPrQSLp1HN6nhep6UP+F4R2kqfu57j5gBww5P8qj1rVT9nnt2sEgjjwtu
+ B1UKeM16zrWkg/EjR78IDjfuPp8p5rh9S0b+0NX1a5ug1vJJcAQRBs5UYGce+M/jXTTrKVr9Dmw
+ uElBzUerPePB+oST/AAz05pBllUqDjt2rsrR45I97MB9axND0sab4J06zkH7xYgXHoTyRV0IUmP
+ XYR09KyesbI+Rx04yxM5La7NiZ4fLYBlK46VzuoQp9mQou35eDWiiAK2QCMZzWfdvvtvLLDHQVU
+ VZbnLzX6GEJZIR86sxPcUVbcgBAfm47UV1psh2uc5GY1YB+B2rVjWEqGDDp2qtZafLd7k+7jqau
+ NYT2sfmOhATqTWDrXL9m1qDeX5u5Vwcda7f4fXNxpvxN8PXtpfnTLh9QjhFz/wA8xI3lk/TDVwI
+ vMuw+XpTobyVpFUMUccowONrDkH86qzaCE+SSZ9v/ABWv/Efgqy36/wDEfV9A8t8QQWlrJJcTyj
+ Pyqi58w56YHpXyJ8QPin8YvAY0HVdXPxBhsdVKyaOdak+yHUUJwzxgb9u3gsrlWAYHZjp+x3guP
+ w58Xv2cfBviu702zuL670qKRpXjBaOULtkXPUEOCK5Lxp8Pdf1DQYdBs72T+xYiAkE8KyrHzyy5
+ Bw3uK7IWs3Neh9nyTnCLpz5W+u58/wDwE1zxD8YvhxcNqdhqOkXNrLHDMbhwykuuRggAnj2/pXn
+ f7SnhPUfCHhyeyku969AFkJycfyr7/wDAfgGDwN4KtrJ5Z3vLhzK/mtuI9z9etfGv7YlrIl1bMZ
+ Glh3bskY4I6fWuXEQagz1MLDmlZs/N74XeDbTUvjVZ69rN25bTZ/Phs3hWVZyvRcEjjPUg5r1zx
+ 74O8H6t8Qr/AMXWHhXT9M1u5YvcLbzy+TLJn74hJKqxPJxwTzXF6VJHZ6pDLH8u1+o7GvozQ4F1
+ K3SWYpJ8o+8P60qeMlycq0Ob+yoOXM4ps+edI+HFxfX76jd2YihJyRsxWzqtrFZhLdIguwDBBr6
+ M1GS3tNAkhFvEqqmVOMFe2R/jXz54gYSai+087snPWuLEPQ9KOHjTjrucbfpvVJNuSobnv0rd8K
+ fDwCZNb1zy5pRhre2zkLnoW9++Kz2XeAAM5YAfia9aji1CGw8qREChfl71zwdlufO5vjKtGChDS
+ 5jzwGKZ95BOelZrsBKFboe9Xbm5fzlE6tG/Tkday7nKsHwWX1Fd8Y3R8em76ltGjKsm/t6Vk3ca
+ rG21w2PSq1y+JRsdhkcCqhlkwd+R71p7FgpgV8yMZyAPQ0VJbSZlkDYI7UVfsxORji6lhhkiRZI
+ 5QTlhREbya0f7RNK6jhatWKm5unll+bc2RWrcxGCZBHH8prmniYJ7HRChKSvc56fTZrfy5X3Mrr
+ nAHNT29uHsmlTzFlXqGFb/ACzojYJHVfSprhkt1Cxxqdw5yKzeN02L+qu5+i37EPima8+FWv8Ag
+ a5mJvdLuTe2KMcb7ec5YY77ZQ3/AH0K+64oQkqSzoNxODjqK/Er4NfEW6+F37QGgeL2kmOko5tt
+ VjHO60lwJOO5XCuP9zHev26TULa90CG+tJo7i1uIleORDlXUgEMPYgg/jXfgcT7RO/Q+py2uvZK
+ m+hx2uaoo1fyYFDPyHx2r4v8A2stFvdS0yzLRNG3lBuVxx619bXWia1f316+k6pb6VdCTPm3NqZ
+ lYdwAGU59818z/AB88LfEbWPBzf8TrSZriXEKO8bgjPAK5yKutK8Hc9+hOEZI/J3WNIvYL1/s12
+ UmQnbzxntXrPwc+IJ1eNtJ1CAR6lbny2IPGQcVgaj8EfHtp4qcaneX0cMZJkcfKhHsD/OvUfh14
+ S0DRp57dEh+2qcs2fmJ69a4ItLcbm+a60Oh8VXTJaN2JBzjuK8Dvn8yaRiSSW4r2fxpcIscqJwR
+ kFc/rXiLEtMxPX1rkrTbZMqlyr0eMHP3gfpzX0CltpcOjxy3N5JOAoPyHPbNfOc0mb5Y+2Mmsiz
+ +K+pWvxPi8MalZ2wg+07I51yCYyo2n3Jz+hqsPDnuj5jiCjJqEl5/ofQeqQaRdSQuryRjP8Qwaz
+ LrR7MgJDeYDdMng1Vv5njnKTJlxism51CQOmwAhfzrshB2Vj5RsiudLiMxQzqJE6kHisqa2CfI0
+ m4e1FzdO8+/+9weKypLhvtLKoziuqKaWpF7m7YWPnqyw/eAyQTRWfp+twW8j+dHJkjA5xRT57By
+ Mz9NYi4jYHb2x2rr7mLzYI5t4JU9K88FzJAw2hioP3gM10VjrHnwrAY3yW5bpivLr076noUanQ6
+ K1sHuLtpQu4AVXvLOQT7s8Z710GmQzlsq6LGRwSetSapaTjaVZQMgnBrzndSsdnOcrE7MskSKxc
+ cDAr9N/2SvigPEHwdTwBrdznXvD0ZFssjfNc2WcRkdyY87G74CnvX5uWglt9TljaLdvX5TjoaZo
+ 3i/XfAfj6z8VWGpLpeo2M2+2kPO7IwUK/wAasMgr3HocEdOEqONXTUuNf2fvPY/bnVPFVh4YFzc
+ 3yy/ZcDC28TSPzxjaOT+FfO/xF+Jd5e2gJ+HPiy2062kEsN3dzwQebt5DIhYnB/2iD7V6R4C12f
+ 4sfsxeCfiRPoV7o1lr1u8lvHKVeMtHI0TgMOgLKSoOCVxx1re1f4dQeJ9A+x6gpeIx7Sh6Y+le7
+ P2kZcrR9RlONw8mqrXMvU/MP4kfE74peMtbll03R/Dei6dLjy0nuTcTIg4y+3AB4rz7wRa623iO
+ /u9Vv/OmkQLst4THGuD15JNfprdfDDw74YsPs1lp9kY2TbKPLUV8t/Emz0rRrm4NvDFEFbcVTgA
+ +vFcFeEorU9jFVqNX+HDlXr/wEeD+MlEdkzk5kPBO7PavF7i8WPeS3Arp/FXiE3khggxJL0+Xkg
+ V5+1nezt88Mgj9WFcUlc83VuyEimzePITy3U1wup6edZ/aM8H29kge5MoMxA6IuTk/oPxrqdSL2
+ VqSRggV6l8KvhvqGm6u/jLxJC0Wo3UezT7WRcSQRdd7DsWwOOoGM1th3ySczzc5qxjR5Weh+IrK
+ MWMF2EZJFCpKccYxx+NeczITcMF5x+te2apdW1rYSG9mihtgpaUORjaOpPoMV832/wAQ/h5qOo6
+ tNa+JbGC3sizMk7bNyDHzJ/fXnHFdeGUpLRXPhqlr6mvKvzLj1rBuH/0pmyR2rZsfEPhzxDo7Xu
+ h30Oowq2xzEcNG2OjKeQfrVKWFWDEDBz3rrd7WM47lFYd5yimQeoorUsStvJJu4GOlFRcu5zsdy
+ hQLv4+la1rdRwKrCLzVP3vWuWt1Jm611emafcXlxsSQImeTUTpxe5cZtFHX/ipo3gyxX7dBPcXM
+ gJt7OEje+O5J4Vfc15BP8aPiP4s1J4fDtlpui2a/8tBGZtg93bAz7Ba808WwXOtfH7VLW4kZgt6
+ bdDnIWNDtAH5E/jXq1pbW+naEba1CxxxjHA9a9nBZTh/iauzzsXmVSOiZrafrnje32XGpeMdR1G
+ 5fjy1gijiX1OAuf1qrq2qOlys91cyTyAbnaRySB+NV4pMSrKx+SNenY1514u1EyadfDed7xv0PT
+ CnFekqVOkvcikzy41KlaXvM/rF/Yv0GzuP+CN/wB0m+hWS3u/A1nNIjDOTKpk3ezZbOfWvJviJ4
+ yv8A4ReLtTsPFMdy2g2r5XV4kJWKE4xLOvVYxnBkXKr/ABBRzX0H8Adc8K+A/wDglh8HNa1TV9M
+ 0TwlpPw602W41G9uFht7eBLRCXZ2OAAK/Kb4//wDBTH4deLP2xPD/AIU8H+FtP1j4XWd0bPXvFW
+ rLIjahDINshgRRuigUkMJmDFscJsJJ8rG0pz1h8R9VlGO+rz95e6fSuueIdZ1Szku9N8PeINXtZ
+ k3W81naGWOQdQQ4+XHvmvjvx14D+JvivXJpLvTP+EYsJM5+0uJJ9vtGhIH4sK+pNO/Z78U+DPAo
+ +IX7Mvxm8L698NNVshqNn4S1mdJreNXGQlrdxNsEZOAoZBjpngAfON/+1Df6d4qbw/8AEnwPqHh
+ fWYnMcsV1A0Z4OCVyPnHuuQa8LEzqRdqisz7ehiIYmN8PU5l22a+T/Q8+0D4FONSSMrNMN372WQ
+ 5aT69h+FS+PPBFj4c0GSXakRVcDjqa+z/hnf2XxAjQeFrZb+eYfu44gGIJ7nso9zgV6vN8J/C3g
+ 9h4y8ZRWniHXIGL2VhJhobRlPyyKp4Zu4Zhjjgd6wp4WVXVGdfM6eEV6m/bqz84fC/wPTw54Vh+
+ IfxHtoYGciXR9Cnz5pPVZZl7HoVQ/U9hVLWtbSwsJtTvD/pM2THERyM9K9G+LvxAu/FXjO51C/Z
+ BZQOVs7dT8pPdj/Svzs+N3xTntriTR9Lug+pTRkSyI3/Hsp44/wBs9q3p0faT9nA+RxmNqYibqV
+ H6eRlfG34pvd6beeF7GcSXV2NmoOrcRxnrGD6ngH2z7V8sQoXcuRlQeMjvUbI8knUtLI3c5LEnr
+ nvk96357UWdlHCOXX75x3r6Ohh40ocqPHq1XJ3L/hvxFqnhjxGmpadIRxtmgZjsnT+639D1H8/q
+ Xwv440TxTEI7VpLS/C5ktJ8Bx6lT0YfSvlG2tg0BLD3p4ieGdZYmkjlQ7kZGIKn1BHIpVaCmTGp
+ Zn6KW3hq2utLt5o9u51yTmivlTwp8evFnhrRVstQsbTxPbKu2Frq4aGVPqyq278QD7miuH6lUNf
+ anfI0FrFJLLLEkcYJd3bAAHvXlnib4lX97HLpvh6VrKxI2yXa/LJL6hf7q+/U1k+NPEbajqLaRZ
+ yE2ELfvXH/LZ+//AAEfrXEhQE44rqwuEVuaY6tbojZ0GOD+0o7qUl5osrknrnkE13yPIdHlLNua
+ V9o/OvLrKZodS2htocYznv2/Xj8TXpumSrcaLG2Pm4YD0NetTaPGxcWncl1OUWekMuei9fWvHtY
+ uRLeRq/zCSQBgfQnBr0nxVOyaXtBHUV43ey+fqES8k7sfXmoqy1NMJHS5+m/7RXxL8UeKP+CY/w
+ Cx74K0/VLiPwHZ+BbL7XYwy/ur69gDw7pQOG8ow8KTgM2SMhTXzJH8ItV1L4Fa18TrHTDqGmaRL
+ HFrAGQ0CMwUTfQEjJ9K63wRryeJf2FfFPgXU7lP7R8G6pbeJPDwlbDPZXUog1G3UH+GNzHdYBJJ
+ d+MDn9l/2WPgNpyf8E9/ENv4lit20fxz4buIJZXgWZY/NhYKxU8HBIOD6V5DpVPrTV9N/ke7UnF
+ 4K3U/Lf8AZs+Oni/4Tef4X0y50ibS7rIs9J1kMtjcuWLfZ2kTHkl2JwxBQk4YAnJ+4779qz9nP4
+ p/Bq/8P/tHfBXVvDV9iWC0j0WOS5aKaJcmKOVWU2synaVBxkYZSRX5Ka1apa+B9O1SNCYZoAl3G
+ zbjby4w0b56qSDtY/e6Hkc8ZDrOt+PNdsYbu5kMkRS3a68wq0yocRFiPvOoJUHqVODmt50oJXZ4
+ uBxNdybg7NbPrc+w/iR+2NqcvgSX4ZfCnw/e/Bj4a+TttvDvgqZBq+qHbgPqF/8ANIA56pCN2cn
+ c2ePffgx8Svi1rf8AwTs1K18fab4gsNQ8EXNrZpe6nayLJe6Rcq32ZWL/ADM8Mn7sM2GaN4i3Iz
+ X0Z+yd+zP8MPCPha18Wa5pum6jdxW4uri7vefLCrvZycHGAOtes+NdPt/En/BPL4s+JItNn0r+1
+ o7nX44DCfMW0gmV7ddvUkW0S4X1rKtC9LliraXO+lUnKXNN3fc/JL4u+O4tI8J32q3EyowTFtAX
+ +eRzwAPevzuubu41PWbi+u3M1xISzsc9T/nFd38RPGFx428d+epYadCMWcW7IC/3h65riXVVQQw
+ ofMJ247sT2oy7B+xp+9uzXEVVJ2WyL+hWazX0t5Jnybb7vu/b/P0qZw11qBPVc5c/yrWeMaZ4bh
+ tAcy9XOPvv1J/pVS2Ty8BsFjy1ejY85zu7khQRx4/vVGqks3XHerUmDyc571SeX5iASAOwoJuNc
+ AHsPwoqJyAMu6r9TRTsVqWABvx6CnMPloT/AFmKkI3McetapaGtymwxIMcH1r0bwy4fSvMzyTgj
+ 0Oea8/dMPjjNdB4ZvfJvbq1ZvlZQ6j1I4NKGkjDEw5oaE/jKYCB0B5BA/SvKof3mpqCcjGTXd+M
+ LgO5APUZrhbH/AJDEZPTmsp6yLw8bQR6po1/c2bxXttOvnquwOyA/u5BtcD2IJB7V/SL/AME+fi
+ Fe6l+yPa6Dq5+1adYv5Ecjncqp+PoDX80VqS+mSImCWyhyeg65/wDrmv1O/ZA/aR0L4UfshfEbT
+ tRuhe63eWbx6Rp2M/aJ5Imjxz0UE7mPYClUjaopGs6ijRk301Pi34y6Jf6R46+IlnYvDdWWk63f
+ LdT2jCS3FrNfzLbFiPl8uQbQvqenSu4/ZI8GaFf6vB4i1a0N/d2eouRZ3SjyYVQA7pAecsc4Pt6
+ 8Vz3w21mCH4zfFDxLrEkOtzaf4etrWw0y8G+G7vpJfLhnlTOGWEebIF7ErjGBjV/ZtuLuT432Gm
+ zXDXdyNXkWSSXBaQ78tn69ePwrixkW4KxyZbNK8Xo7X+8/oA+Lus6dpn/BLfxk2jLZaVf6zp1rp
+ lrDFiOQm7mihMa45L7ZGGBzX5L/ALc37WEr+EJf2cvAGpXCraxxW/jHVrO52+YyBT/Z8ToegwPN
+ bPQ+Xzl8e2f8FC/jzYfD34PfB7wB4U1DT4/iFF9p1e9jjKu2mJJbNb29xInI8ze7NGrD+HdjC1+
+ G7zGe5mvbqaSeWSQvI8rl3dyclmY8sSSSWPJJyeTXRTg+dt+h33TirFaNBBG5G0MQQMjAH+H4Vp
+ 6DaG41KXUpxmOAlYzj77kdfwB/OsmZWnuUigEkjyvtAYYzn8a7GRRp+jw2sXzeWuCf7zHqfzrdG
+ FadlYzbyVpL4E8kfdHYU5I9g3E84606CICJ5pCCe5NYN/rMaM0VriXB+9n5R/jQZRV9EalxOkMb
+ O7qij1Nc7PqxYkWyDHd261kySyXE4aVmc09I8N/jUNm0YWEfzJ33yuzn3OaKtEZopGh1iHNxIew
+ q2qYI9apIcNL7uBWljD/gK60ZsqTDBzg5qlbztb6mk6ZyrZOO471ozkeUSRWWOpxwTUyKSuiDxB
+ cGS8wTnnj3HWsPT2I1YHr2HFW7/MlqkpOWjby2+nY/zqhYMy6j8pwfXFYX94Iq2h3tl8l1LHIgd
+ fL3qUXv7+nPc1798BvDugajrni/UfE+v3VrZWYt0ttP062a41LUDIGYx28QztAwd0p4Xv0r5/g8
+ tryN0mVgVKncueQM/TP19K9F8B+KfEXh7xHdWOga83h1PEMQ0rV9Qjt/OmjtySytHyGBDE7irLk
+ E5I6jZxujnxNP2kHHuafhW6tNR+L/AI/1Sz0q50awkuEhtbJ5vNkiCl9qO3O5+hbGRk4HSq3gn4
+ hTfCj44+IdeNnFf6lp168lnamXCG4ZMKrEdlPLAehFdbaWvhvwB4c1vWdC1HUdT8PTQLLoN7qMU
+ azzTh3imkOwlWWJoyFI6uT/AHc18yXFy2p6xPcshhjZ2YqeTknJLHuSe9c7ipbmWGg1Xm7aaL8D
+ f8ReJvEPjv4g6t4w8V6pc61r2p3Bmvry4bLSPgAD2AUKoXoFUDtWTI6SP/COORjHPqfemrtjKsy
+ 5Yj5VzwPTnvzTpRLLKscKnzXwEB9T/Stkjv2NXQbQSXL3zqMQname79z9QP51Nq97DaRkzMOc4U
+ H5j9BRqeo2ug6PBYwETXKp90Hqx6s34159JJPd3pnuWaSQ9yelKTsc8Yub5mT3mp3F2uxSY4B0Q
+ Hr9fWqKgk9c1NKm0YpqD93msW9ToSsh6j1FSL96o88Yp8Y6mkA4AsSR0FFOiPynvRTJZ1MXMkQ6
+ ncTWpnPJ6ms23/4/BnooxWqu3qQCc12IiRVnx5eTWRdvHH5CxvIryRnCrHuDPnoTn5Rt5781sTj
+ jpms5iMkkDGetTIqJhIhfw/cu3/PXZz2OMis+xyb/AOXPvWy6eVoWow9GVww/CsjTyBqKk5xntW
+ LWpR3FvKfJQIkZlUgh2HTBqeZQ8E4kZXSRMssg4wfXPX6VU83NuEJ6cnBxyf8AP6URl1jm3KNqj
+ O8jBx6Z64/KujcgTUr6+uvDWl2N7eXUsVrF5cETvlIkyzBFHQAFmPTqxPUk1kxxJHCPMPzDoMdT
+ WxJsK/vfmAABJIIPt+lZLuzu0jsyqozWbSRaGKpZg8h/eHqo6r6Yq7DIum6ZPqpDNJGRFaq2OZC
+ OvvtXJ/EVR+0xhA2ELA+uTiqup3AlaytlYeXDHucA5Bkc5Y/gMAVLaSCWuhRVJJ55Lmd2eRjksx
+ 5NSRKCxYU6RiLLPQdAaSIjy+CM4rNjsV7nl1xTAMgD0pZTmT8adj88VLYXGkYqRT+5PvSCKZ4ZJ
+ FildIxmR1QlUB4GSOB+NMLYTGaBJEkGS7j0op1njzHJ9KKpFHV2hLTknrmtMk7SPas6xXknLHPr
+ WkxAjb+VdcUYt6lSViF/CqLn90x44FXpzhAaoOV+ytUtDRm6idj3CA8OP6Vm6SB/aIJxt6nPWru
+ rEHyz6xj+VUNOx575GeMCsepoda7kvlVwpbIY/rTpEVhtiLE+u7IP/wBaqiscrvIb5SF9uOauIr
+ NDvJBYjoVzjnp9a1iS0E5Lqv7tvmySd3PH+e/pVQx4lZdxIKn7vX61alEYIyWEWAGG3GD3HPWq0
+ gAwA+WPOSelJ7jiVZbVCETfK2WKhSePz/rWTc2vk380SkkI7KD9DW2sr+ZEvOfMGVP1/wDr1Tuw
+ P7XvMHI+0OP/AB41nJA9xl7ciXSo4o4mVggUpgbazIYikeW64q5Jz2qAv8uKhjK38cpPYcV0uhe
+ E9a8S2Goz6PFDdGxZBcR+afMw4YgqgUswwjZI6YyeOa5tSMy5HBHP517d4Mi8W6PoZ8Q+H7V7fS
+ riJrO7aRGdPKMiA7wjqwIcR4YMOvoTmb2RE5qCuyjo3hA2llJpt3qGoJFq8EaXUsNo4gt1Y/Nv3
+ ADcCuPmwchSOuK4bWfB+qaTZXt9K8M2nQXBiS4AdPP+fYGVWUHByp68A164WvrnRNav5dX0681J
+ JI45LJ8vJDGSFXaMlVCkggElvnzkmvPdXbVdUC24kX7PEBJIo2qrMAcM/wDebG4bj6c1PPqONVN
+ pWPP7Y4dwKKdbH/SZW9RRWq2LOyszgc1dmP7o898dKKK6rmD3M65YhevFVH/48s0UVLRaMnVfuW
+ /vGDVPTmxduvOT04oorH7RXU6iMK8JbId1OSA2OO44/Cr1sGB2rtV8ZAz+gxRRW0SZaFe5DcNJG
+ PmBOGH4VQbiBsMGJOeKKKU1qVB6Cb0N7b7MF2dQSRjv/OqkrA3lw3XMzn82NFFZsXUhOMetUX4J
+ Pr0oorORTGLgpLlto2Ek4zgdzX3Ho3hPWNA/Zpms9Slhhg1HQpNXjtvtJAZ4lS4GCrMjAKvD5Ac
+ 8AcGiiqUE4mVZJxsePTWukWOnWkl+8sNpfxNcxTJHIyylWwseYgWyOWAH8RGa5K4tlfxLrNurpF
+ 5jhJISMvECu8rk8AgnkkEE8UUVzWshYdbHlkGUuJQxBIJBI9QaKKK6Eatn/9k=
+mail: Gregory.Goyle@Hogwarts.edu
+uid: 20008
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=ssnape,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: ssnape
+sn: Snape
+businessCategory: professor
+businessCategory: administrator
+displayName: Severus Snape
+givenName: Severus
+jpegPhoto:: /9j/4AAQSkZJRgABAQEASABIAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEg
+ AAAABAAAASAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD8gymOpoHynjmpCCTTMc14SZ7A4nK0z2p46UmDupJ
+ 2AegAqUEqajX7/Iq8sedoA3Mxwqjqx9B71HK29Ck0ldkQbIzS4yuf4fWteJ7Kxt2+0RRXF0RyHO
+ VQew7miTxK1iqGOK3glfhVZFO725H8q6vqE2rs5njFeyRhsnAYcqelOwO/Wuhubm5CafdaxpHl6
+ beBhFcJ8h3j+EHGBXPyPAb6aK280lGxskPOPr3rnq4aUFc1p1+bRqxB0P41G5PccVYYZNREZODX
+ Mb2K7Lk5qEgZNXdoxiq7xkMaLiIT05qIrzxzVjYc9f0qQR4HrQBSwfSr0bDPWoynzf8A1qljTkU
+ AWB0FFHaihMCR0wOKhKkc1fdOM0gUMvOK25xcpQ+uaADuFWGQBscUxVOTkHrTTuHKKiFpVXqScD
+ FaC288ENxd3CtGkSYGBng5AP4kH8BWt4W0v+1fG1jZYyDuduOyqW/nitnx3Kln4Jt/s4AbUdRaN
+ Rj7sMCbR/n3r0cFSUrtnDjJuKSR5fd3TO8TNul/iYBfmZj2+vbFft3+yt+y74F0f4XaVf8AjPRt
+ N1rxJfWyy3T3kay+WzAN5a56BemR161+HmnyH/hKNOc/PtvIHP4Sp/hX9KPgm/0vTtL00ahfWwC
+ 28RVFnUNGGAPIzxU5nOSjFJ7nVlFKE5Scuh0njH9nT4JeJPDkWnaj4N0tYoh+7/drsXPUhema/E
+ T9qj9mW4+BvxYsPF3hqd7rwJqN4Le4t+hspWPyf8AcZA9GAHev34fVvDk+xYtSHlSFy7eaCMKOx
+ FfNX7SPhnQfHf7J/jjTdOu7fUphpdxLHAZVaRmjTepQdcgrnivNw9ZxlrqmehisPGVNvax+Bl7a
+ G2n3Afu3OU+lUGX0rYbN54dhmRmkXbvRuvQDP4EbTWWBk88cZFViaXJNnDQq80EyuRg0xh8tWCn
+ PNRleTXPc0bIVX5ucVJipAhzznFIygVTERbRmm9sVNt96aVGO1KwEdFKVz60UwNXOVPXFMI44qy
+ qjBqNwc4xTuMqY55GTRt6ZxipCMHFIRkY9qqLGkeo/C1VXxLq18wAWHTn69STngfkK4fxtqon8P
+ 6basqJLbRuxUdR5vz/yxXV+EnEHgPxbc45ht0brg/MCuPzH614br2qPe6vHNISBdWMW3noyjaf6
+ CvewOlFHj4vWoIJ1SO0udyL8yliegw2fy4r9GLfwV8RfiLZ2Udx4M07Rk+zRsmvz6lcPeXbNtAL
+ KgEYUrznccYAxzX5ih5ZoY9PG7zC4jVk6jccZ+oz+lf0ffCbVtGm+Aem3F1b2VgbaxhDFYwA/7s
+ biPxrlzGSXKd2V03Nyv5Hk/wACvhL4gsfhN8Rvh3c+JzP4ujs5rjw/eNcu6ROVwCu7rz14r4+sf
+ gr8aNC8Y6hDqmn3t5LcBpItXt/E0rTAEESyeTt2fKTgoT0PFfbXg340+AtD/amu7LxF4p0PT9T3
+ Spa2U8224h2kjEn91jxle3Fdr478e6Fo/wAL9c8WeF47PW8W801qrqfLYlCznryoOT77a8uLaml
+ 3PbxNKLjp0R+JmnWSwWGpRXDIzRyr+7XgL1jbH4449q5V4zvOONvykelP0XxC2seL9ZXC7LsSbW
+ PVpGkzu9PvHNTFGEjKw+YEhvqP8mu7MVrFnhYJ3vEqbCBzUW0FqvshPao/LGehryjtcUViv7vAq
+ Mpla0DGCO9M2deDVJhyozsYOKbsNX2iA5qPZzVXJaKZUgdKKtlRRQIvjjpxRgEHjmjtQvy5JpMt
+ kDgenNN25XoM49KnbDPmlChVPrU81kKO5p2uqw2XgfVNNmGw3ki/vPZVPB9s/wA68OzvSOFwXKb
+ 9pbnAJyB+Feo63BHL4Pv3aRopbdQ8ZA46jivJUvELEyod4PzEHGe9fRYB3oo8fFr94z1P4TeGLf
+ xJ8ddHsrgr9nQmZyRnew6D8Otfrx4e8TjwFoOiXOvRmfw6HAjkRCwdx90FR2Bwc9OK/JjwVJaDw
+ rZ+JNFv0g8UaNqAku9P3Ye6tjwXjxyTjqnscV+iPw4+IOi+L/Dun2U/iK1iupABbujBjF6Ag8fX
+ vXFmMW5p20PZyiUeRq+pofES6+D3xB1m61q78OeIZL+4vFuL28h8H3Ukc7Kc4DpH87HpkcVseIP
+ GfhW7+D19F4WstWh8OaT4blS8j1TT5LOaDbExVWjkAYHAOcjsK6bXfhxoN1p8F9f/ABFuLi+Lbo
+ FtotkMZ+gbn1z7V8n/ALV3jRfC3w4t/Cll4xj8V6rrdmtrqUkAG1bfBI3Y77VK/jWFGMJySR1Ym
+ Tpwk+6Ph/wQxBhmZSDFBHgn7xYjn867twftLu2SXZiT+Ncz4NW3IvriVP3hiCQgHODkHP4dK6xl
+ zIavNKnvJHmZdTvFsjjGX5pJUwTjipghDdsUP0ry76nqWRAqfJS+WPSpEHODUpQ4BFK7Ri4lUxj
+ uKqTLgHH6VoSKQtQSICpq4shozOo60VKyAc0VZm1qWQc00nIp+w+tHlnPUUrljQO9Sd+en5UgU7
+ sUXMkNpo7Xcs6E5IijXks3ofQdTnvitaVGVR2iiKk4w1bI9TMc/ge+t8I5aIhyrZZeQeRXgUqus
+ hWUguDxg9RXoF9cTvO6oxiadvmKcbuM81yN1YCO9fauOcjmvpKFL2cEjxa1TnncqWExhvEkDz27
+ KcrMjkbD6+v5V3+l+MBa3MA1SxaaWN9y6np1w1tcv6FtvDf54rzieF1+8zbc5FEJOCu4gE1tJKS
+ 1RlCUo7M97HjuOSAtP8WPEh0ts/6HFBI92w7oQcIn+8cj271554l8R2fiDU7ddPtZLfTrUtsluJ
+ Ge4vJH6yyuepwAoH8IyO9ckbQgITKrEg4XPAA65qaO3aS8FsjHKLk8dGqFCMdkXKrOSs2er+GrR
+ baxEqusqEYDg/eOOa6gHLV5RoeqPpy8NJJHnE0HdPdSfWu3j1u2VbeUy+dazjKSYAK+oYe1ePjM
+ DUk3NHqYPFwjHlZ0qAFfxoZc54pY2SS3WSIhkbkFe9SKSeCa8iUHHc9VSTV0VVDbuQBVkAhOmak
+ CYbkVLgeWeKi4NXRQkOR0qjI2FPFXpAdxxVB1PfpVRMJqxXIB60U8gAUVrEgsopzg1bitZbhkit
+ kaWaQ4RVHJp21e68V0D6tB4f8AhncX0UI/tO9kZIpcgGKJeOPctnn0FbYah7WokicTP2UHJGFqU
+ NnoloVu7hZbphzAn3voSOlef3lzJPJ5gjCODhETpg9qzZ7ya5vWe4ld52O7eT1zTrbzPNJfkBuT
+ X0tOnGEbRR4M5uTuyhNDNuWRlKFZQeo6dD/OoLuAxyHLbgOAa27oq9vIFPJHHtVO6XzNPV8ZOea
+ sg59ogw2twKpzWB37oDtrXIB6U4gcii4GTbpKLqOCQYZzhfc/5xWnp8Oy+QsMEsSfqTzRGF/tG3
+ D42GQbvUds/rUyBob7LArhs80XHa4XESxX7ShWKD/WIDjcvqPcVYQeRMN2J7acblY9G46j0Yene
+ lfEk5bOM0+yEXmtYT8W87/umPSNz0+gJoQNHT+GtQZL77BNKnORCx6Mf89+1duNrW6yL93p+I7V
+ 47NDcRXXlSb47y3clCOMEH/P1rvPDer/ANpXV1bSHHnL50Iz0dRhx/WuDHYaNSm2lqduDxEo1Em
+ 9DqVYs1OYHFSRKBzjtTpB0NfLpn0bRXEZK9KqSQEc46VorygqvK4B5H61SZE4JmU6N6GirTfMeB
+ iitFLQwcUmTMSykfjWF4tvD/wjFtBkbUXAGOnOa0dQm+x6RdXWcCGJnOTxwK4fxJdb7i3ti2fLi
+ XIz1JUH+te1k0bc0jzMzne0TnzmeA7Sd6klT/OltrpxI6O2eOPrVaKTZOATjPT3ps52XCy4xhuR
+ XtHlmvvGzJJ54qZG3RMnVdtZUUh8l0J5HSp45dseCe1AEBjwxAzjNJgUoJPc5p/HtSsGxTmUFAx
+ wArAls81PJu3lDJ5oXgMRyR2qOYboXXGSVIpkTuYVLMu0jkdwaTAuL90UrkPAUPRuOn60xHw3NX
+ ECysqjBOeg71JSNqeH+2PDFrqccmL6H9zcqP4mXgMPw5/GsazujY+IGuI8rcIplCBcLgjmpNOun
+ 0/V7mzYbYrpOh7OvQ/zrJFx5lzdAlhh2xuPOKGrivZnu9nKlzpNrcq3E0QcD045H51M4BU5zWH4
+ VlEvgSzGQTGWH/jxFbzNhD618bXhyVXE+roz56cX5FUMAMVVk5bmp2yXJxULod3eoRbuQMAPb8a
+ Kl2nPIoouzJo5rxZM0PhURA/NcXUMX4FwG/SvP9TnM2vXTk5HmsB+HH9K7Xxk/Ggp/B9u3N7hUY
+ /0rz1svIzdcnNfUZXBKhfueFmE71hxw0SuPvA8Usp82E9c45/KowSjevtUucKcdTXonEQ20paOJ
+ iesXP1Bwas78Gs2M+Xfyx9P4gPQH/69XCRjOe1ICwrA5p2Ris1Jjjkip0kye1NPQZOTzz6VAjum
+ UAU4P86k3ZqCR/KnVsFsjGKloVy52PTNOim8udWycg9qrqS0IY03G8sMnpS2GauqFfLtbuL74YZ
+ P61iQEG+uOfvOcH61cecjQ5kfB29zWZbhjEMHBI4P+NIR7B4OnB0aOHcAC7DB+tdmRuTPvXkPh+
+ 9+yMsnzMiMGb+tew28sdzZpPCwaNxke1fP5xR5Zqfc97Kqt4uD6EGwelQOpPNaDIRyBVZkwK8dM
+ 9RopsDjpRUzAcUVaZBwXjEfurF+0TSH8SMfyJrz+I8FO4PX1r0HxmpGjQNx/rMDntivOEYiQZ4r
+ 6vL/AOAj5rGa1mW3QYzgdKjZkjKsSSCQMHoKuIqyRgMRjGaz5nhkkMSNuVR6da7jlK0yn+0oJST
+ 82Q3vVhz8g7fLzVV3Y2ob+NHBIqZjlc9dw4+tICmjVaVqpoMNg1aXtSQFpTTn6A/xetMBHFK7Bl
+ wM0wHh/MT92flH3uaWNG8w9RxTEykIZUGxvvEdjVqGRWkwSaVrgU78GPTnH9/Ax61Fb4jti7YIH
+ GDVzWBttovrWTGBNMsLOyDGcgf1pWGaNnqn9nTMZR5lnK375AOUH94eler+DdVBuZ9JDebHky2z
+ nuD2+mK8vtMW15EAfMXeB+9XIqGx1y40zxSf7QEttPDOSp24KqTkA47VliKEatNxZrQquE00fSp
+ +pIxVOQcEYqSxu4NR0q3vLd0kjmXKlT+Y/OpnTJx3r4tpwfLI+tUlKKkupnFOlFWHUD60U0S0ea
+ eO3xa2EfTdIxx7AV5nI21kPvivQviBJu1nTIh/DCSfrnFeczk+SPXdX12BVqET5jF/xpE1zcsB5
+ EPzOepzjFOh3tHskQK3TIHNZscv+nMT1zxVzfdTthGWJAeg6muu5yjpISJiQ3GOQRiooXIi2k5K
+ tVxbZHiIlLFj3LGq7WzxElfmU807AQD/AFx+tWVx61UJw56A+lSq1K4F0Yx1oLhR2qJfmWkZUxy
+ 2D6UwGqdsjsrN5Z6rnpU0cw80YzVUNsnZU+ZMc1KrIWHAoAs6nN5ltGMcjnrWZbxyXMhXeYk9hn
+ Iq1c/Mox024qzYIqINquOOcVL3Gi7BpdtM0aF5cjvvIzWBrEcx18wXDtcCFQqPJyxXqFJ747V10
+ SsMHOeez9PqK5XVHL+ILpweN4UfgBVMJbHoPwx1aWHVpdBmYtbyI01uf+eTDlvwIIr2vaRICea8
+ N+G1sZviUJeqQ2UjMP8Aewte+lQe3NfJ5vFRxGnY+kytuVDUzZFy3TFFWXQ54orzbno2R4T45l3
+ +OWUHKpbqM+/P+NcPLzCcV0/i2bzviDqLD7quFAz0wK5phmIj2r7jDK1KKfY+OrSvUk0YwJEqsv
+ JB5rSS6fpiskttuW+tWUcYzzn3GK1MjVW5I61cjmDrycViK2W5PFXEf0NCYFie3WbLpxJ+hrN3F
+ GKsCrDqDxWornaMfMaWaIToPNCqw6MetOwGeJBgZOKUvkdc01rVkYlSrr7HpTc8ZpAODJ5pDNhS
+ MZoDKrEBsjtUDnBB96ReopXGiV5JJJ4wTtGcV0FuixxgSShMjHIrEieJHDS5wPQZNbUV1Cw/1Ju
+ EPT5h0+nUUWEXYjp4cASPG+M4KEBvSuVuj5l5dsvzZdse/Nb9yYv7Imuo23QxdI5OSgP8+a5xMg
+ HOM8k0AeyfCWBWk1q8By6rHEv5Fj/MV7QVJXGOteOfB7nSdfA/huIx+JSvaBkV8XmtT/aZXPrMs
+ X+zopum0DiirDLk0VxRlod58o6tN5/inUpQeGuZGX6ZrMLYiZj0AqSU+ZcSS92cmqV3n7C4Gc46
+ Cv0KKskj4VvW5juC0zMO5p6SsSAzE49alVQbZD7UwxZbgcjk4qiblgMMcdalVyB71nncjZ+bFSL
+ Kv8ec1LQzTjunjPygH3NTLI0ko8xuKz1dWHyHI9qlBwuc0Jga5eNFUZBJphgilXJYo5744qjE4z
+ nqOxNatnDdahqVvY2FtPfXs8gjgt4E3PK56Ko7k0XGlfQpw6Tf3+q22n6bbXOpahcSBLe2toi8k
+ jHooUckn/8AXXVeJfhr448DatbWXjrwh4n8HXdzGZLSHWdNktTcpgEtEzDbIADztJI74r9D/gf8
+ AfC/wg8NWXxQ+Nc1sPEE0DrbaFNIqx6chwcTDPzyHAz2XGBk8n6d8P8AiLwz8XPh34k8IeLtKsN
+ R+CeqhhDpKIPtOnyYyuq2Dnm3nRiDtXCyAcjLVzvERTO1YCpyczPwx8kwn93JtHUZwahe4lRjhg
+ OfmIUc16l8afhXrfwb+Pur+BtZv7LWhCiXel6zZIVttXsZctb3kQPRXUEMvO11decAnyQHL4NdH
+ McTRJfsYo4lDq4lXIIHDIcf1qknC+9Qu7PdojZwi4AP1qyvQVIrnrPwfvFh8Ua3pzdLi3WVR7rk
+ E/lXvhUFeK+SfCWsDQvijpl9IR9maUQzgnGFb5efbJBr6/EWCwJ5HUV8fn1LlrqXc+mympzUbdi
+ mVI5oqdlwaK8eMnY9U+UD4b1/p/ZVxn/fT/4qqNx4a8QNGwGk3JwD/Gn/AMVRRX6WfBkMPhbxCb
+ OPGkXPT+/H/wDFU9PC3iFpT/xJ7rpj78f/AMVRRQmAHwl4hKhv7IucH/bT/wCKqI+EfEOD/wASe
+ 5/77j/+KooosMhbwp4ljGV0e5A9fMj/APiqdH4c8RgDdpF0R/vx/wDxVFFAFtfD+vSHJ0mdCO29
+ Of8Ax6rVvofiaznjurOz1C0vI3DwzQzojxsDwVIbIoooSuNHpWheFvi98ZPH+meGtb1rWJbZzue
+ 91ScPBaxjrIyqcuR2U4ye9fppaXej/DT4a6X4N8GxR30NhAsct9MfnlbbnLueuTz+mKKK468E5W
+ PYwM3Fcx4d8cdHi+KP7LlzZw2dzN4z8BO17os0cTf6VY3Emb2wUdxE4W4jDcjLAYBNfnfJ4X8Qq
+ Sf7Mnbngh0Gf/HqKK2pbHnYvSs7GcnhnxE0zsdHuic/34//AIqri+GPEG35tJuF+rp/8VRRWr2O
+ dIa/hPxHKDFHpNxuYABt6dScD+Lsa+0rTS9SisYoZLZ3aOJVdu5IAGaKK+bz6Cahfz/Q9rJ5Nc3
+ yJ30fUCw/0WTOM0UUV88oI9v2jP/Z
+mail: Severus.Snape@Hogwarts.edu
+uid: 20009
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=adumbledore,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: adumbledore
+sn: Dumbledore
+businessCategory: professor
+businessCategory: administrator
+businessCategory: counselor
+displayName: Albus Dumbledore
+givenName: Albus
+jpegPhoto:: /9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBQgMFBofBgYHCg0dHhwHBwgMFB0j
+ HAcJCw8aLCgfCQsTHCI3NCcMEhwgKTQ5LhkgJyw0PTwzJC4wMTgyNDL/2wBDAQkJDBgyMjIyCQs
+ NITIyMjIMDRwyMjIyMhghMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wA
+ ARCADqAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAHwEAA
+ wEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIh
+ MUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUp
+ TVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7
+ i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAtREAAgECBAQDBAcFB
+ AQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygp
+ KjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJm
+ aoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9
+ oADAMBAAIRAxEAPwCmqbR86ge9PS4tz94jPpWxPpwYfIv+f/rVg3uiOv3FP1r5xNdyU+5eFtC/Q
+ rVS40VP4VrOie5hPO4+lXYtYb+MA+tXZ/ZY2n9llVrN0+6CR2IqCQN6n3z2rbiuweqBvX2A96ry
+ wBv9Uu89Dx1Fbxfc6IeaM+J2H09++PQVbhUN95fb8K6HT/AM0uDdyCDPKxEfNg+1al14AUDKXKR
+ KOUZj/Cf74rTkfRFXOUES/wAI+v8A9eljI7Y9z6V3On6HpCKMyNOw+/IrY3N7gelaHkaeo+W2hd
+ OqscHfgfwkjt9apUn1aG35HnDS4+7j60wSP3GOwrupfDWm3Ofsp8mTqqjowHoPaqQ8Jon333DnB
+ X1Hv9aynBrp8xJnK7yO1TRyKepP09DWzJokQ6jHcVnT2Sp0I/w+tYqY0ypNCp7gelRLER0wR3A7
+ U+4bA4bPaqQvtp649qtMfzNy2kA64HtVlp07kVjRzbujfQUrQXB+6Gx/OpY7mi8kZ6EU3cnqKyG
+ My/eBFJ5snvQO/kdZEwxwamMCMPmANZMF6g+82KvpqEQ6EenNcXK+hwKD6Fe40RX+7H+NUv8AhF
+ wOq10UOownoy1PFKshwgU9s+59TWkZPpc3jE5uPTHiB2KMdwR1+n1q9YywRcmIebjKxsegH9xcd
+ qu6tMsX3Qq4GDJIPlSX/ZPsK4PxLrShcCaQn/lrjo59V+telQg/t/IpLuzs4viDbScRsFYfeD8Y
+ ZfVjWlNryOuXbqOQOQ2P730r57Or3LP+7V3HTLZOM/3W9q3dNXWJAP7Pllif7pDZ+YD+6f8A61d
+ T82hpdkzrNd1iFcvY3LqQwEwz/qwfVfQ4pdK8XtLHIrS7Mfv4eeh3f8sz/tdayIvBusSkm7RwWA
+ W4cD/Wpnuo7mtAfDDVo4sWcCgE72J/gH+761HOu5p7N9iXwT4skknAd9ijOV/ugDkt9K7vSteim
+ /1Qc5yVX0APVj715PJoN5YAq6z2oP7uW8K56/3iK2vDMl3ZuBcrFKrYZZlfiRO3f+lHMvsslxf2
+ keoXtlDIp2I4bGQ6/wAB9QK821D7Qhwx3Dqr/wB8e30r1GO7hZRwAPugL/CffiuZ1S0gkyI7aWM
+ qxXzMcOWGfkJ9axrQW6SEkcT+9I5U/wCFQf2UznksPX/61dOliT/AfrVlLDH/ACy/CuSU19kfL5
+ mdpmjhcbmP0NdLDYx45K+1Z4yv8OPSpPPZerYrlbfVmdn3JrjR4m6Aeuah/sKP0WqN34gaP3qt/
+ wAJU392rVy7+ZlSwzj7vP8ASoWa5HU8elbckeen0pyaeCOhPbOP5Vun5BbsZNrJL3Yj1JP8vpW/
+ pWospyG3AcIF6uw/ur7VHb6OqMDI5QcAgdx3ytT3OpW0R/cqioOGlOBsB9vetI0x2OQ8WaxOoJn
+ LMxPmruJ/cqewX6Vyduks2GuZWMR5JbrMAekSn+dXPF2rLNLlHR4+qoGyT/vj3rR8N6O9yymeMk
+ 5CD0CL2Ue3pXa9FqEV2Oi0LwXHcYZrSOMHooHEae31r0jS/CtpAo2opPXOOhp+l2UaqAqYGMA/S
+ t2K0VR8zf8A6qxpq/xHRKVvh/4crx26L0XNSqg7flUrrF7e4HemJNCfuken0x6/St0l5GV/JlO/
+ 023nUiaFGH3SCK8n1/QJbZvLaM+W2ZdOlH/LGdewP+2K9mMkA+/Ki/U9awPFOix3cLCIgsP3sLD
+ +Fl9KznHtbzLg+jT8jzLw14nljH+mFcg7CQeSQPT3NdjB4stA37y8cg4HkleAR/dBrybWZvJb/S
+ InVz8yTRkZlfphgR1z9Kz9MW4+aSwmYyJhnRzyYyf4qpLs/Qzfmj6Egtrec5W2RO4CnrnuVqV9L
+ A+5gjuD/SuK8IeMPtK4mRkkHzGP1Qddh9VruorkMBllPfPsR1Ue9c9Wkn9kTXYzLrT0xwAfpXKa
+ tdmH7ynFegtCp7qfQeorB1Xw6sw5X8PSuBwt8SM2jzO51RH/AIh9Kg+2R+ordvfh5OD+6U/QVV/
+ 4V/d/3WrZSj3FY61tKVfvAkegpqaWzYO8ovoR0A9625JI1xkAg8YHqP8AGqt1eRgcK3+yCOrew9
+ qqjH+ZGqXYx7p4os+VvdzhEDf8sVx2X/ariPGF7MSFjnZV+/Jj/lozdgo/xrq7q4+UkhMsCX9kj
+ Pr/ALRrmL+Aq264RZTjeIj0jZumfqK7oIJHEXenGNl3MSPvGTHQL7ewr0b4cagtyWBUqF+eP0Bb
+ 2rgPEAkUEysTIR5MSL/yzU9cD3Oa7P4RwgI2yRd+dzj0GOh+lVX2/AKC1/E9UuLy8LbNNZFXGbi
+ 4I4t8+h9TVK/t9TjH7vXYN/YMcb/+An1rMuNM8TSErpaw2+fnN3J0Kj+4o71l2/wuczK+q6zeXB
+ 6TW/X7S479TgZrngu+nY7bfy2fc6Pw9rl/PP5d5IqOB5kj9ggP8GP7xrR8WfaLJfMspxsJEdzG3
+ /LJm/iQ+/em6P4ZsdOJKFt+AryyHJSPPTPua3bi9065QrI8cqn5Njfx/UU4x096XmglLVOENNn5
+ nmdn4q0mHDa9qlywOVjx049D7V1FnfWUm1tFvvPgb5ZEJ5U/Q+lW7nwFpcqqs+nWzwg+dAmP9S/
+ qBV618CaXEc2lsYmPzTFDgTN/tL7U+R2935ilUXW/ZHiPxW097WVWFurQtllP/PvMOuw/7a81U0
+ u2UhTagDcv7iT+7Io6SD3ORXf/ABe01Xtj5YLFSJQD2C//AFq888FXaOmHOCuQB6hsfyrSD09Pd
+ Zz1Fr6rmRteXIiLJpAETq2LmNf+WLE/xZ7Ht+Vej+Hdegu4xkpFKPkdf7jj1X3rhTM1rKDOA8ZB
+ tbgIOJ4pMcyj1GRV5bB7Vt2nOdpwWBPZe+fY0MlHplu0i/6+MsOof+6f/r1bZk/iGOyn1FZGk6p
+ 5q8L0+WSM/wAJPpWpvGDlsjqvHQGspx8yJIU2yHoBSfZE9BTVYf3hjtz/AI07I/vD8xXC4eQjh7
+ rUlGNpLN/AnoPYe9Z9xctKcJOc9HC4/wBWOyn3Oar6puTLNIM48mFR/EwH9Kx4L8ncEIO0BAf72
+ eOPrXdBf5mhNqGpBWHm7PURnopU8D6ACsnUdQMrp5UqhAfNkk/56SYOMfhS3EQd3Enyqo2xH/aV
+ ecn/AGzVC1sHbaVAVMjzw3WJVPb61vFESZmajKs1zhYwQAIVUD7pUdQPc12Hw7t5LaVhNCEDDzI
+ 5B/G4PRf92uP0qzna4k8hVb5vLZh/yyjLdVPsK7Pyp4iht5cKuCUB+9tP8P0FRWNKG/4HstvdFh
+ gxKw6EH+H6Va8u3Tkxpn1A6VgWepjYp3KAQCWz6/4VzWv+O1OVtBIwGUklB4Zh6EelTCa6/I2cP
+ O3cxfiL4w1VsroxVQzY3qMkovHP1NcLBqWsqP3WpXUcgbY6gcOy9Qc1p3mtN5oCKxbAVIwMkvn+
+ FB7VrLoV26HfpN8Gz5xb0z6DHepv3jfqdEYSf8N2W1j0Lwt46jlwt/cozkAowHVtoyPwNdk84I/
+ duCOxHcV823V+8Eqm0kljIIDxyggwn1wfevT/AAp4suWULf7QfuKD0J+tXCff5GFWGuy8yT4jwK
+ 1vJuJJxtUD19hXiOiK8BzkFWGwY7MD3HtXs/jdzNHiEA/xFCcbgo/hb2ryK502QKDbhjgiQKeuT
+ /eopvczrdDtJj9rjwowx5KA8zBB0U+45qzpl/PGAt3CGBGcN2X/AGc9j0rD0TUg2N2QBgHH/LAq
+ eoPsa6CW2knH7xQCMpHLn7pY9D7EgVRDNPQNVjXJiMigHyp0P/LJc8c+1dzBJj6H7pHuOxrznTp
+ HG7yrd0lA23EfXz1UjkEe1dpomqJNH+7Y5HymNxymPUf7NZtBI2VQEfP16fX8aXyU9qrG4YfcGR
+ 2I9Pp7Un2x/wC7+lYP0M7Hlmu3TY+6R3yO+R2HvWDZEqCzbUUnahJ5Kg/witTWpFYjfls/PtXs3
+ 49gKyvI3SqoZQFX7RLgcKzdvrXTTXcbYzUr1ydtoCqklpJc8yyZ9P8AZFF3fxWsXyyZcDMgbpls
+ 9QO7GiW1jjAywhJ3SzKT8xTHr71y08r3kgWBcJniMfxgetaxX+bIf/DHUeErBQN84ZpGzMS3A3N
+ /e+grqLoxwoBIxkkOFAYfcUjtj2rN0+2lDIIdixqNzK38QUDmQ/7ZrYMAcFpozgAyp/005/hHvW
+ E2dFNBHqdxgLuCg9QfRf7o56Csq7s8nFoYk/jaQ9yO4B9qnaaWQ/IY4sfIzY5jT2JrMtd0r/POZ
+ FBKyAD7yKD1P+1ipS7Gjl3Ok0WexsgWhtoXl5kaXA6/jWzb+N5pPvLEOcMwHQe4+vtXljmeWZt7
+ OoxtEQPAG3+Af7NFvqNwgwZ5C4P7gn+Je+76Cmk+/mDl/kd7rM1vqCnzoohIuWjYDnen90//AF6
+ w9I1DBxM4Zh+7dCMb/wADVWPUCQXjYHgSTOOAzqevH97H41HqmpQhg0e6NyfMYgcSYHd/9k8VLi
+ Up9/Q65b1pVPnEBQMKfQkcYrnNUWOJTlIxGVEZ293VuoA9RirNnq0bpgsASAq8dSB0kHsaqX1uw
+ jICAgZTHoj571UDOf8Awxytrqb28qEhWjf93KR0Yh/SvSba5VIx5x3Icxqf70btj5f91uleS39p
+ LGOhYAh4gf4WI6j2bFdNZ65JKq4aTZwUYfwM3P8A461dEl2MIPudgUMT/IxSTJCtnt9B2cVr6Rr
+ gWRfNiCE5V2HZ0bv/ALy8iuLstSmmx5pxJn91IPTPRsV0IQbgd7AcMJF/5ZtjqB6AmsWjU9BZ3Q
+ /uxjPJI/i+lH2ub1NVbGZpYx55G4HaWQ/fGOoPvU32Vf78n51DXYzfoeX6jNCrfvFWR+Nkg6R4P
+ QE+p5rMBRAxkkALMFdl67iQPlPsapQzeaowkpYnG04wg9j/ALI9qnlNuoBaUMM+THFID8xTqQR7
+ 1tFEsqXto8zEoCgYi2t1H/LK2VupJ7yH8au6Vo0Nsc3CxRrj97P1Mq4/gPvVu1ij3EyBOAZPLwM
+ hwD1P+feqWoQzuAJWfPDgD/lkSe/0FNsEu5rWOpb+Y44+T5bKP+WKL/f+lI+tSx8RtjPAz1O71+
+ tRaTbwJxGxCDLBm/iVR1Y/7VQMEDk3CfLwkMOcZI7kDsTisjYsXcR2YRG3Y+ZieZMDs3+zUdlCq
+ f6tst/qkkbo0mf4QP73NSw3EucugkdvkDnoiA8hQfYfWo4vs8THzSxUg3cO4/6uQ4+79KF5hfsZ
+ GsLKrq1sVSRcR3St3Rjwcn06VdtjbzoxNoqSZwVH8LKT6+p/CtS8tVc74mMqEeS8PaRccbRyODW
+ PbX8Cs6SRiOQ/Mbhf4WIHDJ+HtVkFZ49oxuYDmUr0DMM8Oxz29sVUnkPO1hIDjajdsf3lH+NbN/
+ Y7QDs3nl32dAGAzn/dOKqvaI0YMeVbAVePvLnnd+FL1K9CGzuYom6gbgVUdgRjhfr0rTmtpGB2T
+ kxsBsTPO/0P0rnbuNYipG9wR5ygfxoT0X/dIrTh1guDvVgT8zj/AJ5BuwH0pNdhp9zGvWdW2TqQ
+ uMR+wH+160nh26WJytyxA++D2257g+ta9/atMMxPFI3URgf6wKO3vXNXryEhpCyMMRoAP9XsH8a
+ /7P0raJjJHoCWaQnhW8pickdSP+mbf7PWtm1Z1AEpLAHDN32t3GPWsXwlcNdQH7QF5Ozaekbxrw
+ VHuau6TrkcjsCjkjlUHePHZvVTWbRqjfsL2aIkYyv3oyDyAD3+tXv7Xl/uv+f/ANasYyJ2Rc5wC
+ Tjcrf4U3zR/cj/77rIfyPP9IkcsVlkGTxG2c4iU8nj+6KjKm4ckupUHZbr0G3sAffFVdDfeJHkk
+ l8tQIFJPJVz/AAfXFWtO+ZhxEU6IM8Kf/rV0tHOmbME4MZYxbXJ8tWQcuijrg9N1RPeBmIuP9nI
+ H9xUGAx9yauNqUUSt5AXcV3LG38BPck+p6Vg2N9LISXBbnAyOGyO4qC0bT6qsZISBApAZSOeQP6
+ 1jS6gQ+fLDE5SNexf/AGT7CrMTLgmYImCZAn91m9QPQVl2emC4YlJURM7wzHiMk/wg+tT6lPyOm
+ 0G7cj99A0a58zy+p3Z9D61pXunNKFwEXBzg9ULHox9hUWl3FrAmLWZJZAfnlboUzj5P901oPhgM
+ EAnmRyPvD2HvWUn2NEQW6NbrhQMghuOchjzj6iuY1OK33b4sgZ2mMdXkB9R2UGu4s7bnEkKkH5B
+ jqqgdfzrlNc0OGJj9nuSikDy4T0XB6p+PWrpsiSIoLhTD8jnzQTJb56iNeu71qw1w/wAgdRnGCx
+ 9T6EelULexi2AM6hM7fMU8q3covsK0vNBb5QAFGPKbqRnAIb6DNU/II+ZnXcaTAhYAJFyE5+/Gf
+ 7vv17YrLhtnQBkZnXpMp6op9f5V0V3BHwYkQnlVkHfJ/gI/umseXU2t3ZJeQfkZv7u5u31NOISL
+ siSbf3CMcYMZA6Fh2A9BWbq2gM+XtyOQZJR/dIIzz7Go/wC0JkY+WSxU5Az1THULVubU2eP5EK5
+ Gwle7Y5+X2FVFP9BNlLSNUntwUfIP8eO3bt6V02kK8nMb4b7kmP422/0NcrGpXBlAbGTOT1QKOM
+ /7wrY024hABsppU5+cNzyv99R2/lRIIHXm2lZVJJzjY7j++PUU37JL/wA9X/KrVlMkkYZ1Xk5dA
+ ej46q2OjVN+5/55n/P4VlyvoaXPINMuY/KKjChmCnHZlXjP1NTWlxLuwIv9gqOgx3NYcJYKRk9n
+ U+hT+6PennUnjPylgxwQ+ehH/wCquxxOJM6OQFxgofUSMTiNQf4vqKadREYPlbuflD46behC/Su
+ cfWpT9+R93QfN94f7QpzauHABGCOoU/eH5f1qOQtSL8l7MTiKeQZ+WVT3C+o9xWbe6if+WbMqjj
+ H94j2rV010EMjuNr48mA+hP92s2x8O3F4GMCMVHAb/AG8d/wAKmLX2umg3f7PqbPh2/M3DJcj+L
+ K9EPt9a6/TtTkUhbkqBnaMdG5/qKj8MaMYogpjRW+/cEfxE+hqe+0tzzBCT3B/u59D7VhUa6I3g
+ u7O4skAjJRAD0RRyUT2zXF+KLHYVyeMYVT1YMP4c+ldX4dhubpEEQRduDNESfnVTjr+RqD4o2my
+ 13xxLuBDqR2B44+tTBdhSfc83MmzAVRsOQAegbbjIHsfyq1Z38rYBiGFxC7Ef3B698iub/teOUZ
+ UBCBiZFPErZ/hAqS0vixIMip0AZyf3Yz/yzHvXRy9zNS7HXuzyqfJVViHyxg/woR7f3/rWNdxQS
+ EfaI3SUAYkHbb6r7EVPbavtQhnYD7km30z/AB1R1G8tmJIlXjCRgdlA5wPc1EUW2UzbSQv+8YMf
+ vMWPBXPY+9bMupYU+VEM4ETHPRgRyDWDDdPIvIUDuSc7FH91j9K1V16NwAn7rALIzLwWjH/LXj0
+ 960a8iE/My7qXe+GAUZwz+uPpU9vc+W2AxwOFI9Meo/vCslbqF3IEpxnKydCOey4qW6lZsbZlVg
+ cg4/u+9U0JM73QddjRSty+0D5kb1H0981r/wBu2f8Az8CuEsld8eWNz4/eKvI6/wALVc+y3P8Az
+ wf8qz5fM15vI5HYc/eLH+8T1IqG9hyBwc9R/tfT6VeAHG7B7DPfd7+x9qbJAcDIGP4T/e+n0rqO
+ IyJLNscKcepqkQynj6fhXSfZVI/eZA/vDsPesw22W6ADGQD/ABfT600BraTaSS2+FxwzO2T91do
+ 612Xhu0WO0XYq7nYsXHpnufwrn/A1il2ZIZ9w3D7RCF6sU6gH6V6ZpfhWS2aJEjbyQC2W/g3/AN
+ +uGr+vMdVP/gEaho0wsaKeJcjqVHb8apJqWQQrbRkqAx6Ka6W/sFdT5cQEgwP94DP8q4oeHrxiw
+ Kkdy390msF5nQmdf4Hv4fPKs2EZf3Rz/wAtQf8A2YVr/FHR7i5snFoi4AE2AM+YkXP7vHQ1y/hP
+ QJreWPzGK54Jf+97V61LEjjBjZ0PysG6KP8A7IV0Un2MKp8Z2jtuwRnvz2xWpCpB/wCPdSfvqTn
+ 73sK6z4g/Dv8Asq6VrNP9Eky0H/TCQDlWNZD2TEHapHdiOw+vvW0mZxRRXVHIw8cYXO4qB3/2vp
+ WXdXO48jk8BR2z3NWpo9vADZ6Y+vr9KLHSw7kS43j5kA/ven4gU0Jix6XPsO2Nh6e4xWRLNcIcS
+ GT0we49jXtemaXazwoYpIlYKcq3VcD0qjfeG7Jsi6gQsBmI4+4D6Ee1TGp3RcqfZnk1pjd86577
+ T3/Gti/XB5UqD+8icd8jkY+tWNe8NJEN1nuwufOjP8GP7rD1qnptwboBHxuHzIT1G0fwmtL9jO3
+ f5Gxps+zo4XgYH94D1x71ofbT/wA9R+tYlosij7m0/cZWyNpHtVjfL/dj/M0co+byKcilusq56A
+ emPYev0FRKB6gdiG9D7/8A66Im7Nj1z2Zv9mlhYfwKue6n+LH4j+tamBOo3n5iNvU8fdH0qg1tz
+ yQoGQo/ujJ7VdzsHylkb7u4nqPbGOtRGdc4IQ9ACer5Pc5oA6L4bpGmoRb3xndCS3BBZDjGfWvb
+ 9VkbzAFjBAGWP1r5vF55Tq1tKyyKRPC4/vKR97ntXt9vrk16qPAEYlRvdf4Gx/EPrXFiV29DooH
+ S29vnllBH3X/2v/1Ux7CEcxICD94e6/4Uti7Ko82QE9/Y/T2qQYQYjbPc59/SuZs6DPuJeVMYQB
+ T5pb/d9/aut0u8Ljlg69Qw/h+prhtSdRG3ygjBC56DjvUnhTxnbeSomuoi4+Rli5MhHqB7VrSfd
+ kVF2RsfEPSRNavtszNjE0e0ZMDr3AHoK8U2LtwWMY4ckjqnuRX0fDrVs6/Ou0Yxtf8AiBHfNeYf
+ FnwmZoo59GtoreRDsukQY862k/vAeldEkvsyMoPvHyPJLqOEPlWUqP3h/wBr0NZ+hXDNcgIvU5V
+ R2I9D7VLdXUZLhnkbgQQKD9/5v4hg9Ky7O6EMoO2RBkAMeqE/SqS0E2ey6Rp8aHJA2Z2ug/iOf4
+ l9q6hLK2mGPKXk7V9Qf9uuW0KQHb9of5W4yP4ivdfpW5e3kkcq/ZxICuVllP8Ay1yOPyrkV+rOp
+ +hlaz4BRw/kzFWwY9oH+s3Dt+NeJTaLd2cpWQFJB8rKP4fx9q+lYdSjmIIBHAL47OT/AENcL4+8
+ Jjma0DEf8vCoOS5PUn0ropS7mNWPY4cyzTYN4VZwAjbs5O0dT9RSfZk/uRfnVeWcD7hkP8OfT6n
+ npUf2o+k3+fwroS7HO2U1XcM7gOwH+1/+qp4o9vLBVHqPUe3H8zTVBYDcR1+Zv8f8mlVSTx07n+
+ 9/n61RBNuHGCvqVP8ACfccdPpUDhRjBBH3QP8ADNT4AA4xgfdHTPtnH9agmjVgS0mD3yeoGfugn
+ 1FAFPzOvXHU89Meo+lem/D/AFqRIAAwTBIcf89QfY9MV5bKcdCuPQdwPoa7LwRKxicZxg7h7gj0
+ 9q58QtDajv8AgepprgHcDuMd8+1WYtYRj874HRfqfUfSuQtJHPUk9xx97H+FST3CrgqcD7w/2cf
+ /AF68w77G7q16jLgE7cZIHp7CuK8NeG9Ws5We2ghkh3fNEzAGBD3ZG9RXR2LmdlGOMhdo/iFWfH
+ ulWIhDXluNwxbyyqeQh/vVrCXdGUl5m7b64kvE0kTAddhHLD3HpV691OK5gkDurDb80YPJZT3rz
+ PS/CMb86FrDxIefJzwze61pTaVc2uBcJcrkZEynhx7NWsJdvmJpf5Hl/iCBo5yEIQEFCoHBX3Pv
+ XP3QI6M3+yD2A/u/Sur8V2JjkUrnBO3BOep7Hiua1BOefoAfUf8A1/eu2mckz1XwdrCSxx/aFjU
+ D5Nw7MPUe9dpe+VvDKHaMjZIv92Qd8/7Qrxbw1rUMIUPkYOSCf5V6NH4ttmT90zOf4Qf4SPSuKo
+ uyOyn6m8jx22NxwpJQIf4Fb1NTw3XmhkkG9Sp3EdPLIP3foK5E6jNdnbOcAYCOf4D71raOZQCrO
+ FI/cxSt3wO/1pQfcqS7HF6l4StVIFjqe1uTLE4z5WD2B/CqP/CKS/8AQUg/74rtNV8C3V7KW0bz
+ dw/c3G3HzEdyD6mqn/CqfEHpcfktdF30kzG0esUeaHaMZ3k4xyPuYqcjaeAegCr68eg/+tUEzNu
+ +Yqf4T+H90e30FNV8k5YY6kHv9fr+NdZxlozj39AB/EffH+JqpdSsD8yr6Eg9M+2e1TA4IwAT/d
+ HYfTn+lRXEh7jHbP8Adxj7o9qQFKRhj7uO30xnp9a7XwPc2saN5kRLE4Yj+FRXFGMk4jAJ9x7ep
+ HatTTLlocAScZ+YL7+lZVVoa0d9T1i1mhGAT8ueCPf0+lRX2lIwOZMeh/HtXNLq0wACwso+8p9C
+ PX60ureM8RqAuJORI3ru/wABXncr6I77+Z3PgyCCSTCyfdHA/wBo+9ZnxZ1RUi8tH/eOQ4jI+7G
+ ppfhVqHmOxYKTjy0X+9k9q7zxR8MdP1YbpZDDchfLgmHTrx5i+xrWnDXbbUwqPzPnrwv4pk06ZT
+ eB3hz+9A7D2/3a+jLSS01C2xctGQw8yJwfuZHBRvevEvEHw41C1ONQtSo6RzjlZB/suKZ4f0fUo
+ WAbU7sxDhIAxwq+wrfTt6ohJ/5EXja1ZlzlSR8oI6FQexxXF3wDAEKf9n6H0+hr07XtNEsTc5OM
+ rn+LHvXmdznaMp0zG+PXP0rSiyKqKUEu08nHoK6zw/OhOJmYA8g/T0rjpBn27/jWnoupFGHmJuA
+ 5I9B7UVY9gpS7npZ08AH52QkB1bPT6GtOJrgNkMCoAuMDu6H+L61m2M/2iPjO3omf+WbL2H1rW4
+ iHyTL0ySf4UHqPavN5vL1PQ5Tds9Wlgkb7LcJGCBI+7/lo5A6fjWh/wk95/wA/8P5Vxd/4niiRW
+ lhC7spCMffRepC+5rP/AOE9t/8Ann/47Xal6nKecOy44LLnlQR0H0/+tUhXI5wxPBx3+v8A+v8A
+ CoEjz1JJ6k/3Tj2Pr71fhg4+8BjhU/vFh2P/AOquw4hjqqdiB1Ax90D+706/Ss+ZvZfZfT6nHar
+ c0nZQM93XsPcAd/rVOWUDklcAblPPzN+frSYIlE8cKndhpCMAY/1eauaCm912qrHqA3Y+30rmp7
+ l3PzGul8CXiJMBPFuU8Rt/ccDt9RWdRaGsGd5a28g4u4yQRuR/+eZH/wBam3WgQOMlVduoB/2fa
+ ugURum6Ffm+6fdfpWfuXPC+xP8AgK8tyfRnoJeRX8Fata2k0gu7qK0zGfskjED95uHC/UV3Q8b3
+ kIBie2njxtYg/dAH8RrwzxxhpF8kEEDgjtz7Vn6bf6jnEUrBPusvtXUoO14ysc7mr+9H0Pfrjxz
+ a38LJJatIT88bN0SRe8Z9VNYtvGq4wqdcliO3svtXNaNNKqjckvGCY89P90V1Vj8wywGewAxkn1
+ z3H0pO/V+RWnRDrmCNlwY0ycjdkZA9wfWvIdWsVildWXPPmR/T8B2r2UxM33449vQg9XY+ufWvM
+ /GunLBKpiTCkeURj7pHbNaUWZ1UcY0fXhc9BkdPp9KrRrtYYJ64z6g1qzCM9mx97/dY9s4FUJVI
+ I3ZGOc+4NdRzHp2gagtvGPMiEnRQf7hI/wAKz7nUJy25wwXO0Rj+ID/61aGiTRyKc24YA5kT+6M
+ DlfrWZ4g1a33n7JGYwPlEY/gH1rzreR6F/Mq6lePJjzGyg4hjA+6tZ/y/883/ACqhLqUx6jA/hP
+ sPSo/t0v8AfFdKiznckWrOzOMyR7e2T3x6U25vwD+5IH9445yffn+lX7n/AFfHTqR68jqKwLgnd
+ wTj0/8ArV1s5EPZgOo9gSemP97/AAqGSJG6njseOM/SpZANvAH1/CoWdv7x9qkZVayA6Zq3oyOs
+ ybc43ANgdAfakY+vNXvDn/HymfXBHrUyKiet21sxyUbHdB/exVRwCT5acg8/7OfauhuI1Ea4RR0
+ xx05qrpcamR8op57ivGZ6SZ53relu8n71F9x/jj1qzpuhoBwh9Qf7mPpWhq4AlfAA9PbntVyyUc
+ ZUHvn8q70znsWLSx45V/xP3lNa8FocY8tmx95mbqB3yarW/A445OT68DrWlaAMvzjdzznvhe/0q
+ SiRNn8ccm3PAJJ6ehrlfH1szQApbgFSJkcnBK57KPT611ijLYIyOoU9jz0FYHjf/j2k9cYz7fWn
+ AUjyi7jJ5jYEZ3HHYH1x6VnzqR7jrn1z6Vdz78cBh6jI6iq10BnoPT8K7GcZ2/hO8DLwwHHlSf7
+ yjuPelTS5JWJZVwf9YWHRh6GsfwkxCnaSOc8V0VhK/Pzt1IxntXFJa6HbB6anOazpJjIyMD7igd
+ x/9esv7J9fyru3RTjein0BHT6VH9ni/wCeMf5CtVIzcQD/2Q==
+mail: Albus.Dumbledore@Hogwarts.edu
+uid: 20010
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=mmcgonagal,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: mmcgonagal
+sn: Mcgonagal
+businessCategory: professor
+businessCategory: administrator
+displayName: Minerva Mcgonagal
+givenName: Minerva
+jpegPhoto:: /9j/4AAQSkZJRgABAQEASABIAAD/4ghESUNDX1BST0ZJTEUAAQEAAAg0bXNmdAIA
+ AABtbnRyUkdCIFhZWiAH0gAIAAUADQAWAAFhY3NwTVNGVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAQAA9tUAAQAAAADTLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAljcHJ0AAAA8AAAACtkZXNjAAABHAAAAKJ3dHB0AAABwAAAABRyWFlaAAAB1AAAA
+ BRnWFlaAAAB6AAAABRiWFlaAAAB/AAAABRyVFJDAAACEAAAAgxnVFJDAAAEHAAAAgxiVFJDAAAG
+ KAAAAgx0ZXh0AAAAAE5FQy1NaXRzdWJpc2hpIEVsZWN0cm9uaWNzIERpc3BsYXkAAGRlc2MAAAA
+ AAAAAGE5FQyBNdWx0aVN5bmMgTENEMTc2MFZNAAAAAAAAAAAYAE4ARQBDACAATQB1AGwAdABpAF
+ MAeQBuAGMAIABMAEMARAAxADcANgAwAFYATQAAAAAYTkVDIE11bHRpU3luYyBMQ0QxNzYwVk0AA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFlaIAAAAAAAAPUB
+ AAEAAAABHEVYWVogAAAAAAAAdmUAAD4pAAABVVhZWiAAAAAAAABeCQAAp94AABWgWFlaIAAAAAA
+ AACJnAAAZ9wAAvDZjdXJ2AAAAAAAAAQAAAAAAAAAAAQACAAQABgAIAAsADwAUABkAHwAmAC4ANw
+ BBAEsAVwBjAHEAgACPAKAAsgDFANoA7wEGAR4BNwFSAW4BiwGpAckB6wIOAjICVwJ/AqcC0gL9A
+ ysDWQOKA7wD7wQlBFwElATPBQsFSAWIBckGDAZRBpgG4AcqB3YHxAgUCGYIuQkPCWcJwAobCnkK
+ 2As6C50MAwxqDNQNPw2tDh0Ojw8DD3kP8hBsEOkRaBHpEmwS8hN6FAQUkBUfFbAWQxbZF3EYCxi
+ nGUYZ6BqLGzIb2hyFHTMd4h6VH0kgASC7IXciNiL3I7skgSVKJhYm5Ce1KIgpXio2KxEr7yzQLb
+ MumS+BMG0xWjJLMz80NTUuNik3KDgpOS06Mzs9PEk9WT5rP4BAl0GyQtBD8EUTRjpHY0iPSb5K8
+ EwlTV1Ol0/VURZSWlOhVOtWOFeHWNpaMVuKXOZeRV+nYQ1idmPhZVBmwmg3aa9rK2yqbitvsHE5
+ csR0U3Xld3p5EnqufEx973+UgT2C6YSYhkuIAYm6i3aNNo76kMCSipRYlimX/ZnUm7Cdjp9woVW
+ jPqUqpxqpDasErP6u+7D8swG1CbcVuSS7N71Nv2fBhMOlxcrH8soezE3OgNC30vHVL9dx2bbb/t
+ 5L4Jvi7+VH56LqAexj7srxNPOi9hP4iPsC/X7//2N1cnYAAAAAAAABAAAAAAAAAAABAAIABAAGA
+ AgACwAPABQAGQAfACYALgA3AEEASwBXAGMAcQCAAI8AoACyAMUA2gDvAQYBHgE3AVIBbgGLAakB
+ yQHrAg4CMgJXAn8CpwLSAv0DKwNZA4oDvAPvBCUEXASUBM8FCwVIBYgFyQYMBlEGmAbgByoHdgf
+ ECBQIZgi5CQ8JZwnAChsKeQrYCzoLnQwDDGoM1A0/Da0OHQ6PDwMPeQ/yEGwQ6RFoEekSbBLyE3
+ oUBBSQFR8VsBZDFtkXcRgLGKcZRhnoGosbMhvaHIUdMx3iHpUfSSABILshdyI2IvcjuySBJUomF
+ ibkJ7UoiCleKjYrESvvLNAtsy6ZL4EwbTFaMkszPzQ1NS42KTcoOCk5LTozOz08ST1ZPms/gECX
+ QbJC0EPwRRNGOkdjSI9JvkrwTCVNXU6XT9VRFlJaU6FU61Y4V4dY2loxW4pc5l5FX6dhDWJ2Y+F
+ lUGbCaDdpr2srbKpuK2+wcTlyxHRTdeV3enkSeq58TH3vf5SBPYLphJiGS4gBibqLdo02jvqQwJ
+ KKlFiWKZf9mdSbsJ2On3ChVaM+pSqnGqkNqwSs/q77sPyzAbUJtxW5JLs3vU2/Z8GEw6XFysfyy
+ h7MTc6A0LfS8dUv13HZttv+3kvgm+Lv5UfnouoB7GPuyvE086L2E/iI+wL9fv//Y3VydgAAAAAA
+ AAEAAAAAAAAAAAEAAgAEAAYACAALAA8AFAAZAB8AJgAuADcAQQBLAFcAYwBxAIAAjwCgALIAxQD
+ aAO8BBgEeATcBUgFuAYsBqQHJAesCDgIyAlcCfwKnAtIC/QMrA1kDigO8A+8EJQRcBJQEzwULBU
+ gFiAXJBgwGUQaYBuAHKgd2B8QIFAhmCLkJDwlnCcAKGwp5CtgLOgudDAMMagzUDT8NrQ4dDo8PA
+ w95D/IQbBDpEWgR6RJsEvITehQEFJAVHxWwFkMW2RdxGAsYpxlGGegaixsyG9ochR0zHeIelR9J
+ IAEguyF3IjYi9yO7JIElSiYWJuQntSiIKV4qNisRK+8s0C2zLpkvgTBtMVoySzM/NDU1LjYpNyg
+ 4KTktOjM7PTxJPVk+az+AQJdBskLQQ/BFE0Y6R2NIj0m+SvBMJU1dTpdP1VEWUlpToVTrVjhXh1
+ jaWjFbilzmXkVfp2ENYnZj4WVQZsJoN2mvaytsqm4rb7BxOXLEdFN15Xd6eRJ6rnxMfe9/lIE9g
+ umEmIZLiAGJuot2jTaO+pDAkoqUWJYpl/2Z1JuwnY6fcKFVoz6lKqcaqQ2rBKz+rvuw/LMBtQm3
+ Fbkkuze9Tb9nwYTDpcXKx/LKHsxNzoDQt9Lx1S/Xcdm22/7eS+Cb4u/lR+ei6gHsY+7K8TTzovY
+ T+Ij7Av1+////4QCARXhpZgAATU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAA
+ UAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABIAAAAAQAAAEgAAAABAAKgA
+ gAEAAAAAQAAAJagAwAEAAAAAQAAAMgAAAAA/9sAQwACAgICAgECAgICAgICAwMGBAMDAwMHBQUE
+ BggHCAgIBwgICQoNCwkJDAoICAsPCwwNDg4ODgkLEBEPDhENDg4O/9sAQwECAgIDAwMGBAQGDgk
+ ICQ4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O/8IAEQ
+ gAyACWAwEiAAIRAQMRAf/EAB0AAAEDBQEAAAAAAAAAAAAAAAAGBwgBAgMEBQn/xAAaAQACAwEBA
+ AAAAAAAAAAAAAAAAwECBAUG/9oADAMBAAIQAxAAAAGfwAAAHnb6JeUNlx409/RVGLscewl3FfHS
+ 7Tn9apGeF/qJa8jAM+kCgVGmAdkAAADyh9XvOeyob6HT0KRrWZbF3suttsCtSu82voFInyB6Tkz
+ siw22mu6xGsLU9/AE6wAOf5AzS8+2ZuJpburS2rj3sa7alOsWjBsc/n3O/wAjXC4BW4AHv8AAAE
+ IoOejfns/Gnce1xV3vxYKpdrYnIeLPuittSk4dJj/pSNRTsbQ0eV43rhoZCWe/QUCqLaqDD8qkY
+ na4IvXwbUlcXSYuc0gexg7SeSfN2cfXRLauS3lsrPto+jV9Dz3UmxGyTGjH5enPHz7OxDaNIbeX
+ vJ2mktmrqbGVT3kk0xC1xdyWKG4DS8v0D3RodpN6FIJV6CwhLztnL2K+zitY6mjuof5oHoSbudE
+ rnv61G3kpTAo8lbpHecJbxbE7+43uD0PZaZWNFk6z19NpVwjXprtkH3finhASYHP28Ng1yh1Cuq
+ 1OiMa8ltw7BZdUAAJpAafUUla2J5vLTXP9AoE6mtgpsPG1ziymTCxio4+7jMXJCOUrKVWpsl3ug
+ A7CAAAAIJekT5hcGQLD8z1Cd4XWb8WpHNj6ntPKXKyZ/T04JqSR89pXuzyTEuZeo/ADsQAAAADT
+ EQJYbR4tDb5lbaltgMKqZNbc131Eg8xEvSH5VvvyGK0ZRmo5zWd7JeczUFZjxlSWKKaWKwWwtLL
+ SAWtfZfZEXFAAAPcjzD0mbsm7HgsXbaw2WxGXHTHE69oMZW0AK0qFbagUvsuCgAdKgLXZYETW0A
+ MYTOCoNvQAC8IilAgpcElAA//EACsQAAEEAgAEBgIDAQEAAAAAAAQBAgMFAAYHERIgEBMUITFBF
+ TAWFyIIQv/aAAgBAQABBQLt4wHrLuDsX5wc+cZoe1TQY24qTJdS2hZ4f18RpnT8XXYvZ/rqrbEu
+ vO0/amG1fj8Jabxq1QR28Qh3QcWH4vZ1O5pgB5EMmsb+QLG/edbHiveMQ0S2GzbXtUjAK+Hu4ue
+ k/nr0917U9ljJkhnQ4xY2hEIvm142EWhhA6qq9pRUAVbsdmtxt7sXw5LnLwhFmmRrRYsQ+SNHSv
+ fJ38V7d0NTL8uz5zpxc9O/o80aHJiZp1/VxbDd+Rl+fL54vJMc5MSdzMcqudnTjYHvxQ5UasTkz
+ pXOle7iqWrNOexGrLIiY5yquIxXKBrVpYOH4cko2TR4x2Op3wIgsjYyoImki0PnBXGjfiOHz+aS
+ eN3fV9DWbRspl/bTSqqr4VdKdbG61w6FCZLCIFARPI+J71845WeXY80avWqV5J4j1NczgQbKyax
+ 8Nm3watSztSTj5pVcrl5r0q52paN+TfW1FbVxzzrEI8hVMU3yW2rmPjeG6fLCtnGCZMM87WgBvy
+ O+DQ/1JJz8233Knqsv91trbJSMe/njl8NcpIJYQbMCF4RnWw6y8/Y3smOu74w6G8ryzR7BXzMKT
+ UybqLY9SpKFKjr/AKzsICA/+epUX1BB3PJJlcrlx2LjG9TdaHhaBWxshslNQMd1k0i1UkglbN56
+ YF6X0mtrBY74cR6Ck3+0FkNBCUXT9xBfPVgaXWxuei4qLitxW4rMiZyi1WbzA5PTsWUhFjiIaNa
+ i2ETmvs2yNPchUnDuOL+cua18W6RK/jjR7GLe8XZU8zYkTLXSthr5JBCGOUYhcbXmuWHWL8pBeH
+ G2kYHw6uAQ0jj8wg5IR2kFE21UksexTSexMzlXRYokpqC0bZV21Usd3rIFcHqllVkuIiantnJM6
+ U7bsf0Oy+zlkjhbE+RIXyGY5ksuaHKNHtmkxpVy7nb/AIzXyLQiysaeLoga3/PfvoXTeEETQ5KY
+ U+CWYuR8DUTCXo03RI+e3S3slPPxFliXXKdHyHAt5Rs+O/ZKv8rq8ic3Ogj5zMjXHSdOSyPmLgu
+ m6xooBkztl2vZDbja6tI3GhKnRGv+f0b0GEFtbntwiRuEENa91l5cc5UxJAxrhWMe71IGxzhZS3
+ cZIIxqOZ+jiYck3FtbQvolLnkxfnw+65vUaQ9PyFTYkjmj7kMNL37hs4+sasWRJMavamecqQfaP
+ Vj1cvV2c+SXXEHWqWW34u25OWdtYWxr15ydv1iZ/wCvvHvZGy233WKh97xfc5lnumyWkPUq51Yq
+ +yr79v12Xl/W69T7buR+z2jnqmc8Vc55z9l7vtfH6+932STYdz547wVfF3x99ifP32OXm7t+3fH
+ and//xAAnEQACAgEDAgcAAwAAAAAAAAABAgADEQQQEiExBRMgIjJBURQjMP/aAAgBAwEBPwHayC
+ MARDpkMVyntb1WdoN3GRATX8mhd2+In8dj3c72Nk4gmZz/ACcGPeLWo9L/ACigmCvMTQXN9RtDY
+ sInPrvZqPpYo/ZptO1hwJRSqdEHWLWcTUjh3l4Bfp9y+krsXss+UVcRZpbnBRUTpF4ZzNXU78Sj
+ 8f2XWjy/2aMF7QJ4sKhZwrMFbQGAwZM8NOUxLbRhR9yn+xfdPESOBmkuFFvJhnEHV8+nRPxslSl
+ hmGx1bE1I9pE1a+X7jKWz6VODmaN/MXkJqGFcs1vfEtud+/aaRivQ+kmV2OvYxnJPXZhmcYrsBt
+ yE5w5OwGw3JzuP8hufR//EACYRAAIBAgYCAQUAAAAAAAAAAAECAAMRBBASISIxEyBBFDAyUVL/2
+ gAIAQIBAT8ByWNFYjqLin+Yya+S+yxhkIj2N42l+hNKjueUfzmo2jTTBT/c4jqFifUfjGYCeQxs
+ Ug7M+rBgqxd81pfLRmlWoFlSpfuEE7ympMp3A3lJ7nIBU6ha8aPTBBJMZCJSZd77xafOYhV0zDX
+ 7mqWhm0xHcCxl09TDDlK66ktF9aw4wrCNpRPIROa2EVbepF5UUqbRReJQiKFErWPXtUAMAyU7y+
+ 8IGVptNWQGQzY22l/uDvM+n//EAEYQAAECAwMHBwgIAwkAAAAAAAECAwAEERIhMQUTIkFRYXEUI
+ CMyUoHBEDAzQmKRobEVJFNyksLR8KLS8QY0QENQVISy4f/aAAgBAQAGPwLmyOTxWxLSts7LSz+i
+ fjzClCgUdlQqICVsIW3rSldIbezq5CaGCljxwhqRyg825UUl5kKqFeyT8vOZaJNza0NJ7mwfzHn
+ XWqwlUuo39ZAwUN4hlqbeKgbm3F+qeyT483MzeVmC/WimmAXVJ4hNac7LgUKW3Uup4KQn9Dzusf
+ f5FNtlxSCg9Fik92uGZGbBygxZSGyFG22PaJ8YrPT6Mnrs2rD2J4bYWxkKRU+rVMTeinuRie+kL
+ bdmpyYZINplno2gN4H5iYs5QyqlK9bUk3nLJ36udLZmvK+RDlOzrGx+fn4AiA40c2oCmiKQ2024
+ tCAdBCLsTuvi3NPpkErqauqoVd2JjQaXOOWes9opB+7r74Syt05lIoltOikdw8YvPNfm5pxLMuy
+ grcWrAARlLKZCgJh8lAViEC5PwHx59pKdDWsmiR3wS6pT52N3D3/pChLBMuDjYx98FSlEqOJref
+ MSORG7Q5Sc+6fZQRQfiI93OtOFLKfb/SKIbz6u06Lvwx0iyobNXu83kafroFtxim+5fyB8l/kvj
+ owEHta4qSSdvl0RWKlNIvFPMSUgGrXKZkKK+zY0v0jbF3luEDMSrpG2kfXHSxwFYtZxt9IN+jTv
+ gjQTQ6oUDyez61pcAtZkbQTdGDNsKtWrVdGlKU43wcpyjc6J6Spn37ACXUkaSgKm4BWvZBBxHM5
+ ROuaR9EynruHYB4xyiZKWmUCjEug6LY8Tv5galGVLvvOoQl6eSmYmNhGEAEttDsi6KsSztNSyaQ
+ 4HW83MjrN/ajdvjOoNQf2D3iLbaRYV1qY1gmtVbCIazEmUqUaXqFnGJqZysXip5OaSGFaSlG4Gs
+ OuNtJZSo1sJNQPK7J5KzU5Pi4uG9po/mO6HJqbfcmZleK1/LcIv8lAITM5QKm2OxthLUowlCQNk
+ GwQk9qAUtqdUfXOJir3wvhLzRBIwUNUFaKVxUnZXwhQdbVSlUKGuENslxtsjTtIvP3dsfXFuNuW
+ dFRJp+98NvSwbUxL0dSxXRdg1hTYcM9Mj/KYvpxOAhbWd5FJ/YMKpX7ysT8IoLuYmenXUNMYgk4
+ wlqVmMOyY06V27YlpOqizfapr2CFyzb3IUIuU4E1PAaoVJonJq2lSkkKArcRZ41EPS7y0utKTXS
+ uKd8NqQ70qurfGT38sTrRaaTosy7di0D2oTNpQQ0lJUO3cMOMZan35dPLGLD1o62jcpPdeYymjO
+ hxwp6Cqr7OyF3XVi7m3Xq2Q09lG0pDSC00lSKhs9rjAdcm5VTbTdiyiunqqRtgNobmXW0ioN13x
+ rC32nRT1Va68IS809mnD1raQL+6OUTL8vydI0nVppZ74dWlxr0nSOLracVT5U1xLSwWFWdJVL8I
+ dmEt280nqiJrJD1pxbsg0thIF7btslJ3QymYKpv6USqWQyBSiR60ZFyXJuWXEXkD1brqwZibl2V
+ zC00UEi7jzlho1cxNBfSH2nAClLtfhDSritCwpOq7XDqkm4m6HFWahWvZCltrKgk6Vm+kJTm3im
+ tepSsWphDdkC5uCoICUpQVXDXBQoVScRDqZcIt8kZtZw6PrX8KUiWbR/cJJjNyqtS1eseFwpE25
+ QekKSfIq1kx2Za+1lekHu63wiyqTn0H25RwfMRdLzSvusLPhGjIZRVwknf5YBl8h5Vc/45R/2pA
+ V9Hsye+Zmgkj8NqJiYmcqSkyvN1zLTSgSfvV8IqbSz7aqw4gsneaVhObYssE6S1XXRMPCol7FD7
+ UG+FXxlXKSqJ5OioUF38afusXGpQBUwuRtNsF95vOOWbykGtPCHRywFsINkqpjBWrrLXbVzMBzZ
+ qX7Lps8MRGlfBspEWd0UrUaoIJsDXDskW+jm5RbLtVek4jd4w7kxbudWjrLJ1/0ESykG952ymmJ
+ 0SboQylCs0oUK1YwkeZlZxI9K1ZJ3p/8ADBCG676xTQTtglS08bMUXVRMD2kwZ5Q6KWbKidhhbK
+ TnMqz0x1fskqVT+kf2bl1VW6pSyyoGlFBNK/GE51IC03K3mE+ZeaQKzDfSM8Rq74NrvrHVP4owo
+ RtgqBviqAahGEBKAn6UnhbQgi9tOAUrw2xLzJtzL2fCzU1KjDaSMyzJozMu2FdXWTXafCA62CEm
+ mMDzScw60HZlvPLlxim+lrgfJcYxhkyiXGXU1tOlypV3YCFOvOLcWcVKNTCy0KOnBeyA5eTWsJF
+ guVVf4w26FUtYjZujHzM8qWfNWG22qjUQCSP4ooVpXxTGk4e7m6qG6+HtYFQmkNNNrIareIWy65
+ RSLq6vMKfJCp56qJRrtKpidwxhx11ZcdWoqWs+so3k+/nhCRZOsjX5ApJoqCSTU82phxhybM7OJ
+ F7Eqm2eBOA74W3kqVl8mNHBxfSu/wAo+McoyjOzM69Slp1VabhqEHzlpakoTtJgtvZRbmJgYsy3
+ SKHujNZAk1NH/cTSfkmvzgtzmV5tTRxbbObT/Df8Y2J2eeVOZReDafUR6yzsEKKiuXycn0Urau4
+ q2mKYDYP8DMOhauRsqLcumt1Bie//AEb/xAAoEAEAAgIBBAEDBQEBAAAAAAABABEhMUFRYXGBEC
+ CRsTChweHw0fH/2gAIAQEAAT8h+lnsX30NrqL/AOpv8jVM3tkBrxkPak/mNRLwXhGRHfBAvyx1c
+ 63v9O1ECdvzXwd4/IGhHaMoAyL+uTRxvfeVnxa4P6y8fQoioBtYpHtRPeKvb6mpeRCh+/25s/FP
+ layvlRO940zkpm2Y3xYyOPzBu58qmNt0nLG5oPEddYpdu25SyKCdWw/qYFlxVpwkP5Uftv8AIaF
+ XsH1NGv8AUXmvx7fA3juJz8OncefyBcCsiXIHdxiytGNmO53lUlI+vvDN56yy9UDugc+2YXv0C4
+ MQ/dKexrRwfS3WpqGtYFjCKwH2xNcKm8/fGWXr3MCVwTCkX8lGImCRps/d7IB79I5nd5/EabGRP
+ kdv6AiIvDfcKnwusar4poFzXO4Aa5cBCre+8V8bMbAv/KP+phANLTxoS7bcv6X8r2pR7w1OTE6Q
+ DUA5ejcv7NsF/fxEijtNr7iZ1LOibx7iXfnuxFuo5eJg97gvHtwREacP05oxfR/MtPFy6uXWLIr
+ m/UdpUoqMuYfbIQzhjMJVFEJSPSJwfkXn7TA/gvJ9o417tF2RwnmE71+/JVdzfERUy1sHVsCwdP
+ VAbSVX0JceTJ/2VsHLL6jXhG1efF9gBtXVNEyyxM4jLdoJDZemYTqyI3PRM6Ech9O4tyGx1y9le
+ OZbhO0nKf2E68rR/giCXmm1UH1NahKZRe1xTn1tjS3pct4DtK2rWiTA9PlcQnp1Zpw9D5Sb34TN
+ cA0HAYiFXxFZYeCURtGhT5M3MOAtxMZqwteY3sP5S3R3lKVYqlQlaNl9+kUYA4t5OOtrrpLlLQL
+ Bv+okPNrWrDTqxW4BVa129TJVbNINw+GYOaHRmudMwaFHZzHcR6pZ0X7F32jK38XqfR4SnZmPCD
+ AHEdNty5lLbKcLBR+6LrA7w/8AGLnUljKrMjAovj/Ixh+Bl3k3BOrcZtDXNBVWDLZgqY72mQvh3
+ li5a6ReodRl4NoW11T+JTZYS1Y1ebVRznpMTYWK43XXiVuyOdFc7Vy3i4vU0cY4hY6mqwRpbFYs
+ TeWoWzA3Anb3LXrrDrkhno7g09xXl5a6RFSg2TwBoIlIHQoLkBmys9JsKVI9wC/ay8G/NnV4deY
+ daHkEFAvKeTGK3oXXfA/8PEtoAIHGpa4BbI28MN9osUyElb32FeyZOzyiRW94QsNNLyDq8yxmKY
+ vytiF4KC5h1pq4W9k9ZH7woFKMbNu39TP3yq0RTuxZLy3+JS4VQ39GobSQm6Q3WZRUZdn2/aJvY
+ AsaH8w1R6TklzkMbItXQ5IqeQ21Wn0Ow7kMFKuNrTMcQi9thX4VbtKblsoYqf7l4gVZOhEGQ3rL
+ ujVcJ7rR/KC/DI0536LgiVmlPymto6J7hbtEUBtiZvd5hXj7Z+8PGKe89FLlT9QWoLa2DCeD2t0
+ sUZu13KbmKabV+4PtOdVyKauF4Wkrl+epsHzAdF6+hyZi0VHuH8CQLw6GVgNmpm4o4zJXJpvHaC
+ 1VnDPiYCo1mVUJ5VW7XGLETJUUP2GJq3nBgckp3SOpi7FRqeP0ErA6Qu/x4hSCtyoQECp8mWSz2
+ a8SsTeQ3KS7HYZw+xeDB7lUbymxrPemh/xl/dwP2Sfyg2bYG8mWEWplr+hQL/kzos9zcWdBSdoE
+ p37UsM+oXAYANkBJNKW+4BinWZR9uHLsXKj/ALWTbfPTuEI5U6aYVyYL6U7wA/WteazFVuv0gvL
+ 7AVBU6j9x6wWGvvDqhcfKSuOsJAewnTBwDPVeZu56af7pogUPNPHvL2Q53Od/mG4JZNAXHVrjt8
+ qWyiV+i3ujeq6+tU7ZYJPOsEcA6YyzZfMU+CKkRgvovN/tNs0G77jqRr74/mLNRdDZN0/oec9zp
+ 7BZPraE2s9Mar7qX3HmMfna4BhY8oPEGWoBpHUWgNbn6UIgBtZr4yKfY/ImbKD8QwkKSCrHOgAH
+ g+MX1+FzuO/g/f8AHVNw/BQOcII+8aB7Rp7jm8cjcdm37Jo8UzdsCnmEgYDQKD1Npl95kPeDZEx
+ tnPy6/GYR3NYGBnoDlmEkhauxjsaIJWuiUfaBWXc/ByR49QzZLpi8nyQszn4Khh47QcRPa/Y7zW
+ K2DmYJxOkUEPX6R+6cfGJvt8LcXMupdzmXcr4/j6Npm6fjmcR3P//aAAwDAQACAAMAAAAQAAA2h
+ ngAAMAARURs27zPAAGuGyugAAAA405n9N38EEHY8Xv0pBgiqeicGba8aONFRUo+CARRAkCt/NIM
+ AAABIlTOh9AAADgiDGINAC4MOsgAsPXMdnsrHY0//wDv4QAA4oA//8QAJhEBAAICAAQGAwEAAAA
+ AAAAAAQARITEQQVFhIHGBkdHwobHB4f/aAAgBAwEBPxDg2iOUBLjVhT2jIljp/j4jDxLuBDqSPc
+ jpt9Ofpmcmjq/G/eo51rtVfrj5KmkMIX0ths68vn4qI2GfCwdPBAwq4YOPniAZIhiJKcRva9eR8
+ x1vJ4XFSx1OPv7lYLbCy0Ya3hGncCiJZUdD+839doGBMJbyW29dfrAMm8HVl5BOx89PPvgl9TQv
+ L9z6fiYPA+0zIB25hT+f8xHGohsqWanKTv0jgXlitkT2EAXp74gHtS6L5XvHOIqP3fBLlHBBrnK
+ UJWOIWZbTLQ+XcA2O5nwKQ2QLzD3iS3CepLAh+B4N5PAAXM6xfSZsuBUYURwoggixlZgTMMHE6p
+ 3hqJmysSoJWYFR1DBGDUIQg1x0lxhqf//EACURAQACAgAFBAMBAAAAAAAAAAEAESExECBBUaFhc
+ bHwkcHR8f/aAAgBAgEBPxDhtDGbUJjIgBCq2fs5lnhETKoNRh1++j7+Ibe/b+/7A8A8/wB402gz
+ LRHKog6F+82jylRwFBxGdk1hjM6l8cfgna1CLYwt47ERwoiFVmBB0S+dcNMt7xo0mfgdIxgwQCD
+ lrcdF419++YJr85gqs6fLjx6+8e2IXDcFRpuBLmoNPaFlCJWI4dx7sq2/AcoMI5uDtLEjWGK88o
+ BHhguBKNwdTlgz79eULZgkuEagVALvSXzim6gXL9YoO8cYjvid09Yag4ouLNyswKjqGCMGpdwzH
+ ktJcYan/8QAJxABAQACAgICAgMBAQADAAAAAREAITFBUWFxgRCRIDCxoeHB8PH/2gAIAQEAAT8Q
+ /jXWqebgeB6miTlh3wRXFhluFhS8jYj95L3wTL4KPrC0d6N8cmjxbPjFSosNNCZfbI20P6zw5uC
+ Bmj96zHa/g8PyYRtARdX/ANwu8gT7QLEggmuiFH2RXEXzXXMdlYv5Os1RAPblEioZyAGJsnJ5P4
+ vDgRx+8fqY3/rBkPvebO8lsN5uc/WXkAi0a15xVTZpSQ6yeJEX5WyQXQVZvCUFNMZA5Zt69sAuj
+ RlJDqKadjWB7NExE18K6Ya3w5MOw4oKXJqI21vTMELpwzX6KNGuWfySQBk6U/fqdb4krv0YJPGC
+ V17xJ5dTHhd6wXkCzjWTVEdHy9PearHYCQAd0YvYA61m8fzLHDsroClQgzDtEEEPKavVo8uBFwe
+ 8o8C7SAKX3hqJAPWgICAbdc5rEacXoDg+v42nuzIW+gccgX4IPHarvYru46lwavGJ0tXrOIgNIs
+ dx3vK2C9w/3FY4AXkXqeq+sKjxrm+18C6zS1HXe1U+XZXvG6WXAear9i/0QQcuHgI1QSJI8Ms79
+ 5FYA9uOxKeb1khduzdYc5NAbXwHb6M8qpD8O3c6hjJRppddk/PO77w1QNYNM0dHYX24pEU5V/qB
+ eH6qFD4LR5Qy0SVqZY2da5cnQB6xcJT/AOroysNoAx8j/gxVo7r5Ca/bii5V1MGlD43gGlOU0OB
+ kbjUv6uF+uk2Ps0evObAA8IO/GKEkRRCB3XXr51iMEGI8n8QO6s48hyx00VvYLBjtXH1jBHiTlY
+ b1HDDlejCdFDgb7dZ2xsNnOxEwCNI8XhC6edDMfEApaKaGOueeMl+MBR43p8H6wbl7SxHoroTjh
+ 3lcR0kSgt8Vt5BwcM2ml4jEcUdo3gtSx8JoPiH8FVkQyzSE15QPYG8VKcuiFkFYkAAAGH3qL5y0
+ pMBgKvRh69fsY+fRiNzAJX3owiHAUhxoKmO712+Was7eTGlu6c7eJT0JSImGnpJqNh4X7GCtAhD
+ QRoswoBJQT0+G8T7xYwJ6SJ6TRuadyYIxG2tDGk4FaRlsg8kd+BRKMOZ1+FAVQArmvyqiqhkotM
+ CR6DOeIYw4IOgYNsqrdTeribfOC5MwOXDLtErv6ONH3g98iZxKuKtthEYbBNQEToko9vgxiWUSh
+ XhLetpimQF27RXgThcVk9qVDpyjUdpkhktlFIJ9o5EwbG4nUs02Tm1FgLYIiQYguxIAXJp1hjI4
+ wE1I3I0ECAuOqLJAbLQNA2h0TFlSjopthtnJHCzah/J0fSPYojvE3woMAcAGg9GPCry464oKutZ
+ BTCwHenTAsABFHFRIezNpJHQTYg9fGA/B3VKfAhTsMTAEDE6IKKAugcMsc0Ih2Ckal8JFuB44dA
+ HrTq94/o5amoT2K8OPGeI/LLCCCbOAonIpHLMG5EGwxvDhwsDsUjpTp5C4tY4ELQPBADnHQFC1B
+ Sor6/zKZwoNA8B4y/M8GUa4isKrnH0xgVT6DbktDK0hKtrSILJUwz1OQJotC71I7jE6QgxSjqNB
+ KxZiPYzFDSq9DKI7wvadIqCo/YzWNx5WfQvCkDBEG7SwYSASjA4KwEG0Y7uwhaN3voPQd83B5Ca
+ ME4HgcD5LmcYdQhbR45dHOnSp36sCg7xpDxyOgOnYI7u+sdd6EWLKgu0bYXjLzWaCXO3nLiriRL
+ rAD5Owjke+MMOxMIQBPDbxixykaQRPMio6ouQxHnBJXienFLTXbA0G4o2VtonAbgs4hYBTSQTeA
+ RHB1AEAUKs1qbuTFRktok9UiBfNySxpB+zLdzUERpj78mUTkci/UzkSpTf2lUHm11w9gINRex2J
+ if0xuJpeg41jpous05zOS6WAjcKeXCp7X2KjMEir05/3wiRIgr9bY9L5ZXtvTBGVNwDkAeyudGa
+ bXRhUhWCXZTZ2YAaB+TS3PDxkszkWVd+A+c1V2GrEe3wHa+N4JDzhNUHfJfbBwx0Godf/ALmwBe
+ bcJOfv/Mo3kpCe4ot7aQvC1okK5VQ4aI7JvzkQU3dEhvnlAXxh3mBixRBu0MgG6YqUP1gp11+BZ
+ 8euJ34ImQDRPjJ+AKARNj3hnRcSb6HrM9nJw2nh84Cg0IDjjvfxi9DY3BJP91i73bDvwvXjxhES
+ qtCdjy9Y6JAILMBAMJVSaHLARUsqfKoPlcvjYKOgKeYX4HEPQVavomjnfOKloIecBwI/0KE4Uba
+ t9o/XrhgWEQJ2Hf8A848kgibG2VhhVPJQDrZ2c8GRmAAkB1185Cdhexcftwnpb+tAvkK09GDCfE
+ JEnoa8zl4QbxNgR7PCjeqO5kX/AIiBF/bcJA66zRYNdf0INFXtJ5dCfSesmRv90dh4ThHhMQG3Y
+ V+A4xQHADQ71e8ScJXdR2/EwQrAQB5EHkHLXY3oqPgIkqBsAa+bsg+iDdQAEACqshjVkMBWyAuN
+ NwhpnTNba4mhQaHAfSH9LoiWEgfsk1u7qDtyrzhFZUY6PWWonQ2+RPjHlQToAM3whoFY1Hhgho2
+ 8AMAAaA3jOAldclP228e8l+hJSGVW10W87vLj94cbGyeYsA5A1hBAGKDU6FJyKIiLiRcFr/Sv0H
+ AfB0TulIbRkyVjzf0mIi14p/5v/uKoPktX7x2op848+MFB7wIv5OAFXSRPnONHTICQR8jv0YSEN
+ EtMFutjrFrIBkIIRjr+ghqoO0R4mVdAKgbRfwIoNCuGhg0GCvm5yyp/urjR3p/A2XAYJgOhJG3o
+ mM27vONmGsCub/wxfsV7Kq7+V/iVFqiAeVxXmlQeQcRSe1wOCOJwk4E9gtJDW9OTeYToqYEFCqF
+ sIirwzFbOXzjx/wCYoNEvWcsV9v4Eb3oY6Y4JVxMuz31hRXz+OSOh19rMr5TxkvNmdxyec4Cy0v
+ YEvqo6XehZCah23YQ24Q83eCm5pu9oaMNB0ecfU8q+8qyvbIOx1jFmh7cVdufyYFnr8EUBGb3hq
+ 1hOcPMk6mEBIoaNTntNAZ+1Tdiur2S8rTlQrAf0hlyLH3k84ZRAad5SSi6uKPeiDIHUtwX+5i0R
+ 9md/gUHvKT484cMed5BXmXeTUIYjAg2AcNCCXmfTMHGxJm4p94JBOOsT3uLwfHTi6D0bxhuogm8
+ aab9Zuzw4PVg8/nhy1XtxnEcneuHO97wJVLOzNLcHozQW7mWml/ecbl+M2XWLFP8Acr6GK6JM4v
+ S/hds5dP8AA7P1iFJs272Zy3r24x0oZIWrXgzlk+s//9k=
+mail: Minerva.Mcgonagal@Hogwarts.edu
+uid: 20011
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
+dn: cn=spomana,ou=people,o=openldap
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: spomana
+sn: Ponoma
+businessCategory: instructor
+businessCategory: college director
+displayName: Sprout Ponoma
+givenName: Sprout
+jpegPhoto:: /9j/4AAQSkZJRgABAQEAYABgAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIg
+ AABtbnRyUkdCIFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAA
+ AAAAA9tYAAQAAAADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAtkc2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAA
+ BRyWFlaAAAElAAAABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAF
+ BAAAACxnVFJDAAAEvAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ
+ +ZXNFUwAAACYAAAGCZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAAC
+ gAAAEqaXRJVAAAACgAAAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTR
+ QAAACYAAAEEamFKUAAAABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHU
+ cnVSVQAAACIAAAKkcGxQTAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGY
+ AaQBpAGwAaQBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQ
+ BsACAARwDpAG4A6QByAGkAcQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrk
+ Bp1KAAgAFIARwBCACCCcl9pY8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkA
+ YwBvAEEAbABsAGcAZQBtAGUAaQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgB
+ HAEIAIGPPj/Blh072AEcAZQBuAGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAH
+ MAZQBBAGwAZwBlAG0AZQBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAI
+ NUEuFzTDMd8AFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBl
+ AHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEw
+ AIABSAEcAQgBVAG4AaQB3AGUAcgBzAGEAbABuAHkAIABwAHIAbwBmAGkAbAAgAFIARwBCAABkZX
+ NjAAAAAAAAABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAUR2VuZXJpYyBSR0IgUHJvZ
+ mlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla
+ IAAAAAAAAFp1AACscwAAFzRYWVogAAAAAAAA81IAAQAAAAEWz1hZWiAAAAAAAAB0TQAAPe4AAAP
+ QWFlaIAAAAAAAACgaAAAVnwAAuDZjdXJ2AAAAAAAAAAEBzQAAdGV4dAAAAABDb3B5cmlnaHQgMj
+ AwNyBBcHBsZSBJbmMuLCBhbGwgcmlnaHRzIHJlc2VydmVkLgBzZjMyAAAAAAABDEIAAAXe///zJ
+ gAAB5IAAP2R///7ov///aMAAAPcAADAbP/hAIBFeGlmAABNTQAqAAAACAAFARIAAwAAAAEAAQAA
+ ARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAGA
+ AAAABAAAAYAAAAAEAAqACAAQAAAABAAAAlqADAAQAAAABAAAAyAAAAAD/2wBDAAICAgICAQICAg
+ ICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2
+ wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4O
+ Dg4ODg4ODg4ODg7/wAARCADIAJYDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQ
+ FBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwR
+ VS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1d
+ nd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ
+ 2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8Q
+ AtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRCh
+ YkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEh
+ YaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn
+ 6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9M9VXxA/7S+sSaeTMsmkQi6CE5iBROw61x3wb0s3
+ H/BRDxUt9Lcb9K0kvHbyEtHvd8bsHjIHf619W+FrbQdXj0zxna3sFxd6rpEHEUilHXaDuwOSecZ
+ 7V0902h6GbjWrmC2gm2bJbmO33SFR0BKjJFTOhzVFJSe7duhzRr2jZpWsjyz9ovVoNG/ZU1m7nQ
+ yE3NskaKMlmMq9P1r4l+Bmu6Bcft5rfa01rbWOnaFPOlzd4jgtyTkszNwuB3NfWfjv4z/B3UNMk
+ 0LxH4ktRb7w5iks3YkjpwRXwp8df2iPgZ8OfB13d2Wi+IfE1ldwNDO+j6GjxSIQQ0U8khCojDIy
+ /y47152Ot7SElUWn2ev8AwD08K7wknFq/UX9sD9rv9n3x78PH8A+CPiZ4b1rW4LkmRLVX8uXBwS
+ kxUI44PQnmvC/BviTwxrH7O0Fx4dvLDxBfW1sUuYrC4WV4myfvAHK/lX5GfEjxL4b8QePrq58Ea
+ bL4W8KSzbrLQLjUFvZIWIIIRkBOzBG2NcqgAAJ4xr6Z4L+KXhLwXoHxP07R9c0KEaj5OnX9vbTC
+ 6dk/eI8kKLv+zMV2nf8Ae6behrz8Rg1Wq+0nK19NP+CdlDFVKS5Yq6R/S1+zPq1r4L/Zcshq1tB
+ ZSXF200xlADEeh4zxXxx+2hrGp+KvjjY+IfDMMVzZRWPluYTk5GRjmvPvA37THw5+J/h2HTrHVf
+ GGk+IYAEu9Cv1jEu8AAtCQcOhbdgfeHRgDkVzvi7VNU1jXZI9Mt9bvLeMElXYKWx1461041Uo0o
+ ULt7ak0K9SU3V5bN3Jvgh4+tvDy6m/iOZ9KuXhMYEkZLuew/Cur+Kfj3w9r/wAJWOn6nFcz26sF
+ UrjOeeM/56V85alKLS2d5rHUVuGJEm5cmP8ATNS6Nf6Bq11Hp2oafdGKCMvGkj7TO1eZKpH2LpJ
+ o6Yubqqc0V9OmB8Fm8jA+1sp2Ljqc5z7V6z8MvGNzoelTjUZpIJJcghPmzgfzrhbC+0WDzWbwZN
+ LZjID/AG3bzmqtnfCLxbY3un+EGKxS/OjXe4S+gwO9cVGmoPmi7HZWqSl7tj6V13x1rOu+DTpGm
+ Ws91A0eENyu0MD/AFFfMsnhLxPa+O01u4t7eG0j+XG4cc+vfvXp9/4u1GbV1W60zQNPdj8kMt7t
+ Yemadqeo+NGgSe10nQZbGBclY5POjb2yP5USqc0rtt28iKd4+6upuX3xkvI/ADaDNp9vNB5RRTv
+ 56Y/SvgLXGtj8d7XMEcLz3HEokyFya+jtf+Imr2VxbWt34f8ADcLSyqjOkJymTXgPxZ8i3+OFrc
+ wxW9qpjWQ+UmFY9+K0xVVzcVe/ysZ0oWk3azPU9Ga4ttSuItOQ3ksh8tFiXJY9O1ey6N8JvFEsC
+ XVy02n+au4KE+dAfevnrwD4nOl6bPqtrci3vbc+bFI65+bORxXuunfHH4jXmmpcf8JDbDH9yAD8
+ Dx0ry4cvM02ey5O2iOtT4Tjw9NK76pqTTzMdzG3Jz349qK4aT4x+KtXmYaj45aBo2O1FiAP8qK1
+ jOaXu7f15nG1Tv72/9eR+0Hhnxh4S8OfF6ztU0pNPSDwtCsLQjI4AJyPf1r1v/hYUtn4T1XxHr2
+ n2+l6DvWPSVeTNxqDEdAmOMngDqeT0r89IdavNR/a3t7Ioz6dBokJ1BkPAiVOVz2B7+2ak8a/FX
+ wl4m+OunXfiD4g3dhLaDyvDelQoTbxYGN5A4Lt6nnGK+4Wc0WpSut2l6Hx9TKpRaUX01PKv2gPj
+ F4k1n4/QrpGlaba6ms/2ex02C2V1yf8Ano2PmPqR9K9D+IHwd8a2PwG8P+MtRk0WLxJewb59PhQ
+ eU6YztIxg5FeJS+JrbR/+ChNpqd3b2upGOFnjSYDDO3Q+3Y19Y/F3x7b337LGjXt5q4tWitzIXQ
+ 8wHHX0z7V48Je29tOb16L06nqzpOCpRgumrPzH8TzeFfD/AISmt7Lw5pHhrUDqISSK30+OKQPuB
+ POOhz+Ir1rTrvWtQ+D1lH4eup/7UaIJCFcnJz1b0UCotV1X4e+Pfh5Hq+kq2oajbz7L+WaLIY8Y
+ bPbmsiHxYPC/w6+xW5SG/vWKRyQ8NDEOre3p+NeRiYKdXe/U9bBylGF2fnz+0Tov/CJfte3slre
+ lr+a1trq+ubUeUi3xU+aYivQjCcg9c16B8EvGHi3x/wDF/T/DUWt3VrrciFxfS3OfOUEKQQSPn5
+ HA61k/tG6CmteH9D+IGhadrseg2dxJpOpapdQH7M9xwyRRyHgy8ksoz1yelfM2hXOow+I7O80B5
+ BqVjLHeWssURkkSSJ1kVwoHO1lBPbAOa96lTVWjGTf3Hj1pulWbX3H7k+MvBNroGl2UV/dxHXvs
+ 6mW6mH7q4bHQ+9fJ2uWkcXxOeW6Z7YhTiKFeFOOCPUV7frfxb8MfGP8AYj0/xzbXqpeQ2awa1Y2
+ 5YS2V6q5kTpnByHUjqpB718s6r4qfUPBlhe6fYXyyW0BQvcDqvTrXmY6ko1Hbe3qejQqc0U9bHo
+ 0N3fnwesdhFHdi6BjjiZRuBz1Ga3r61svCPg+00+3nf/hJ7lQ1xOhBWIHqoHr7V5hYrqlx8MY9S
+ t75LFgAVcHlfUjNa/hq4s/EPifSv3Gq6hdRSAy3DDlz3NedK8Wk3Y7nKDWqucE3hq78UfGWeKS7
+ uJoQQDJI2WLent9K+g/B2j6p4B1i8gt7uW80pow09pK+4MO+M9DXQ6Z4U8r48TTxQKLOcCbGzGw
+ jrx61qazPv+J1/BHGpt1t/mUdSap05WTv1M7xbcWuh4p8S7LS9amsL/SpyqfalM8JP7yI5/Mj+V
+ fPHxGulufjhHaqqMsShOHyDxXtfiPxboWhfEeRI7AXVxL8su1s7B0/PrXzr4mkC/F9NQLFbcuWx
+ 6+gro92y7nPrz3PWfhpa2dx/bMF3HG4jt/lDjKg1v3mmRf2FFFZJN/aM/EcUZPzHP8ALHWud+Fm
+ y6m1u9W4WO3EfzqVOGBr2DQLmzs4zqksD3VwsBFsAen/AOv1rya0JOasexRknC7IfC+g+G/Bfh5
+ JdcsLfXNeuR++XAIhXrjn3A9+KKzbb4iWmmatdJN4XOsTsxLNk5GT9KKVp9J2+RzTjFy+C59OWH
+ xFXTPj9r8NvcODd6VHbux4wPL6Z/GvPtBsoNQ/bW09fEdi8mnwQeZYrKuY2I6Hn6CuU8cWGoWf7
+ SOp4SS2WW2ikiwf4Soxj8qo6r8S/F19430zwtotvayTwERLfSRAugI5OcfhQppK0uj/AOHFOnLd
+ K60PbfH+jadqfxhi1+0LJfwYG6JsZ9v6V6x430uO4+A/ha01KENDdQ5uEaT74PYCuDXR/wCzvBE
+ c9/Ok13IoMk27Jz3I9vaux+JkUH/Cu/BUNhd3F3stN8wPQZwBzXdTqL2U5NboiUbzglpqecN4V8
+ P6P8FNTHhGxlsLb7Qqy7jnd0yfp1rwddJ1HX9Z119ObzLq2ttkETA9/QV9Q2T25/Z28TRsHSRbl
+ C25vp0r5t0fxnZ+E/iBf604W4FsAgi6iT2xXNU5rJI3ppJtnzj8ULTVpvgHPK9hf6fpGmatHBpW
+ n6hdGWaSRtwvb7yh+6i3HhSAXKbQW5wPkQXd/Ffh7eae0cKwLwOY2wx+YErg4PQ+or9N/wBovxP
+ 8PNf/AGS/DmvS3eg2HjrUL64fUbcyHzbSzkUNbxnOERtyk7cE8gnFfmtfrbi0R9OuTeRFypkiQ+
+ Xx/ttjcfpX0+AVT2e3pufMYi0ps9s+DXxb1X4Y3M1pfWq694RvpPMvNImYbVfgGaLjh9vBB4YAD
+ jv9J+O/Gui6hZCbR7a2i028iDQCNcAg9D+vP0r8/wCwllt7mGW5QywiQF/nBLL0Of8AGvWtG16f
+ U/h+mlDfNBp0zGCT7zLE75VWx0I/KoxSbi79C8LPllZM+qbHTZ9Y+GNtZWCKTHGuEHfNetfCO20
+ jQdckilXyp0hOPM6q3+FeNfDPxBBFfW9vM0ixxRr5rsOFIzzXp9t4u0qf4loljZC98zKtMRhXPb
+ ivDhaLu9T3FJumm0e1R69KNfe7aVD5jfKm0CvOtRh8vxprMrNLCsyYjdxyCR0rq/C9hBffEBhNA
+ EIO6NS3ygjnvS+L3udXe8tFiijkWXDzADLY4wK3dNyin6nJzpVH5nzX450nw1Z+F5L+Gxgm1Yrz
+ MjZYkd2r421q8uLjxCfnf5CSc19ifEDTWtPCF7Ou4sU659P8mvitpiNRnUsdrA89a1oU0r+RnUk
+ +ayZ9BfDC6it/h3roJYzMg69h616lpkmqyeCLa10sLd3vln5SexFeDeDi0fgfUZWO2PYMgHnrXr
+ fg7XYorzTI2unUW6bhg4GR2J9K8jFXdRtHt4OUVBXJvDLPa63fC/iRbxlO9Zchh83eit/xD8RfC
+ lxq4MnhuLUblR+8mT5C3vx1orSDko7omrCo5NqVvkemeJvi7LqfjwPqPh3TAbXS40jcnDN8v8Rx
+ zWp+zpLoXjv9obX313w7/oljZtcFbdvmc5OOa1rv4f2l1+0zfafqGmk2L6ZGzGPGFO0cil+EFja
+ +GP8AgoBqHhXSbiM2l5alGK8sF5/M100mpVVzWbTOZXin2Po3XPDGl33w6j1eLRbqyPmNFHCZNx
+ A7cVgWvg3WdZs7KGLWA0xUrHCyZ8tR2/8Ar19IXXgXVU0aF2uVNrE58tM89PTtXkUt+/hP4laNY
+ RyF5ryRvl/uqeOPfv7V2SwrgvfVk7EQq870eqPPdU0fXNF/Zu8TT3725EmoBAxT7xBA4x2r5U1H
+ 4faZJd3OpefcGRk8x1JwM9fw+tffvxjFra/svXtlGfNm+1qztk4AJB4r5u0Lw54g1bw5qPifR9N
+ sNQt/D0MN5cW97G7QXbb8xwOqAswbaSwHAUHJGa58Xh1GvyQfb/gl4Wsp0XOXn+h8e6Rr/wAKvA
+ vxefxV8UfDMvi2W71jTNR0S2vNHeOOCxhlUyRmSZh9lDshYyGMtIqkLkEV84fGXxTonxC/aZ+IH
+ izSXvPEyap4gur9NXhtjaWZhd8RKkBRTGiIEjXcAT5eeN2K/Xr4z/sgf8JD4qPiHxbd33xR+LHi
+ DxRDqN8siw2M1vpscAZohIxEVjZAssfluzOI/mGXc1+anxuvdR8NfEDWPC6WHg/w68V19kl0jwl
+ N9uijMbBsPeMoEh+YHKqAcZGa+lnL2dNQvr/XY+binJOT6nzMumXXlhQ1rDuxgFef1rs/BfiG58
+ CeP9P1pbOw12ESPFeWUC/PNCBlgVyQcdVY8ZHXmn6TYpNDf3kkEz6rFcxfZI3BlR2ySVfPrhcHp
+ 1zxX1V4r8LeCPDMfh3VfB8V3r9hqenwT+IdF1LTBHcQXYz9otbk8ERhmVl2cFWH48DxNtGaQoOS
+ unsdha+EvD+sacniXTdamk0fVLVZomgwAVYZHI7DNdB4btPD+m6Ml9OjyWlpcbYsyYZ/evNPhs1
+ /ZaRd+GbTTro6E84NndyT+YLWeU/8e5/2dxIB52HANddrmmXXhnwPu8QWE8c0dwSYCclT2JwfT+
+ leNGMoVtNj6Dm9ph2+vU94n8ZeBbHTJbma/FpceWNm5sFePWvPm+Ifh2xs3dtWW5gmbcWZCMV8d
+ 3upvc+IZpWaYW5bOxiTxU1091qGnDylRLaJcCMHmuttS1SPPgmtGe4fETxR4cv/AATLp+n6lHLN
+ coShH8PtXxva2SyeI7yG5uwscKZLhc5H4V2U6SFo2YdD930rlbcNL4r1SNQSzREcjGetTB6S6Fy
+ 3R6JpTwp4EnW1lkmjOMsiHHvW7JpNrpk9s1xqbK0sQkChSCBx6fWtbwj4t0nw/wDCKTR30mO7vJ
+ jzKyj5ePWuOuL3UtU8XxTbQUSPGMdAK4Jq83dHfB+7E2tav9MtNQiNi0k0ZiALgdTRWPLbLeaYi
+ qY4ykhyN+P1oqU2Xy+Z+lXiy5vbb44azqMU0kUyaQgVguP+WQ7d+leU/ADU5Ne/4KT297qMkQUR
+ YZmGCfcVW+JHifU5Pi/4ji88RpJpMY29MDy+RR+xjpuka1+3nnWp5ZLeC23MqnBbr/hVYOgniEY
+ 4mXuWP2F0vzrsaq1/cRw2MhxbKVHOFxuyecV4Fr/h7SNQ+MWj6leZjOmnPnbxsJzzn1x/KvoHWP
+ Fng2PS9W063jkj+xoEggc7ZCSBnj1z3rwzTPEfgzV78+HvEF/F4X1RmMtlPeMP9Lkw223QHILsc
+ HJ4ADGvpsTUUbU1JPr9xxQou7m1ub+teC/B3xC8F6xpPiH4jaF4OsYJy91LMQspjAV0kUOQpDDP
+ 0xyM1PoOm/Dn4VfAnURaaKPGV7La3MlrqC36gzWsq+WTOqHEKFANuc5POQSBS622l337OmteGtA
+ tl8HXsenxXieKdVgiu1CCQxyfvJF2wgN827kFWwoOTj8zvG/x+8TXV5ceE7LwlLofhtrqKDWL2y
+ k2y6s9tIZRcedkZ80AyMhwoBGANoB5pzpxfO4q7X9L5F04SlCzbtfb/hj6H+OP7QGg/EvwHFoGl
+ +H9fsntg0hhlvEMSxGHyMvAfna4DgDexIZRnjt8Q3WifC3W/wBlae61a003StT8N6lHIYLCYPNq
+ rywtHBarGuDDaQo7MxH3pSOgTk8X/Ezwne+DNG1Xw74bjutVuppLyYz3SxXEUcRSKKGRFzviaTf
+ MxJ3McZ+UkV8ha1q+q3vxVmvdPuNNt7u+vnMirGIYopC2PLHUJHk/QAd6y5qlWd/62Ik6cIqK1/
+ r1PVfFVn8PW1SS58N6Ba+F4yYfI06TU3cRgrlvmOWO3ghu+QDXq3ww0WLVLSy1/Vbi8tLa0uRaW
+ motu/fNxJL53USD/aPQADivmDxbLp2lfEe7NlrI1xldfPu41HznaAzITnK5yB7DPerUPxK1/Rba
+ 2snmivrWEsba2uYiYk3cswQEAnnnPWs3CUpbGamk7WP0V+Heun4WeIJvGkuj6edIn1udFS8Ecsg
+ QFniZYANsUbyOGBAJZVPPpy3/AAlV14u8VeJtW8c+IrG8u9XuxPf3FlaqhhYjI2pzlcYXZ6Ac8V
+ 8kWvxIufEvwm8SQajb6VJqD3du1mEgInCgkttk4KgdeRg9KxtI8TC01a3uNLuvNiWUOISrNJI4I
+ yre1KTd7PZHTCuntpc+g9Z+Hdk/2u9gtxKEn2qw5ilxzg4OQdpBx2rz628HXj3jBIpxbEYO0dPa
+ vobwje6Jrnwq1NtUtIItam1ZJo0iLgsjDDW8mP8AlmMblYYOeM11g0+x0zWo447doTIgkMLKXC5
+ 6c4xz6dRiueU+RKxU1GWsj5N1Pwa1lYeZKoiCpuPmLggD/GvE8L/wmOryKoj8uEjn+dfa3xTuFX
+ wVeyIq70B4I/wr5T8GadJ4m+KepWEAQyzWjEDbx0qfa83M2OEEmkbHhzwfrviHQPtVoYRbRSKWB
+ bBxXu6eDtI0KRrhLF3zprNJK4z82OtT+CNN/sXwvqNhfxp9ptk3KVfGD05Heu18VSmX4XLPAcBr
+ FjIPQf0rzq1Tm1PSo04qKvufFN3E8zebBKY4jI2CD15orV8OWcmq6ROscXmmOY56e/NFdDc1ojn
+ VWHU+i/EuojWvi94hjZ4wY9MQBg3UeWMc+lc5+zYur/8ADaFtaaPqE1tqU8e2AxDcSQc4x6Vuas
+ if8Ld1Bxa2lnE+jRtMF6H5ai/Z4vbq0/bd0WbR5baylUlkm29Pxp0Zck3zK5LSVj9RbK0mOsX2p
+ eN7+LUNXE/2X+zkykqkdDtHX1z71DdfB6TxRrdjNc+HG1i2nBuFS4kYTQRKDh02/MGXoCOeeKzd
+ Qj17Q/jUnii+m029aZWdZSm5XfGQeemOa9w+DvxRudV8cs+rfYjeJYyQadaRqftM0pbKrCT8q7s
+ bSW4GVr0MCqNWXLUdv1/rsRivaUo3SuYeu/CrQfCnwMtfEms397f+BZNMnfxRb6xfyCaKKOPMMZ
+ DHc+JQqhFGAxU9M1+ZXx61Gyh/Zy0fRPDvw4u/CTweWde128nL3McjbQIkO3hJQG3K5BPGBxX7M
+ /EzWvC2p61pFzd+H5r2zjvRHqVzeQsbK0mt/nKKGwJNsmSwACuyjLHGK8A+InjHRPGXwU8c+L/D
+ sOmQ6D5LaXKt9AGGoXLP5kjyRkbW83AAcZYKNiBcmvSr4SMm+R2su3zf/DHDQr1HZSW7/wCGP53
+ NUhmksUXTmkLmMvJOrHccnhCf9nAHpWZq2jy6tNdXFvBHaQynzPsyFjtG0DBzknJyee5r3jxrPp
+ 0vj7VtUl0zTdEilnZ0g01NttEWxiONP4VXsuTj1qPwzrnhCyEj6ndQrI6AESQOrt7cjpnvXjPFT
+ grxWx6uGy6nWmlUlZHz9ovg+7vZHhVjCwRmZWHIUDrj9BXRav4PudI8Fxanf+YLcTKpRiGfcSPl
+ Hccdq9H1PSL618XDxr4Xt/t+hW2BvixKEOejr7GrGnXNj4i07VIPEX2azMt0L+41a+jY/ZiQEUI
+ i8KOP4uvvWksXKVpJ+q6nTTyanTcoSXo+nkeUeHIbq78UWdtp0UqTSOyBNm4SqTkBvQKO9exaN8
+ NL+PRH16DTg0Edw8SOJmXzZEPzBWwckcnHUVZ0bwva2fjyw1bQr1/GejpDPDJBp8JjuIrhgpUlG
+ PCnGM+9fUPww1+50rxVZeFfGGk6ZpOlfbvtKweYM2kjxbXmyRzIQwDnGCBxzT+sRmlyv5f5nLVy
+ 2rh4uTV136HFeErlrHR7SGVbmS3Us8VsGDsBxuB3Y34Jzya+hZNU0G78HRTWscoZpGZDLMHccDK
+ 59cjp0GfauL1v4ZaVcW+mahZz6mdOhtpBbpDcbUBTGHkz1UP8xYdcjoK53S7m60uSCTWNPhWzEb
+ BJ4owFbLbSd2Tk59BjkVFSSWyscDvNI534r26z/D26vbWNhEQNyt97OfSvmz4VSfYf2jSTmIG1Y
+ tzz0r6n+JJki8Ds0SR/ZZYQ6jGeD0r400vU5bH4q6nfRkLItswUrxjI6VzR0cr6IuEm2m+jPq7T
+ 9Ut9S1rX7iyQFY7fy9xGNzV1t1bR3Hwluolc73sCMZ7n0rxzwI4f4f3sxug8rjMo3cjnP869Ut5
+ j/wAK7uGAIdLU4OeDxXHNwje6PXoO6UmfN/gKxght75by4NtMshXAHDDPWiuYttZjtbe7aZ5EZ7
+ tsbPT0oruk3fY8/kjc9m8UpOnxBMiymeK40SJXC87fkrK+DDtZ/tO6e0UwiijJye+OOldLB9nu/
+ GZee6Do+ixoqqAckKazPAdnAf2pLCCzCpiMszOepHNROpFTtbqxQk2lJ7H6b/2rpcK2lsl1cXpk
+ bzPLl+bZx29a6fR9VM3i/QLnSdGtoPLv4kSTJG4luS2Oi4ySe2M9q8O8K67A3j6CHV7mCw0zKxy
+ XKx7sIG5P5ZrvfF/izw6+p6lY+D9Ss7iyhVQieWUJYDls9/rUxlONn5/M768oSWx+mOp3um+Lbe
+ 28MWl/bLNLZ/a7WPaH86MYG9kYblUHkMeuVOTmvzc/bKtfBPw+8C6fpfh26az1f7I97expMXjS6
+ 2FFdiMLkhmGFwR7Zr0j4Uax4m1zw1N4ss9cWPU7bTTb3F+kq+dbwQkFEkZiMxAbsDk4J56CvnT9
+ uiWwuLrw3YW9vY297cFY9T1m4jZoBBcOoS73HGAsbM2AOinua+jxmJVWhzyVnp9x4eEw3JWSTuj
+ 857PRtY8W/DyHXNCtLLzxG6QxTcKrDIJUnqQeeazU+HvibWrrRkvmurdbSyCam13MUeS4G75kPQ
+ BsrgAcYxznj17xX4av/glLY2Gmava+MPh3qAin0vxBYEta3BYHLK/TOQ2R34PevYPDHjPw3qngc
+ vMbe5ubdcozhVO4D5QW+vGa+SqY2vT5uVXv5an6VluT4XE04qb5ZLfsxn7Kfgfw9rtp458F+Ix9
+ p0u7lZWk3YdWRVzID3Oc8Vs+JP2ZIPCVx4j8FeJLKXVPCmryiRdQ062UiYAkpuYHdGwDdDwM968
+ s+DPxSn8D/Fa4tNS8FaiZXuPNW4ZjLDuLszNujz8hJxyOmK+rfHGv+OF1hfEdjo9hprrbb7mytd
+ SlvI9TU4KBw6L5UicgYByOM9K4a86lKTnzWk+39WPeweEo1oRi1eKTurba/wBdz2/4X/CvwnbTi
+ 8u7G0klntIYLqdbePe6RoERjtAG7aoGR6V8bfHH4Q3l5+13rWseH4JZ/DxhRQ5bMiSc/KSOeQvp
+ 2FexeBvirrXjXS7q0topNPuIlKTqEKFMfeGPX2rpPiDHq3hv9lXxvquiXa6d4rsfDlxeWeqsiyP
+ HL13bX+XgE9azo4y04WVpXd2/M1zTLqMsPO7vCyslsrfqfNP/AAl174c+HNiLmWA2t5b7rW31ND
+ JCF5BGcZDAqw/HvivE/EWv2eraRPNaafNo0pvHJijdhGsWxdoUdBhgeRyeM9K5+b4i6j451HTZB
+ a2b3wsIY761UFoysKBGk2g7UXqzN3JJzTYLvSZ1tSLjSLmGZ2Dpa3Su8WG2jcucgN2PPFfS1lJK
+ 172PyFPmd4o1LTxIuu/D1dAvX33quUhPOWUf4V8xavCtn8WdWtlb5Y4yuAfbpX0L4h8OWul2Wm6
+ 5pMpw9wUkKSblU9CAR9K+ddXikm+M+peZ5uWQsxbqTRC8n729jnkle62PVPh/KyabrDxMcLAM+m
+ c/zr3Oecw/C13jjba1mSQTyK+fvARuYLrX98my1NoPlxwf8a92nuI2+Bs6BwSLFhx24ry8RBqZ6
+ WEkktj5aKxf2Al4SGE1y+FUZxRWJpc7NoUschMoW5bAboOvSivSs46HNGSZ7DPNf2vi6ORfM+bT
+ 42TjnBWp/CGp3dp8ftOnZC8zdfMGPrU1lrEg8YQtqVhJm2sFjRcY+YKcZrnzqD3X7QHhllkayhk
+ u41mlK58tCwyT61pKhJy0XU4o11GCdz9CNF8ReHP7Blgv3sGdonKorAMAR0PvXH289k+rf6MXgt
+ jktuHY19EJ8DPCq+CdQ8RWFta61oMOn77jVlJHlyFckfgf5818ieJfG3h/4e6C+parq+kR+HvM8
+ jhsyu2dpCr1OM9e1ejjshxNBQqT69vkY4fOqdbnjTe256npniOTw/8ACLxNPo8ls7WF2Ht/tSeY
+ gJAGSpPOMkjPA4NZet6tqfxX+Hr6frWgX+u2Y03yrJdO0+4uHgZQWVg6As2cPhTnJOBwK8t0j4y
+ +KLmz8K3Pwq+CWr/EDw/qk8t9cNOUY3ENqwWWSVBkW9tkbVeZk81gQuQMnI8Z/t2fEFPiLL4c8C
+ +AdU+H9/fwyQSwJrF1d6uk0yrsNvbrEsUEqKSEVI5Aok3c5zWEsprS97b+vU3hmFOMVrd9z6a8P
+ fDTVLf/AIJsa94JvJNK1jQVis9SjtJJA82nPt8w2+f+WUrROsiqeMhlOCK+CH0ebw3puqzaX9ok
+ tkJeJvM3KoB6Ovb+VfYPhL4m+JF+A/iv4hHwaPBurale/ZviB4d8Szy6ZazW0h/0C401ZkBB2kh
+ /+m3mcAMa+YoLLSNc1+5fQtcbRLx5XCW88ykFGP3SD94cgZXI/GvGx1KpQqtt6f1+Z9rleKpVaM
+ VDR62MLwv4q8U2erSXeiaRYTvKhFxDNqBSFlYYOMLkevtX2p4S8X6/4t0GGTXPFPg7w8YIUtWtd
+ Ii869lAUDe0kny7iOuF59a+H59MtfC/ildP8XL/AGVceZmD98Y4L1Cc7o26H3Gcivrb4a+I/hFo
+ +moLSw0Uaq6gRvDIJZ5XPRcZyc56+1ebjoKUbqHzt+Z9NlNSycZT17N6nWeEtNHgX4p+IYrmSbU
+ 7m9uAbSUS7ZmDAEFgOM47ivQPjH45s/DPwF1htUsJ9RhMKya28EanyLU/KsJLHA8wjb7kn0rzzx
+ Z8R/D3w8i1PUtaX7f4zdGB06GIhrVByqMSMqORnux4FfEHj34t654y8RyNqjKNBvHS4u9NK+Y/y
+ L8rEjIR84ONvCjHUk1lgMFWqVVKaskc2f5xQw+GdKk7uXS+x4BH8QtT8L2culeD7C2tJGaeKe6+
+ zI7yxl/3cbZONka5TH8XU1l6da3eueH5ZL7V9PtZDNunkdmiZ85IUuoyef4V4FejDStPSC117Vd
+ Lsr/T7y7EVzdacwilAlwFlbkAxoDkKep4r6j0b4LfDSDQddtNf1/ToNL09/L/AOE2jiuLjS1j2q
+ 254IQ21+QJBKFMZzhyMZ+19vePuQ1+Vz8ncXKTTnZHxPp1r4v8PWsmp6C6eJba0mL3UenzXF9Gm
+ R964jAJjBC/K5H41di8Ww+I/EMmp3OmQ6XqE0fyC2mMsUgx1DH+VfROraTL4V+FOheMbWbWPB3h
+ 9ZbyHSfHnhKYNpmuSF9i2tyEJNsDs+XzFwUfIyxNfInjPVLDU75dVhtjo7Xzl5lidZJY7gABlYq
+ F+TGMHAzjNdPsliIpyWr6nHVqyou8HdH0b4DleSw1wy5+zpDuUbe9dn431630r4JLBaSIk00GEV
+ v4s9fxr5Cs9Y1238MW2saXqOoW0iLsuljk3CQDruU8HPpXcv4sPjHwKgvmWGazj2PHuyuezD6/o
+ a8irl8oy5m7q56GGzC65eozw1aLc+GPMuZo2LSE7C+MHvRVfw3bWctntuuy8c470Vc+VyZXOkd/
+ 4o17UtQ8ZrdRN5CT7GbaMDpXL674iurDxDpskUvmTxyBtqrknHYe9YsS6nP4qsw07CFY1yhPbFe
+ j+HvAcXiD4mDV9SZ20jSLcXJit32T3dwXCwRKew3fM3soHetacW5pNnI4xVPRH6iab8VNQ+E/7H
+ 2q6H4vu9Ji8N6u0EWpm1uftDaS00QdXmYAogIK5XOQT0r5k0P4yfCiLxndS2nhDwt4hv7G4jltv
+ HWs+HI55dFhCnzFtrWXMUYZhvE8owqgttfgV4N8R/Dz+JPj5BoHha18VXMSGR7G0m1ZRYSvEhle
+ ScMQo2EMMhckbQM9vOIPiX4n8N6H4o0LUdN046VrOltH9i0wxxwxSSMpjupAVPmzRqH2bjhWkzj
+ jFenLEYitSipS2MaUMJRlLljv+Z7H8Q/j98RfjNf3HhTw1q+v2XgC38yMwafIIDrxVjl7hokQMr
+ /8soifLVSCQM7V9p+y/Ft/ADat4b0s/DeaTToZ5fEenaxYiXTy8YgS0S5kZ5VYhQ8ioBzj5+AD8
+ QeEfFGrah8TrLT7ZzoejavcC3vpLe7YtFYLGxeMcYBbbneMEEgDivrnRIdF1PS7rU2sxea1b6LH
+ c6dZWsIhgjRIxsa4RAHmJRt5ySXI+lcFdOn7yX9eZ6ODrqp7t7mH8CfDfxI1T/goL4D+H+oa14l
+ 8aW11qxuL5LjUprtJIY7eQSTMpZiRH5oYlNuSV+tffvirw9+zb8JPhTpvh7S5PCmtaPcCe11TUr
+ SK0udfumjkcS3kwmjeQjO/hMbSgC9ePCv2cfGHh7wv+2vomt6PHHrer+J9Iv8AT9P1aaxENzp0y
+ 2kkryMvDbJI4WPCgfIinBUZ+YPjn8fPEviPRp/h3eHw5pPhjS51j0XWdL0OOLUoozCsrWKX0TZM
+ MsjOz4XBwVz1rL3p8q77v/geaHUqum3rf+t/vN3Wvjx8NtB+KVrY+D7iD4oeCNOuVFwL+wS2hki
+ e4TDQNMGdpgqH51woJweM16ynxx/Zp0HU9S8e+A/Fo8M6lZ6gLiDRZ/htZWmpMpw5jkm2FJ3Zvl
+ SRVUDj61+U8Btba6uraymSa3WOLEkXK5wTsPuvT6isnWXms9Wh1EM8kDkCSEylRJtwTGcHoR6+t
+ d6wNNy9mrpWPMljqzftL3Z+jmofEbwx8ftX8Ra3LpfiJtVm1OFP7Wu544LSzuLmQBFkcsZmyMnd
+ tEahWBwcZxNU07wVY694mn0Gx8LSahJdRPodpqYV44FVMTozZKuzFHkGOMEDqOfiTT44El1a+0i
+ W9s2jjAMsIyUhdhgEnkKGIBHfANdRomreNbDw7bXbSF9DsNTikaWa1DRo3mqSDIQccA4B4zwa46
+ 2ASb5Hb1OqnmdV/EjuNc07XZvElyfD2dfsztcWGjxM9reDjzJFVuEVt2NhHBrkL/U/HngvVJdS8
+ K23iDQre4tF+1xTXyuXhkZgI7hYpMOo2lVDDcAvPat/VdVvLLXdS8TzyyXb2lxK6fZlUteQXMqy
+ EhchQq7QNpA4GK5Z/EEuoQTjQzrGxrmS/nguVtre2V925twA6dgq57dea7cPSmoX5U2Y11CTu3Y
+ LnxtZWfw1bRF0LxCNbms0S9li1V0s50GcQTWrDa6gEESY3c8V5obPfZSW0tvNbs95FMglHzRoVK
+ lM9xz1rp9YupLvxre6gYxHDcOrKEi2AHYoOF/hHB4+vrTNaWSG3tJ5XMgUqYWB4MZPT8DkV0Rr8
+ rUUcc4czuPspXZjp0fCCPLKV4fb3/KmWEDRWtxHG28OC0BAxhc8j+RqnFfJ/bsckeYgcplucZHc
+ 966XSYUbS7tDt8+Ah4T3OPvDB9uRXHVbSb7lU3ytC6LcShDkE4XGMH1ords7zT7WYyXW+JymHAX
+ 5SeCCPYiiuOTk3dI7vbQ63+437pYVvhcKdzJGFBHrivdvB0dvbfCK1N5frpceqz+c0r4MTmNHe2
+ WXj5RuVmzngkGvnGy+03Uy2sRZp3IWMDqWY4H15Nex/EG+ksvC9vZ24lifTY4La0tTERg85dlY9
+ kzwehbPPFFON5XM607x5TnvGfiLULHVopdMvJbW4F2pjRCBJMZo9hKYznAfbnuGrlPHeiCz+Fvh
+ jxHBpUllpviGKSawuJYir3qwhIpWGSSQkvyk8DP1qHxPfvf2lp4me6iuZxqVu7qp4VFdFVlUDAy
+ ykYB6DJxiuw1a9sNb/wCCfvgd5jPeatpXjHVrNo0Riq2kjPOqsx6fOQcLwABk54r0qEbxlI4nJx
+ kl/Wwv7MllBrH7TemwzzaPaXNro2p3qz6s+yythDZud8j4IVcOeSDzjisHQ7vVU+G0+sW/iA+H9
+ F0jQo7TSPscitNr18JgIFf+JY1Xc7SYAChePTF+Csd1/wALV1Q297Hp1xF4bv7yKSWcRRmWGNHV
+ XJ6qQXyvVgMVVuItL8ReNrPUL/XvEmlaJNMDezNEsz2caxiTyI4gu6SVicRk/L83OSuCexu1daP
+ 7i6UuXXsWvBGq+MLb41W2oy6ulkdFa61G61AXxjk8pYJCw3DqT5gyM/MWPrXO6pAlr8MLSXV4ZI
+ 4bvSpLrw+qldvlo4QbV6gl+mOgyOK5jVvEWp3niC+NrbXGn6dLA1jFYBBuW0LcROTwZDgFn6lu+
+ AKTVdVs7nwF4XsFs759T0qe9W6nuJQ8UsMsqywiPB3KyYdWB4O4EdK3jh03d2VuxNWsneyfzKWn
+ q22ebZGJJj5jIY8A4GMY/wA81YgMFxHcWtxAkyMNyZPzK3r78cVZtpYrieCORCGHyiTOV2HrkVT
+ CrZ6xMssedrFAAcYx34/l3rCUrvUmCsYU0dzpBvo2knFrJHsKRykZyQQCO698VdtPEM0Xh2ws76
+ 51OTTDdu89vaz+W+CApOD8pPAIDDBxXT3MNvJdWTsBI0qFyoHBx9faucvrCC2vmtcmUO+TwMbSM
+ gg/56VvDERl8S1CpRkldMt67faXqHhV7jS5r29+zTRoUniCTMORvIXgsVIHHGV960dO0O2s4YC3
+ 9n3mqiISi5hkzHbh1wEHHzPg/MD0NXNKSGDw3JJEsW+JPKMflghwWw273AORU9v+7uZHt1UxSBU
+ bepKqTyucdO+D61z1cVpyxVhtXacjOkP2jTYogjOVJVZeckjjDZ78VSvFNx4TkUDfJCuR22jNbT
+ FIhM4mjErzbgjA7jxyfTAPB796iu7fMrNDCsUEy4C7z1I9/esea0k0WpJo4Swk32+5X3bpNrDup
+ 7c+9dnouopDqTJe25d+N8SkjzCCQxz2O05/CvM7a5+xasY2J8sSbJR6YPBrqb05VbmFiJCTu2j5
+ c9CMdsjtXo4ikrq/Uzi7/I7LXbiJ0szarLH5SmNgy5BX+A4PQ460VmR6lJe6RZtYW73F3HH5c6R
+ pkKB9089z/SiuGNGUVax0KqmejeBw03xR0N43BVL5JMZO75Tkc/XHt68V9MarpEHiz4yQQaRo1x
+ qc8FhLLJbsfMllvIbdzNOFJ4jUODjOFVQeQRXz18N/Der2nia71HVY30uGOzYRSTAbS7EAAe+M/
+ nX0Do93o/hHwVqlvqMWtXOuahIYNHtHG6GaTYFkkEincSrOFIViu1RnOSKiKto9jHmU46nyt4ns
+ bjQPA9zp9zazW6XbW/2QTIVB8vLlxnoGJJA64wT1rvvASi8+BPinTZWYaFB4ma4nYMvmBZLBcpG
+ zkKruSSue+a80+Mmuy6v8cL3TzdTTWuiwRWCq5wBMqBp2wCRne23PXC4rpPhLqFk3h3xFa6nIsg
+ 85JraJicvL5AjTHOCT90buMnrxW8oOFN/12M3N3Vit4Ltbn/hYksunW9uxlsroLBLKEMvmgQpEp
+ JHztuO36Gu/8JeH/wBz4t0G9Hh4vqPhG/smuNU82GCxkjVSswH3vOUr5absBmY57U+x1Cy8GfEy
+ bxFpzWem6v4cvLY6DaM4nku7qXdFNukxtUwxyF/mDAlsAEgGuo061ltPC3iK7to55zIZYrm588C
+ 3nW4KkKq/f4MZznIJI9amT91WeqKur69Th9N+D6eI9BbVdP1OXSrF4YbmZNWkSFoYmZhIcHJbZj
+ LAcgeua8U8S6BceG9fn0a+jkSeL76yJscAk4yM8ZHPrgivqPwLqNrrHxh1nSNT8SW2h+EEstSiu
+ pjCXkvVaEPFBF0PnSTMpUAqNschJA4PjvxitLUeOY7yK1tbGWO1trC9gN+s0s13HBvnuVAAIt2J
+ VUJwcjGO9EHzJO5VruzOfvLS0PgPw1rsEalZ7JrWTa3SeNiHJH1wMe9cVcgh/tKHMbNkbh0I7V6
+ H4I0dNf8ABnjfT3uLaO6sdGGtaes92ItxhcLOqqfvkoVIQcknNcRdCAWqQwm5klIYyKPuq2eMZ6
+ j19KJRaa8xRi77EN1dTTW1q5KqkQ2goeoPIz68HH4VWu4yZYxnBjAAz6dagsrhYIrpNyfLjbuGc
+ /8A6q1WLTaBa37BTOWKSZ64Xo/49Kud0WuxBb3S6fr0gt3aWCS3Pbuy5IP0IrqI55Z7O7WBjbRT
+ wx+YN2A2znPp1rl9Lii/4TOx84wpEXfiU4Q/unwCfr+uKk0G+mjexniVnYR4IdN2cjoRWVaDcVJ
+ A2aa+TcKkquiAOrNtHAycMSO/SnrdCfSWjnMfyM4RZTtDAHKnI71lzTLF56qmxpSS69ApznA9uo
+ pzXKCey2XEbSeYQyqMgZPGc1nyNlNrluec+IFhTxfeNblWglYSIVB4BHT8xV/Rro3llJaMd1zGp
+ KbujKP8Kr+LEaHxAzF0baxUlT1xXP2d69rqSzxnbhuvcg9RXvQh7SijivaVztLd2t5WkMr20ZG0
+ tH3PXnmiqlzeKlrG0BSaGQ7hnr+P50VioSOpI/RqGez8R/EbSdGsofJn1WeOBZJsm2gZn4aQAZw
+ OS3BwucDNM1i5ubP+3tc0+61q+8J+E7iRBNbzq9hIYpHWKVM4KrNMG2IoxhNzckVwXhDxMdLttN
+ 1wRtqEm+eWCAXTwK0kcLhGLp82EY78KRnGDxWD8S/EJsf2MjpcuuXd3LfajBYWNs62w3WyId8x8
+ tAxBJlBJb7zDA715uHcnU16swi3GCR8hT3tzeX9xe3Ll7u5mee4bJwzuxdj+bGvTvhbqd1ZeJdQ
+ u4YLe5NtFDcNHcW5miXY7kSSLxlFO0kH7w4715S552sCo7Hv9DXTeDtRk07xssLXclnbX0RtpmV
+ 9q4P3Sx9FJ3V6FRXjK5lzXtY+hviBb3Q0bQ9zTG1uNSvZtOjvokt53iIDtKbdeYFaQsdr8jKgAA
+ VKNeitdY8Qywr5c00dpJaRXCkxxKrBgo5ycOg9mUkGsfxFrGnSeI5I9OstAtY4YJ43h0iJxABmI
+ eZJPKTJcuwGRIwBAwvQZrldSuWhuLC5jxKsunxq65zuYE9c/wAu1eTVdqh1RleVka0OsT3PiW9a
+ 6vbdPMu/tEypBti3BDtZUxx1IwenenWdvJ4tvp9Khn0iLUb2ylnubvU48yStCm/y43AJV32kKoB
+ zjHArgLWTZbzbSrByCWViCAew9RV2yv5tJ1HStSsLq4t9QhkcMYiRJHuVkO09sqxGfQmoUVfXob
+ aPdGHY6zqvh3xdpmtaf9niu7Vt8Pn24lRkkjKlXQnDKVY5HqPaor6VnjjuI2KsxzgcY5q9qEAml
+ 8nYsCKoFsgXAK9lHpgcVkWrm4821kwvlxkg7TwQODxXSpc6XkTonoVrSF31iO3LfNcOEAH8RJwP
+ 1IrbWSSzhks7iLLRysrg92BwVPtXPLKUtrK4jcrcxzbsY5UjBUg+xrS1K5ebVJp8Rskw8wuAQQx
+ 5Oc985rWceYlMdckQrBKG8uMuWU9THyASfpz+FVYLoWs08SyGUM7bXU4DAHIYfX+tVRNJvki8yR
+ VdPmBxjPaqN07ReSpBZ0Xbz6Z/pWkYXVhNo6e7iie+lZHXDL5mFcnqORmsZJFhvommQGPfFIy5x
+ uXIJGexIzV4LJJdXkqgSQLDGUIPKjPP51jajdINHSRSqSxr02gbsng1NKOtiW9GzK8U3Vtea3e3
+ Fo0jWrXB8jeuG29sj17fhXKBsP8A7OatXLMYwDk85NV9igctz2FexTioxsjmbu7mghaWxjXcNqk
+ 47fhRVeOIlB+9G0jIA5orXkibQqtK1j7W1O3XQbCzsLESRwW9q4dd/wA3J5AHvnGOp+leT/Ea8k
+ bRfDeii7tru3tVkmZ4Jd6F2ABIbjI+YjoMEUUV8tQl/tLFLseWyKM9SDnqoqsrtFdxTE5aKQMp7
+ 8GiivVhqTOK1PUINcnayWS1vZSdRi3X+UXDMFOF9cAjIzRDdmfw48HmllspxKgc4yrNgj27fSii
+ uKaSuuxtTRnBPMvJoELBmUtEo5I77arpcyJPtlARzICc9Rz/AIUUVCgnctSaRoalNFPp2F2hkZT
+ GQTkAf41ns0Q1O21GO3XZcQFZVAO0NyGx6djiiihaRZltJGU6omoz2xDcnKMWxioZ5h9iCkDAzg
+ 0UVvHWxaM55SCUxh8fKwb9Kq3co2wj51KA7mJ7k0UV1QVmZ1XZXOu0m7jTwtfFxmRsBCOw75rgb
+ 6cy3RVSDGoPHrjpRRRh4pTkOs2opGYVbBfHB64pvkgw7sHO7A9KKK9aPQwqJJksWYo8/wAR9KKK
+ KXImP2rjoj//2Q==
+mail: Sprout.Ponoma@Hogwarts.edu
+uid: 20012
+userPassword:: e1NIQX1TWGtQdURDQUQzTE9Manh0Y1lsQ2xLbjFJSE09
+
diff --git a/ldap_user/LdapUserConf.class.php b/ldap_user/LdapUserConf.class.php
index 926b472..b5d6d7d 100644
--- a/ldap_user/LdapUserConf.class.php
+++ b/ldap_user/LdapUserConf.class.php
@@ -229,7 +229,6 @@ class LdapUserConf {
     else {
       $this->inDatabase = FALSE;
     }
-
     // determine account creation configuration
     $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
     if ($this->acctCreation == LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT || $user_register == USER_REGISTER_VISITORS) {
@@ -444,7 +443,7 @@ class LdapUserConf {
    * @param enum $direction LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY
    *
    * @param enum $prov_event
-   *   LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,LDAP_USER_EVENT_CREATE_DRUPAL_USER
+   *   LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, LDAP_USER_EVENT_CREATE_DRUPAL_USER
    *   LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY LDAP_USER_EVENT_CREATE_LDAP_ENTRY
    *   LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT
    *   LDAP_USER_EVENT_ALL
@@ -457,22 +456,20 @@ class LdapUserConf {
     $result = FALSE;
 
     if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
+
       if (!$this->ldapEntryProvisionServer) {
-        //debug('provisionEnabled:a');
         $result = FALSE;
       }
       else {
-        //debug('provisionEnabled:b');
         $result = in_array($provision_trigger, $this->ldapEntryProvisionTriggers);
       }
+
     }
     elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
       if (!$this->drupalAcctProvisionServer) {
-        //debug('provisionEnabled:c');
         $result = FALSE;
       }
       else {
-        //debug('provisionEnabled:d');
         $result = in_array($provision_trigger, $this->drupalAcctProvisionTriggers);
       }
     }
@@ -663,8 +660,6 @@ class LdapUserConf {
    */
 
   public function synchToLdapEntry($account, $user_edit = NULL, $ldap_user =  array(), $test_query = FALSE) {
-    //dpm("synchToLdapEntry, test_query=$test_query, account, user_edit"); dpm($account); dpm($user_edit);
-   // debug("synchToLdapEntry, test_query=$test_query, account, user_edit"); debug($account); debug($user_edit);
 
     if (is_object($account) && property_exists($account, 'uid') && $account->uid == 1) {
       return FALSE; // do not provision or synch user 1
@@ -676,7 +671,7 @@ class LdapUserConf {
 
     if ($this->ldapEntryProvisionServer) {
       $ldap_server = ldap_servers_get_servers($this->ldapEntryProvisionServer, NULL, TRUE);
-     // dpm('synchToLdapEntry:ldap_server, prov='. $this->ldapEntryProvisionServer); dpm($ldap_server);
+
       $params = array(
         'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
         'prov_events' => array(LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
@@ -686,15 +681,12 @@ class LdapUserConf {
       );
 
       list($proposed_ldap_entry, $error) = $this->drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user);
-     // //debug('synchToLdapEntry:proposed_ldap_entry'); //debug($proposed_ldap_entry); //debug("error=$error");
       if ($error != LDAP_USER_PROV_RESULT_NO_ERROR) {
-       // //debug("synchToLdapEntry:proposed_ldap_entryerror=$error");
         $result = FALSE;
       }
       elseif (is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn'])) {
         $existing_ldap_entry = $ldap_server->dnExists($proposed_ldap_entry['dn'], 'ldap_entry');
         $attributes = array(); // this array represents attributes to be modified; not comprehensive list of attributes
-       // //debug('synchToLdapEntry:proposed_ldap_entry'); //debug($proposed_ldap_entry);
         foreach ($proposed_ldap_entry as $attr_name => $attr_values) {
           if ($attr_name != 'dn') {
             if (isset($attr_values['count'])) {
@@ -708,7 +700,7 @@ class LdapUserConf {
             }
           }
         }
-  //     //dpm('synchToLdapEntry:attributes passed to modifyLdapEntry, dn='. $proposed_ldap_entry['dn']);//dpm($attributes);
+
         if ($test_query) {
           $proposed_ldap_entry = $attributes;
           $result = array(
@@ -733,21 +725,12 @@ class LdapUserConf {
           if ($result) { // success
             module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context);
           }
-
-
         }
       }
       else { // failed to get acceptable proposed ldap entry
         $result = FALSE;
       }
-
-
-      //  $attributes["attribute1"] = "value";
-     //   $attributes["attribute2"][0] = "value1";
-      //  $attributes["attribute2"][1] = "value2";
     }
-   ////dpm('provisionLdapEntry:results');//dpm($results);
-
 
     $tokens = array(
       '%dn' => isset($result['proposed']['dn']) ? $result['proposed']['dn'] : NULL,
@@ -811,10 +794,8 @@ class LdapUserConf {
     }
 
     if ($save) {
-     // $account = new stdClass();
       $account = user_load($drupal_user->uid);
       $result = user_save($account, $user_edit, 'ldap_user');
-
       return $result;
     }
     else {
@@ -955,7 +936,7 @@ class LdapUserConf {
   //  debug('mappings'); debug($mappings);
       // Loop over the mappings.
     foreach ($mappings as $field_key => $field_detail) {
-      list($ldap_attr_name, $ordinal, $source_data_type, $target_data_type) = ldap_servers_token_extract_parts($field_key, TRUE);  //trim($field_key, '[]');
+      list($ldap_attr_name, $ordinal, $conversion) = ldap_servers_token_extract_parts($field_key, TRUE);  //trim($field_key, '[]');
       $ordinal = (!$ordinal) ? 0 : $ordinal;
       if ($ldap_user_entry && isset($ldap_user_entry[$ldap_attr_name]) && is_array($ldap_user_entry[$ldap_attr_name]) && isset($ldap_user_entry[$ldap_attr_name][$ordinal]) ) {
         continue; // don't override values passed in;
@@ -984,7 +965,7 @@ class LdapUserConf {
           if ($include_count) {
             $ldap_user_entry[$ldap_attr_name]['count'] = count($ldap_user_entry[$ldap_attr_name]);
           }
-         // dpm("ldap_user_entry: $ldap_attr_name=$ldap_attr_name, ordinal=$ordinal"); dpm($ldap_user_entry[$ldap_attr_name]);
+
         }
 
       }
@@ -1053,7 +1034,7 @@ class LdapUserConf {
       $watchdog_tokens['%username'] = $user_edit['name'];
     }
     if ($this->drupalAcctProvisionServer) {
-     // dpm("this->drupalAcctProvisionServer=" . $this->drupalAcctProvisionServer);
+
       $ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE);  // $ldap_user['sid']
 
       $params = array(
@@ -1085,6 +1066,33 @@ class LdapUserConf {
       else { // create drupal account
         $this->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_CREATE_DRUPAL_USER));
         if ($save) {
+          $watchdog_tokens = array('%drupal_username' =>  $user_edit['name']);
+          if (empty($user_edit['name'])) {
+            drupal_set_message(t('User account creation failed because of invalid, empty derived Drupal username.'), 'error');
+            watchdog('ldap_user',
+              'Failed to create Drupal account %drupal_username because drupal username could not be derived.',
+              $tokens,
+              WATCHDOG_ERROR
+            );
+            return FALSE;
+          }
+          if (!isset($user_edit['mail']) || !$user_edit['mail']) {
+            drupal_set_message(t('User account creation failed because of invalid, empty derived email address.'), 'error');
+            watchdog('ldap_user',
+              'Failed to create Drupal account %drupal_username because email address could not be derived by LDAP User module',
+              $tokens,
+              WATCHDOG_ERROR
+            );
+            return FALSE;
+          }
+          if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) {
+            $watchdog_tokens['%email'] = $user_edit['mail'];
+            $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
+            watchdog('ldap_user', 'LDAP user %drupal_username has email address
+              (%email) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
+            drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
+            return FALSE;
+          }
           $account = user_save(NULL, $user_edit, 'ldap_user');
           if (!$account) {
             drupal_set_message(t('User account creation failed because of system problems.'), 'error');
@@ -1159,10 +1167,11 @@ class LdapUserConf {
    * ... should not assume all attribues are present in ldap entry
    *
    * @param array ldap entry $ldap_user
-   * @param object $ldap_server
    * @param array $edit see hook_user_save, hook_user_update, etc
-   * @param drupal account object $account
-   * @param string $op see hook_ldap_attributes_needed_alter
+   * @param object $ldap_server
+   * @param enum $direction
+   * @param array $prov_events
+   *
    */
 
   function entryToUserEdit($ldap_user, &$edit, $ldap_server, $direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, $prov_events = NULL) {
@@ -1179,11 +1188,21 @@ class LdapUserConf {
       }
     }
 
-    if ($this->isSynched('[property.name]', $prov_events, $direction) && !isset($edit['name'])) {
-      $name = $ldap_server->userUsernameFromLdapEntry($ldap_user['attr']);
-      if ($name) {
-        $edit['name'] = $name;
-      }
+    $drupal_username = $ldap_server->userUsernameFromLdapEntry($ldap_user['attr']);
+		if ($this->isSynched('[property.picture]', $prov_events, $direction)){
+
+			$picture = $ldap_server->userPictureFromLdapEntry($ldap_user['attr'], $drupal_username);
+
+			if ($picture){
+				$edit['picture'] = $picture;
+				if(isset($picture->md5Sum)){
+					$edit['data']['ldap_user']['init']['thumb5md'] = $picture->md5Sum;
+				}
+			}
+		}
+
+    if ($this->isSynched('[property.name]', $prov_events, $direction) && !isset($edit['name']) && $drupal_username) {
+      $edit['name'] = $drupal_username;
     }
 
     if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER && in_array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, $prov_events)) {
@@ -1224,7 +1243,7 @@ class LdapUserConf {
 
      // Loop over the mappings.
     foreach ($mappings as $user_attr_key => $field_detail) {
-     // //dpm('field detail');//dpm($field_detail);
+
        // Make sure this mapping is relevant to the sync context.
       if (!$this->isSynched($user_attr_key, $prov_events, $direction)) {
         continue;
@@ -1271,6 +1290,9 @@ class LdapUserConf {
     // Allow other modules to have a say.
 
     drupal_alter('ldap_user_edit_user', $edit, $ldap_user, $ldap_server, $prov_events);
+    if (isset($edit['name']) && $edit['name'] == '') {  // don't let empty 'name' value pass for user
+      unset($edit['name']);
+    }
 
   }
   /**
diff --git a/ldap_user/LdapUserConfAdmin.class.php b/ldap_user/LdapUserConfAdmin.class.php
index d71a929..1584c76 100644
--- a/ldap_user/LdapUserConfAdmin.class.php
+++ b/ldap_user/LdapUserConfAdmin.class.php
@@ -73,8 +73,7 @@ class LdapUserConfAdmin extends LdapUserConf {
     }
     $this->drupalAcctProvisionServerOptions['none'] = t('None');
     $this->ldapEntryProvisionServerOptions['none'] = t('None');
-  //  dpm($this->ldapUserSynchMappings);
-   // print "<pre>"; print_r($this->ldapUserSynchMappings);
+
   }
 
 
@@ -304,11 +303,11 @@ the top of this form.
 
       if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
         $parent_fieldset = 'basic_to_drupal';
-        $description =  t('Provisioning from LDAP to Drupal Mapppings:');
+        $description =  t('Provisioning from LDAP to Drupal Mappings:');
       }
       elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
         $parent_fieldset = 'basic_to_ldap';
-        $description =   t('Provisioning from Drupal to LDAP Mapppings:');
+        $description =   t('Provisioning from Drupal to LDAP Mappings:');
       }
 
       $form[$parent_fieldset]['mappings__' . $direction] = array(
@@ -324,13 +323,18 @@ the top of this form.
       );
 
 
-      $password_notes = <<<EOT
-<ul>
-<li>Pwd: Random -- Uses a random Drupal generated password</li>
-<li>Pwd: User or Random -- Uses password supplied on user forms.
-  If none available uses random password.</li>
-</ul>
-EOT;
+$password_notes = '<h3>' . t('Password Tokens') . '</h3><ul>' .
+'<li>' . t('Pwd: Random -- Uses a random Drupal generated password') . '</li>' .
+'<li>' . t('Pwd: User or Random -- Uses password supplied on user forms.
+  If none available uses random password.') . '</li></ul>' .
+'<h3>' . t('Password Concerns') . '</h3>' .
+'<ul>' .
+'<li>' . t('Provisioning passwords to LDAP means passwords must meet the LDAP\'s
+password requirements.  Password Policy module can be used to add requirements.') . '</li>' .
+'<li>' . t('Some LDAPs require a user to reset their password if it has been changed
+by someone other that user.  Consider this when provisioning LDAP passwords.') . '</li>' .
+'</ul></p>';
+
 
       $source_drupal_token_notes = <<<EOT
 <p>Examples in form: Source Drupal User token => Target LDAP Token (notes)</p>
@@ -350,7 +354,7 @@ EOT;
       if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { // add some password notes
         $form[$parent_fieldset]['password_notes'] = array(
           '#type' => 'fieldset',
-          '#title' =>  t('Password Source Options'),
+          '#title' =>  t('Password Notes'),
           '#collapsible' => TRUE,
           '#collapsed' => TRUE,
           'directions' => array(
@@ -507,7 +511,7 @@ EOT;
             }
           }
         }
-       // dpm("mappings"); dpm($mappings);
+
         foreach ($mappings as $target_attr => $mapping) {
           foreach ($mapping as $key => $value) {
             if (is_scalar($value)) {
@@ -963,24 +967,25 @@ EOT;
     $values['ldapEntryProvisionServerDescription'] = t('Check ONE LDAP server configuration to create ldap entries on.');
 
     $values['drupalAccountProvisionEventsDescription'] = t('Which user fields and properties are synched on create or synch is determined in the
-      "Provisioning from LDAP to Drupal mapppings" table below in the right two columns.');
+      "Provisioning from LDAP to Drupal mappings" table below in the right two columns.');
 
     $values['drupalAccountProvisionEventsOptions'] = array(
       LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE => t('Create or Synch to Drupal user on successful authentication with LDAP
         credentials. (Requires LDAP Authentication module).'),
       LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE => t('Create or Synch to Drupal user anytime a Drupal user account
         is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind".'),
-      LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => t('Provide option on admin/people/create to create corresponding LDAP Entry.'),
-    );
+      );
 
     $values['ldapEntryProvisionTriggersDescription'] = t('Which LDAP attributes are synched on create or synch is determined in the
-      "Provisioning from Drupal to LDAP mapppings" table below in the right two columns.');
+      "Provisioning from Drupal to LDAP mappings" table below in the right two columns.');
 
     $values['ldapEntryProvisionTriggersOptions'] = array(
       LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE => t('Create or Synch to LDAP entry when a Drupal account is created or updated.
         Only applied to accounts with a status of approved.'),
       LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE => t('Create or Synch to LDAP entry when a user authenticates.'),
       LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE => t('Delete LDAP entry when the corresponding Drupal Account is deleted.  This only applies when the LDAP entry was provisioned by Drupal by the LDAP User module.'),
+      LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => t('Provide option on admin/people/create to create corresponding LDAP Entry.'),
+
     );
 
     $values['orphanedDrupalAcctBehaviorDescription'] = '<ul>' .
diff --git a/ldap_user/ldap_user.cron.inc b/ldap_user/ldap_user.cron.inc
index bbd2e32..5cf2d3c 100644
--- a/ldap_user/ldap_user.cron.inc
+++ b/ldap_user/ldap_user.cron.inc
@@ -88,12 +88,16 @@ function _ldap_user_orphans($ldap_user_conf) {
     $accounts = entity_load('user', $batch_uids);
 
     foreach ($accounts as $uid => $user) {
-
       $sid = @$user->ldap_user_puid_sid['und'][0]['value'];
       $puid = @$user->ldap_user_puid['und'][0]['value'];
       $puid_attr = @$user->ldap_user_puid_property['und'][0]['value'];
       if ($sid && $puid && $puid_attr) {
-        $filters[$sid][$puid_attr][] = "($puid_attr=$puid)";
+        if ($ldap_servers[$sid]->unique_persistent_attr_binary) {
+          $filters[$sid][$puid_attr][] = "($puid_attr=" . ldap_servers_binary_filter($puid) . ")";
+        }
+        else {
+          $filters[$sid][$puid_attr][] = "($puid_attr=$puid)";
+        }
         $drupal_users[$sid][$puid_attr][$puid]['uid'] = $uid;
         $drupal_users[$sid][$puid_attr][$puid]['exists'] = FALSE;
       }
@@ -106,7 +110,6 @@ function _ldap_user_orphans($ldap_user_conf) {
     //2. set $drupal_users[$sid][$puid_attr][$puid]['exists'] to FALSE
     // if entry doesn't exist
     foreach ($filters as $sid => $puid_attrs) {
-
       if (!isset($ldap_servers[$sid])) {
         if (!isset($watchdogs_sids_missing_watchdogged[$sid])) {
           watchdog(
@@ -137,7 +140,7 @@ function _ldap_user_orphans($ldap_user_conf) {
 
         unset($ldap_entries['count']);
         foreach ($ldap_entries as $i => $ldap_entry) {
-          $puid = $ldap_entry[$puid_attr][0];
+          $puid = $ldap_servers[$sid]->userPuidFromLdapEntry($ldap_entry);
           $drupal_users[$sid][$puid_attr][$puid]['exists'] = TRUE;
         }
       }
diff --git a/ldap_user/ldap_user.info b/ldap_user/ldap_user.info
index 4b42c82..b7038a1 100644
--- a/ldap_user/ldap_user.info
+++ b/ldap_user/ldap_user.info
@@ -4,6 +4,7 @@ package = Lightweight Directory Access Protocol
 dependencies[] = ldap_servers
 dependencies[] = entity
 dependencies[] = number
+
 core = 7.x
 
 files[] = ldap_user.api.php
diff --git a/ldap_user/ldap_user.install b/ldap_user/ldap_user.install
index 99610cf..3e13e89 100644
--- a/ldap_user/ldap_user.install
+++ b/ldap_user/ldap_user.install
@@ -105,6 +105,10 @@ function ldap_user_uninstall() {
     }
   }
 
+  variable_del('ldap_user_conf');
+  variable_del('ldap_user_cron_last_orphan_checked');
+  variable_del('ldap_user_cron_last_uid_checked');
+
 }
 
 /**
diff --git a/ldap_user/ldap_user.module b/ldap_user/ldap_user.module
index bd8f3d1..95bd38a 100644
--- a/ldap_user/ldap_user.module
+++ b/ldap_user/ldap_user.module
@@ -216,13 +216,14 @@ function ldap_user_ldap_attributes_needed_alter(&$attributes, $params) {
     if (!isset($attributes['dn'])) {
       $attributes['dn'] = array();
     }
-    $attributes['dn'] = ldap_servers_set_attribute_map($attributes['dn'], 'ldap_dn', 'ldap_dn'); // force this data type
+    $attributes['dn'] = ldap_servers_set_attribute_map($attributes['dn']); // force dn "attribute" to exist
     switch ($params['ldap_context']) { // Add the attributes required by the user configuration when provisioning drupal users
       case 'ldap_user_insert_drupal_user':
       case 'ldap_user_update_drupal_user':
       case 'ldap_user_ldap_associate':
         $attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->user_attr]); // array($ldap_server->user_attr, 0, NULL);
         $attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->mail_attr]);
+        $attributes[$ldap_server->picture_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->picture_attr]);
         $attributes[$ldap_server->unique_persistent_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->unique_persistent_attr]);
         if ($ldap_server->mail_template) {
           ldap_servers_token_extract_attributes($attributes,  $ldap_server->mail_template);
@@ -271,6 +272,17 @@ function ldap_user_ldap_user_attrs_list_alter(&$available_user_attrs, &$params)
       'configurable_to_ldap' => TRUE,
     );
 
+    $available_user_attrs['[property.picture]'] =  array(
+    		'name' => 'Property: picture',
+    		'source' => '',
+    		'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
+    		'enabled' => TRUE,
+    		'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
+    		'config_module' => 'ldap_user',
+    		'prov_module' => 'ldap_user',
+    		'configurable_to_ldap' => TRUE,
+    );
+
     $available_user_attrs['[property.uid]'] =  array(
       'name' => 'Property: Drupal User Id (uid)',
       'source' => '',
@@ -281,6 +293,7 @@ function ldap_user_ldap_user_attrs_list_alter(&$available_user_attrs, &$params)
       'prov_module' => 'ldap_user',
       'configurable_to_ldap' => TRUE,
     );
+
   }
 
   // 1. Drupal user properties
@@ -342,6 +355,7 @@ function ldap_user_ldap_user_attrs_list_alter(&$available_user_attrs, &$params)
   if (!$ldap_user_conf->provisionsDrupalAccountsFromLdap) {
     $available_user_attrs['[property.mail]']['config_module'] = 'ldap_user';
     $available_user_attrs['[property.name]']['config_module'] = 'ldap_user';
+    $available_user_attrs['[property.picture]']['config_module'] = 'ldap_user';
   }
 
   if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
@@ -399,7 +413,7 @@ function ldap_user_ldap_user_attrs_list_alter(&$available_user_attrs, &$params)
       }
 
     }
-   // dpm($available_user_attrs);
+
   }
 
    // 3. profile2 fields
@@ -453,6 +467,12 @@ function ldap_user_form_user_profile_form_alter(&$form, $form_state) {
   array_unshift($form['#submit'], 'ldap_user_grab_password_validate');
 }
 
+/**
+* Implements hook_form_FORM_ID_alter(). for password_policy_password_tab
+*/
+function ldap_user_form_password_policy_password_tab_alter(&$form, &$form_state) {
+  array_unshift($form['#validate'], 'ldap_user_grab_password_validate');
+}
 
 /**
  * store password from logon forms in ldap_user_ldap_provision_pwd static variable
@@ -460,13 +480,22 @@ function ldap_user_form_user_profile_form_alter(&$form, $form_state) {
  */
 function ldap_user_grab_password_validate($form, &$form_state) {
 
-  if (!empty($form_state['values']['pass'])) {
+  // This is not a login form but profile form and user is insertingpassword to update email
+  if (!empty($form_state['values']['current_pass_required_values'])) {
+    if (!empty($form_state['values']['current_pass']) && empty($form_state['values']['pass'])) {
+      ldap_user_ldap_provision_pwd('set', $form_state['values']['current_pass']);
+    }
+  }
+  // otherwise a logon form
+  elseif (!empty($form_state['values']['pass'])) {
     ldap_user_ldap_provision_pwd('set', $form_state['values']['pass']);
   }
 
 }
 
 
+
+
 /**
  * Implements hook_form_FORM_ID_alter(). for user_register_form
  */
@@ -536,14 +565,13 @@ function ldap_user_form_register_form_validate($form, &$form_state) {
   $values = $form_state['values'];
   $user_ldap_entry = NULL;
   $drupal_username = $form_state['values']['name'];
-  //dpm('ldap_user_form_register_form_validate'); dpm($form_state['values']);
 
   // if corresponding ldap account doesn't exist and provision not selected and make ldap associated is selected, throw error
   if (!@$values['ldap_user_create_ldap_acct'] && @$values['ldap_user_association'] == LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE) {
     $ldap_user_conf = ldap_user_conf();
     $ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $ldap_user_conf->ldapEntryProvisionServer, 'ldap_user_prov_to_drupal');
     if (!$ldap_user) {
-     // dpm($ldap_user);
+
       form_set_error('ldap_user_association', t('User %name does not have a corresponding LDAP Entry (dn).
         Under LDAP options, you may NOT select "Make this an LDAP Associated Account"', array('%name' => $drupal_username)));
     }
@@ -797,10 +825,6 @@ function ldap_user_user_login(&$edit, $account) {
     }
   }
 
-  // provision to drupal.  synch is here.  create is in ldap authentication, because
-
-  // check for provisioning to drupal and override synched user fields/props
-
   $prov_enabled = $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE);
 
   if ($ldap_user_conf->provisionsDrupalAccountsFromLdap && in_array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, array_keys($ldap_user_conf->provisionsDrupalEvents))) {
@@ -821,9 +845,6 @@ function ldap_user_user_login(&$edit, $account) {
  */
 function ldap_user_user_insert(&$user_edit, $account, $category) {
 
- // debug('ldap_user_user_insert'); debug($user_edit); debug($account); // ldap_user_user_insert, category='. $category . 'account->status = ' . $account->status);
-
-
   global $user;
   $is_user_1 = ($category == 'ldap_user' || (is_object($account) && property_exists($account, 'uid') && $account->uid == 1));
   $new_account_request = (boolean)($user->uid == 0 && $account->access == 0 && $account->login == 0); // check for first time user
@@ -847,15 +868,12 @@ function ldap_user_user_insert(&$user_edit, $account, $category) {
     $prov_enabled = $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE);
     if ($prov_enabled) {
       $ldap_provision_entry = $ldap_user_conf->getProvisionRelatedLdapEntry($account);
-     // debug("ldap_provision_entry from getProvisionRelatedLdapEntry ="); debug($ldap_provision_entry);
       if (!$ldap_provision_entry) {
-     //    debug('ldap_user_user_insert:5');
         $provision_result = $ldap_user_conf->provisionLdapEntry($account);
         if ($provision_result['status'] == 'success') {
           ldap_user_ldap_provision_semaphore('provision', 'set', $account->name);
         }
-     //   debug('ldap_test_server__' . $ldap_user_conf->ldapEntryProvisionServer); debug(variable_get('ldap_test_server__' .  $ldap_user_conf->ldapEntryProvisionServer, array()));
-      }
+       }
       elseif ($ldap_provision_entry) {
         $bool_result = $ldap_user_conf->synchToLdapEntry($account, $user_edit);
         if ($bool_result) {
@@ -866,33 +884,29 @@ function ldap_user_user_insert(&$user_edit, $account, $category) {
   }
 }
 
-
 /**
- * Implements hook_user_update().
- *
- * perhaps hook_user_presave(&$edit, $account, $category)
+ * Implements hook_user_update()
  */
 
 function ldap_user_user_update(&$user_edit, $account, $category) {
- //debug("ldap_user_user_update, category=$category"); debug($user_edit); debug($account); // ldap_user_user_insert, category='. $category . 'account->status = ' . $account->status);
- //debug("ldap_user_is_ldap_associated?" . (int)ldap_user_is_ldap_associated($account));
+  //debug("ldap_user_user_update, category=$category"); debug($user_edit); debug($account); // ldap_user_user_insert, category='. $category . 'account->status = ' . $account->status);
   if ($category == 'ldap_user' || (is_object($account) && property_exists($account, 'uid') && $account->uid == 1)) {
     return; // do not provision or synch user 1
   }
 
-  $already_provisioned_to_ldap = ldap_user_ldap_provision_semaphore('provision', 'get' , $account->name);
-  $already_synched_to_ldap = ldap_user_ldap_provision_semaphore('synch', 'get' , $account->name);
-  if ($already_provisioned_to_ldap || $already_synched_to_ldap) {
-    return;
-  }
-
   $ldap_user_conf = ldap_user_conf();
   // check for provisioning to LDAP; this will normally occur on hook_user_insert or other event when drupal user is created.
   if ($ldap_user_conf->provisionsLdapEntriesFromDrupalUsers &&
       $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE)) {
 
+    $already_provisioned_to_ldap = ldap_user_ldap_provision_semaphore('provision', 'get' , $account->name);
+    $already_synched_to_ldap = ldap_user_ldap_provision_semaphore('synch', 'get' , $account->name);
+    if ($already_provisioned_to_ldap || $already_synched_to_ldap) {
+      return;
+    }
+
     $provision_result = array('status' => 'none');
-    // always check if provisioing to ldap has already occurred this page load
+    // always check if provisioning to ldap has already occurred this page load
     $ldap_entry = $ldap_user_conf->getProvisionRelatedLdapEntry($account);
     if (!$ldap_entry) { //{
       $provision_result = $ldap_user_conf->provisionLdapEntry($account);
@@ -900,9 +914,7 @@ function ldap_user_user_update(&$user_edit, $account, $category) {
         ldap_user_ldap_provision_semaphore('provision', 'set', $account->name);
       }
     }
-
     // synch if not just provisioned and enabled
-
     if ($provision_result['status'] != 'success' ) {
       // always check if provisioing to ldap has already occurred this page load
       $provision_enabled = $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE);
@@ -916,19 +928,40 @@ function ldap_user_user_update(&$user_edit, $account, $category) {
     }
   }
 
+}
+
+ /**
+ * Implements hook_user_presave()
+ */
+
+function ldap_user_user_presave(&$user_edit, $account, $category) {
+ //debug("ldap_user_user_presave, category=$category"); debug($user_edit); debug($account); // ldap_user_user_insert, category='. $category . 'account->status = ' . $account->status);
+
+  if ($category == 'ldap_user' || (is_object($account) && property_exists($account, 'uid') && $account->uid == 1)) {
+    return; // do not provision or synch user 1
+  }
+  if (isset($account->name)) {
+    $drupal_username = $account->name;
+  }
+  elseif (!!empty($user_edit['name'])) {
+    $drupal_username = $user_edit['name'];
+  }
+  else {
+    return;
+  }
+  $ldap_user_conf = ldap_user_conf();
+
   // check for provisioning to drupal and override synched user fields/props
   if ($ldap_user_conf->provisionsDrupalAccountsFromLdap && in_array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, array_keys($ldap_user_conf->provisionsDrupalEvents))) {
     if (ldap_user_is_ldap_associated($account, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER)) {
-      $ldap_user = ldap_servers_get_user_ldap_data($account->name, $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
+      $ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
       $ldap_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, NULL, TRUE);
       $ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER));
-      $account = user_save($account, $user_edit, 'ldap_user');
     }
   }
 
 }
 
-
 /**
  * Implements hook_user_delete().
  */
@@ -1015,12 +1048,12 @@ function ldap_user_field_widget_form(&$form, &$form_state, $field, $instance, $l
 function ldap_user_synch_triggers_key_values() {
 
   return array(
-    LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE => 'DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE',
-    LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE => 'DRUPAL_USER_PROV_ON_AUTHENTICATE',
-    LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => 'LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE',
-    LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE => 'LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE',
-    LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE => 'LDAP_ENTRY_PROV_ON_AUTHENTICATE',
-    LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE => 'LDAP_ENTRY_DELETE_ON_USER_DELETE',
+    LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE => t('On synch to Drupal user create or update. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind".'),
+    LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE => t('On create or synch to Drupal user when successfully authenticated with LDAP credentials. (Requires LDAP Authentication module).'),
+    LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => t('On manual creation of Drupal user from admin/people/create and "Create corresponding LDAP entry" is checked'),
+    LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE => t('On creation or synch of an LDAP entry when a Drupal account is created or updated. Only applied to accounts with a status of approved.'),
+    LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE => t('On creation or synch of an LDAP entry when a user authenticates.'),
+    LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE => t('On deletion of an LDAP entry when the corresponding Drupal Account is deleted.  This only applies when the LDAP entry was provisioned by Drupal by the LDAP User module.'),
   );
 
 }
@@ -1125,4 +1158,4 @@ function ldap_user_token_tokenize_entry($account, $token_keys, $pre = LDAP_SERVE
 
     return array($account, $user_entity);
 
-  }
\ No newline at end of file
+  }
diff --git a/ldap_user/ldap_user.test_form.inc b/ldap_user/ldap_user.test_form.inc
index 8d26319..2a10267 100644
--- a/ldap_user/ldap_user.test_form.inc
+++ b/ldap_user/ldap_user.test_form.inc
@@ -161,7 +161,6 @@ function ldap_user_test_form_submit($form, &$form_state) {
         }
       }
     }
-   // dpm('results'); dpm($results);
     // do all synchs second, in case logic of form changes to allow executing mulitple events
     foreach (array_filter($selected_actions) as $i => $synch_trigger) {
       $synch_trigger_description = $synch_trigger_options[$synch_trigger];
@@ -171,7 +170,7 @@ function ldap_user_test_form_submit($form, &$form_state) {
             $discard = $ldap_user_conf->synchToDrupalAccount(NULL, $user_edit, NULL, $test_query);
             $results['synchToDrupalAccount method results']["context = $synch_trigger_description"]['proposed'] = $user_edit;
           }
-          else {
+          else { // to ldap
             $provision_result = $ldap_user_conf->synchToLdapEntry($user_object, $user_edit, array(), $test_query);
             $results['synchToLdapEntry method results']["context = $synch_trigger_description"] = $provision_result;
           }
@@ -180,7 +179,7 @@ function ldap_user_test_form_submit($form, &$form_state) {
           if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
             $results['synchToDrupalAccount method results']["context = $synch_trigger_description"] = 'Not enabled.';
           }
-          else {
+          else { // to ldap
             $results['synchToLdapEntry method results']["context = $synch_trigger_description"] = 'Not enabled.';
           }
         }
diff --git a/ldap_user/tests/ldap_user.test b/ldap_user/tests/ldap_user.test
index d717b74..856812a 100644
--- a/ldap_user/tests/ldap_user.test
+++ b/ldap_user/tests/ldap_user.test
@@ -55,7 +55,7 @@ class LdapUserUnitTests extends LdapTestCase {
     $setup_success = (
         module_exists('ldap_user') &&
         module_exists('ldap_servers') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) > 0)
       );
     $this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId('setup'));
 
@@ -678,7 +678,7 @@ class LdapUserIntegrationTests extends LdapTestCase {
     $setup_success = (
         module_exists('ldap_user') &&
         module_exists('ldap_servers') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) > 0)
       );
     $this->assertTrue($setup_success, ' ldap_user setup successful', $this->testId("setup"));
 
@@ -995,7 +995,7 @@ class LdapUserIntegrationTests extends LdapTestCase {
     $setup_success = (
         module_exists('ldap_user') &&
         module_exists('ldap_servers') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) > 0)
       );
     $this->assertTrue($setup_success, ' ldap_user setup successful',  $this->testId('orphaned entries tests'));
 
@@ -1212,7 +1212,7 @@ class LdapUserUITests extends LdapTestCase {
     $setup_success = (
         module_exists('ldap_user') &&
         module_exists('ldap_servers') &&
-        (variable_get('ldap_simpletest', 0) > 0)
+        (variable_get('ldap_simpletest', 2) > 0)
       );
     $this->assertTrue($setup_success, ' ldap_user setup successful',  $this->testId('user interface tests'));
 
diff --git a/ldap_user/tests/ldap_user.test.manual.txt b/ldap_user/tests/ldap_user.test.manual.txt
index 0289e1d..1fa9c28 100644
--- a/ldap_user/tests/ldap_user.test.manual.txt
+++ b/ldap_user/tests/ldap_user.test.manual.txt
@@ -55,7 +55,7 @@ Tests for LDAP Entry ==> Drupal User Provisioning (simpletest: ldap_user/tests/l
     D. Application of Drupal Account settings to LDAP Authenticated Users: [x] Account Creating Settings ... do not affect...
     E. Basic Provisioning to LDAP Settings: for server, select "none"
     F. Rest Webservice: leave disabled
-    G. Server mappings section. Provisioning from LDAP to Drupal mapppings. (Source LDAP Tokens will vary from ldap to ldap)
+    G. Server mappings section. Provisioning from LDAP to Drupal mappings. (Source LDAP Tokens will vary from ldap to ldap)
        i. [givenname] -- to drupal user -> Field: First Name [x] on drupal user creation [x] on synch...
        ii. [sn:0] -- to drupal user -> Field: Last Name [x] on drupal user creation [x] on synch...
        iii. [givenname] [sn] -- to drupal user -> Field: Display Name [x] on drupal user creation [ ] on synch...
diff --git a/ldap_views/plugins/ldap_views_plugin_query_ldap.inc b/ldap_views/plugins/ldap_views_plugin_query_ldap.inc
index 9a3ec16..b3c9dcb 100644
--- a/ldap_views/plugins/ldap_views_plugin_query_ldap.inc
+++ b/ldap_views/plugins/ldap_views_plugin_query_ldap.inc
@@ -374,6 +374,17 @@ class ldap_views_plugin_query_ldap extends views_plugin_query {
     );
   }
 
+
+  /**
+   * Let modules modify the query just prior to finalizing it.
+   */
+  function alter(&$view) {
+    foreach (module_implements('views_query_alter') as $module) {
+      $function = $module . '_views_query_alter';
+      $function($view, $this);
+    }
+  }
+
 /* Only when adding dynamic fields in ldap_views_views_data_alter()
   function options_submit(&$form, &$form_state) {
     parent::options_submit(&$form, &$form_state);
