View previous topic :: View next topic |
Author |
Message |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Wed Oct 05, 2005 9:47 pm Post subject: |
|
|
slaapkop wrote: |
Or is this a proces that takes more than an hour?
|
No, this should happen in seconds.
If something is wrong it normaly should stop with a failure.
What you can do (if you have no data in your ldap database!!).
Delete all openldap directories under /var/lib and reemerge openldap.
Hope that helps. |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Wed Oct 05, 2005 9:51 pm Post subject: |
|
|
Hi,
I deleted the user and database.
Then i re-aded them again. So there sould be data inside.
Well i will delete my opendlap dirs under /var/lib (again) and remerge openldap again..
Thanks... |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Wed Oct 05, 2005 9:58 pm Post subject: |
|
|
oh,,,, Fu.k i miss read that.
I just deleted those directories.... Oeps.
Hmmm now what,, And i'm emerging openldap again. How can i see if there is data in the ldap database??
Thanks... |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Wed Oct 05, 2005 10:27 pm Post subject: |
|
|
Try a slapcat, and check if data printed out. |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Thu Oct 06, 2005 6:42 am Post subject: |
|
|
oke,
After work a give this thing another shot.
i'm reemerge openldap now. Thats bringing my /var/lib/open-* dirs back?
Can't use putty at work. So Let you know what's happend after work.
Cheers.. |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Thu Oct 06, 2005 6:50 am Post subject: |
|
|
slaapkop wrote: |
Thats bringing my /var/lib/open-* dirs back?
|
Yes.
Have fun and good luck =) |
|
Back to top |
|
 |
thurisaz n00b

Joined: 02 Mar 2005 Posts: 67 Location: Bochum, Germany
|
Posted: Thu Oct 06, 2005 10:18 am Post subject: |
|
|
By the way: I noticed that the description in the ebuild is not correct:
Code: |
* HOWTO: Add a user
* +++++++++++++++++
* /usr/sbin/adduser_ox --username=MYUSERNAME --password=MYPASSWORD --name=FORENAME --sname=SURENAME --maildomain=thurisaz.org --ox_timezone="Europe/Berlin"
* Now you can add the user to a group.
* /usr/sbin/addusertogroup_ox --user=MYUSERNAME --group=NEWGROUPNAME
|
the password-attribute is called --passwd instead of --password; so to add a new user you'll have to do
Code: | /usr/sbin/adduser_ox --username=MYUSERNAME --passwd=MYPASSWORD --name=FORENAME --sname=SURENAME --maildomain=thurisaz.org --ox_timezone="MyTimeZone" |
|
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Thu Oct 06, 2005 4:26 pm Post subject: |
|
|
Hi,
I reemerged openldap.
When i do a:
Code: | slapadd -l /usr/share/open-xchange/init_ldap.ldif |
It returns nothing, so i gues thats good.
But after that when i try to add a group like said in the open-xchange install it stil gives me the same 'ERROR' as in the past.
Code: |
TRUUS open-xchange # /usr/sbin/addgroup_ox --group=LISTS ldap_bind: Can't contact LDAP server (-1)
Added Group LISTS to LDAP
TRUUS open-xchange #
|
And when i try to add a user:
Code: |
/usr/sbin/adduser_ox --username=joep --passwd=joep123 --name=joep --sname=jansen --maildomain=mydomain.nl --ox_timezone="Europe/Amsterdam"
ldap_bind: Can't contact LDAP server (-1)
LDAP Success
SQL Success
TRUUS open-xchange #
|
Any help is apriciated! |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Thu Oct 06, 2005 5:01 pm Post subject: |
|
|
Hi Slaapkop,
please post again your /etc/openldap/slapd.conf and /etc/open-xchange/admintools.conf .
Oh, an other qestion is slapd running?
Code: | /etc/init.d/slapd start |
Hope that helps. |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Thu Oct 06, 2005 6:05 pm Post subject: |
|
|
Hi,
My /etc/openldap/slapd.conf
Code: |
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/openxchange.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
1,1 Top
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
checkpoint 32 30 # <kbyte> <min>
suffix "dc=mydomain,dc=nl"
rootdn "cn=Manager,dc=mydomain,dc=nl"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
rootpw {CRYPT}crYptedPasswd
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq
|
and /etc/open-xchange/admintools.conf:
Code: |
#!/bin/sh
#
# (c) 2004-2100 ;)
# Author: cutmasta AT netline-is D0T de
#
# OX-SCRIPTS - CONFIGURATION PARAMETER :)
#
############## GENERAL CONFIG STUFF ###############
# Your Company Name
# To which Organisation new User belong!
ORGA="NIX"
# OXBASE
OXBASE=`grep -v '^#' /etc/open-xchange/groupware/ldap.conf | grep -i BASE | head -n 1 | awk {'print $2'}`
# LDAP Server - deprecated in favor of LDAPURI
LDAPHOST=`grep -v '^#' /etc/open-xchange/groupware/ldap.conf | grep -i HOST | head -n 1 | awk {'print $2'}`
# LDAP URI - supercedes LDAPHOST
LDAPURI=`awk '/^[Uu][Rr][Ii]/ {print $2; exit;}' /etc/open-xchange/groupware/ldap.conf`
if [ -z "$LDAPURI" ] ; then
LDAPURI="ldap://$LDAPHOST/"
fi
# LDAP Admin
BINDDN="cn=Manager,dc=mydomain,dc=nl"
# LDAP Admin Passwd
BINDPW="password"
if [ -z "$BINDDN" -a -z "$BINDPW" ] ; then # omit unused options
LDAPCONN="-H $LDAPURI" # typical for full Kerberos/LDAP
else
# Note that the -x -should- be a last resort, not the default
LDAPCONN="-H $LDAPURI -D $BINDDN -w $BINDPW -x" # -x is deprecated
fi
# OX LDAP Leaf, where is the "OxObjects" leaf?
OX_LEAF="ou=OxObjects,$OXBASE"
# Default Language
DEFAULT_PREF_LANG="EN"
# Default mail is enabled
DEFAULT_MAIL_ENAB="OK"
# Default the user can send mail to the internet
DEFAULT_INET_MAIL="TRUE"
# Default days of displaying appointments
DEFAULT_OX_APP_DAYS=5
# Default days of displaying tasks
DEFAULT_OX_TASK_DAYS=5
# default the user can write in the global adressbook
DEFAULT_WRITE_GLOBAL_ADDR="TRUE"
# The used Tools - should work on most Systems!
LDAPADD_BIN="ldapadd"
LDAPDELETE_BIN="ldapdelete"
LDAPMODIFY_BIN="ldapmodify"
LDAPSEARCH_BIN="ldapsearch"
GREP_BIN="grep"
SED_BIN="sed"
EXPR_BIN="expr"
SORT_BIN="sort"
HEAD_BIN="head"
TAIL_BIN="tail"
AWK_BIN="awk"
SQL_BIN="psql"
##################################################
###### CONVERT ALL USERNAMES TO LOWERCASE #########
CASE_IGNORE="yes"
##################################################
#################### SQL Stuff #####################
DEFAULT_SQL_HOST="localhost"
DEFAULT_SQL_DB="openexchange"
DEFAULT_SQL_USER="openexchange"
DEFAULT_SQL_PASS="password"
# Default Table where we store the Rights
RIGHTS_TABLE="usr_general_rights"
# Default Template Table where the template is stored!
TEMPLATE_TABLE="sys_gen_rights_template"
# Default Template for creating Users.
# Must exist in the DB
DEFAULT_TEMPLATE_NAME="default_template"
####################################################
####################### LDAP #######################
# Where are the OX Users
USER_BASEDN="ou=Users,$OX_LEAF"
# Where are the OX Groups
GROUP_BASEDN="ou=Groups,$OX_LEAF"
# Where are the OX Resources
RESOURCES_BASEDN="ou=Resources,ou=ResourceObjects,$OX_LEAF"
# Where are the OX Resource Groups
RESOURCE_GROUPS_BASEDN="ou=ResourceGroups,ou=ResourceObjects,$OX_LEAF"
# Where is the Global Adressbook
GLOBAL_ADDRESSBOOKDN="o=AddressBook,$OX_LEAF"
# where are the adressbook admins
GLOBAL_ADDRESSBOOK_ADMINSDN="cn=AddressAdmins,$GLOBAL_ADDRESSBOOKDN"
# TEMPORARY FILE
TMPDIF="/var/open-xchange/temporary_ldap_scripts.ldif"
####################################################
####################################################
HOME_DIR="/home/"
DEFAULT_USR_SHELL="/bin/bash"
SHADOW_EXPIRE=0
SHADOW_MIN=0
SHADOW_MAX=9999
SHADOW_WARN=7
STD_GID=100
MIN_UID=101
MIN_GID=100
####################################################
|
Cheers |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Thu Oct 06, 2005 6:42 pm Post subject: |
|
|
ok =)
could you also please post the /etc/openldap/ldap.conf
Next question: how did you create the crypted password in slapd.conf or have you just written down what went into your mind.
Make sure the crypted password in slapd.conf is equal the unencrypted password in admintools.conf.
Or for testing purposes you can also try the unencrypted version in slapd.conf .
Don't forget to restart slapd after you've changed configuration.
Hope that helps you. |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Thu Oct 06, 2005 6:52 pm Post subject: |
|
|
Hi,
my /etc/openldap/ldap.conf :
Code: |
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
BASE dc=domain,dc=nl
URI ldap://domain.nl
HOST domain.nl
|
Oke i created the crypted password in slapd.conf like this:
slappasswd -h {CRYPT} -s thenthepassword
I coppied the crypted password i got from it into /etc/openldap/slapd.conf file.
And yes it is the same password as the uncrypted one in /etc/open-xchange/admintools.conf.
Thanks.. |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Thu Oct 06, 2005 8:52 pm Post subject: |
|
|
hmm - seams all good.
Have you got a firewall running - blocking ldap? |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Thu Oct 06, 2005 9:23 pm Post subject: |
|
|
Hi, no i wich it was the firewall.
I don't get this ldap thing.
And the thing i cannot stop the ldap-server, the only way to stop it is /etc/init.d/slapd zap.
That should'nt be normal as wel. Somehow the ldap-server and i don't get allong.....
If you have more sugestions your welcom...
Thanks. |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Fri Oct 07, 2005 5:09 pm Post subject: |
|
|
Hi,
Tried it with an uncrypted password.. No luck.
Another thing, shouldn't ldap be listening op port 389?
When i do a netstat -an | grep 389 i get nothing..
Cheers. |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Fri Oct 07, 2005 9:41 pm Post subject: |
|
|
This night short before sleeping an idea went to my mind.
please try an:
Code: | chown -R ldap:ldap /var/lib/openldap-data |
I had a problem starting ldap - this fixed it. |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Fri Oct 07, 2005 11:28 pm Post subject: |
|
|
He.. cool that helped a lot!!
Wel i thought i already did that, but when i looked i saw:
ls -l /var/lib
Code: |
drwxr-xr-x 2 apache apache 72 Sep 26 2005 dav
drwxr-xr-x 2 dhcp dhcp 136 Feb 8 11:30 dhcp
drwxr-xr-x 2 root root 160 Feb 8 10:29 dhcpc
drwxr-xr-x 6 root root 232 Feb 8 10:30 init.d
drwxr-xr-x 2 root root 72 Sep 4 2005 ip6tables
drwxr-xr-x 2 root root 72 Sep 4 2005 iptables
drwxr-xr-x 2 root root 72 Jul 26 2005 misc
drwx------ 2 ldap ldap 320 Oct 6 2005 openldap-data
drwx------ 2 ldap ldap 72 Oct 6 2005 openldap-ldbm
drwx------ 2 ldap ldap 72 Oct 6 2005 openldap-slurp
drwxrws--- 2 root portage 96 Jul 26 2005 portage
drwxr-xr-x 3 postgres postgres 104 Sep 27 2005 postgresql
drwxr-xr-x 2 root root 160 Feb 8 10:29 sasl2
drwxr-x--- 2 root slocate 104 Sep 4 2005 slocate
|
So that would be good, then i tool a look a little further, inside the /var/lib/openldap dir
ls -l /var/lib/openldap-data
Code: |
-rw------- 1 root root 8192 Oct 6 08:20 __db.001
-rw------- 1 root root 270336 Oct 6 08:20 __db.002
-rw------- 1 root root 98304 Oct 6 08:20 __db.003
-rw------- 1 root root 368640 Oct 6 08:20 __db.004
-rw------- 1 root root 24576 Oct 6 08:20 __db.005
-rw------- 1 root root 8192 Oct 6 17:58 dn2id.bdb
-rw------- 1 root root 32768 Oct 6 17:58 id2entry.bdb
-rw------- 1 root root 42225 Oct 6 17:58 log.0000000001
|
Hmmm must have forget the -R option.
After this I 'm able to normaly start and stop the ldap demon.
Now i'm able to add a new user group!!
But when i try to add a user via:
Code: |
/usr/sbin/adduser_ox --username=pim --passwd=paswordforpim--name=pim --sname=Jansen--maildomain=mydomain.nl --ox_timezone="Europe/Amsterdam"
|
i get an error back:
Code: |
Undefined ERROR - LDAP CODE 32
See LDAP Log for Details!
|
But i'm a lot further now thanks... |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Sat Oct 08, 2005 10:49 am Post subject: |
|
|
Hi,
Well fixed this by changing the following line:
Code: |
LDAPCONN="-H $LDAPURI -D $BINDDN -w $BINDPW -x"
|
into:
Code: |
LDAPCONN="-H $LDAPURI -D $BINDDN -w $BINDPW"
|
in the /etc/open-xchange/admintools.conf file, i don't if the -x is default there or that i put it there..
Now the next stop is.. Loging into http://mydomain.nl/cgi-bin/login.pl
I get the
Can not build up Socket!
SessionD running?
Message. I emerged open-xchange with the command:
Code: | USE="-SSL" emerge open-xchange |
Where can i find info about this SessionD?
Thanks. |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Sat Oct 08, 2005 2:06 pm Post subject: |
|
|
Normally you find log information in /var/log/open-xchange/sessiond.log |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Sat Oct 08, 2005 3:18 pm Post subject: |
|
|
Hi,
Well this is the output when i restart the slapd and open-exchange server and after that try to log in via http://www.mydomain.nl/cgi-bin/login.pl
Code: |
/usr/bin/openexchange-sessiond: line 11: 14475 Killed /opt/sun-jdk-1.4.2.09/bin/java $SERVER $OPTS -ms20M -mx280M -Dopenexchange.propfile=/etc/open-xchange/groupware/system.properties -DappName=sessiondApp -Djava.library.path=/usr/lib/open-xchange -classpath /usr/lib/open-xchange/nas.jar:/usr/lib/open-xchange/comfiretools.jar:/usr/lib/open-xchange/intranet.jar:/usr/lib/open-xchange/sessiond.jar com.openexchange.sessiond.oxsessiond -P 33333
Oct 08 17:12:28 localhost openexchange: oxsessiond init (localhost:33333) objectstream=false
Oct 08 17:12:28 localhost openexchange: INTERNAL TLS Support: ON
Oct 08 17:12:33 localhost openexchange: oxsessiond init (localhost:33335) objectstream=true
Oct 08 17:12:44 localhost openexchange: SocketHandler.runStream: com.openexchange.ssl.SSLException:
15186:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48
ssl server fails to process ssl handshake
com.openexchange.ssl.SSLException:
15186:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48
ssl server fails to process ssl handshake
at com.openexchange.ssl.SSLServerSocket.nativeAccept(Native Method)
at com.openexchange.ssl.SSLServerSocket.accept(SSLServerSocket.java:129)
at com.openexchange.sessiond.SocketHandler.runStream(SocketHandler.java:365)
at com.openexchange.sessiond.SocketHandler.run(SocketHandler.java:243)
at java.lang.Thread.run(Thread.java:534)
|
Looks like its trying to communicate via ssl?? |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Sat Oct 08, 2005 4:02 pm Post subject: |
|
|
Yes, you have compiled ox with ssh.
But you can disable this without recompile ox.
1. edit /var/www/localhost/cgi-bin/login.pm and change to:
Code: | my $connection_mode = 3; |
2. edit /etc/open-xchange/groupware/system.properties and change to
3. edit /etc/open-xchange/webmail/system.properties and change to
And now, welcome to your own OX - World =) |
|
Back to top |
|
 |
sonix Tux's lil' helper


Joined: 12 Feb 2003 Posts: 102
|
Posted: Sun Oct 09, 2005 11:18 am Post subject: |
|
|
i went through the gentoo manual from top to the point where i create my first ox user. All went moderately well. However, when i login with my newly created user, i get this error message
Quote: | Not Found
The requested URL /servlet/intranet was not found on this server.
Apache/2.0.52 (Gentoo/Linux) mod_ssl/2.0.52 OpenSSL/0.9.7e PHP/4.3.9 mod_jk/1.2.10 Server at www.vexelmedia.com Port 80 |
if i adjust the link on my browser to port 8080, i get a txt only version of ox with broken pic links which tells me ox is alright. What did i miss?
EDIT: I missed the JKMounts.
Last edited by sonix on Sun Oct 09, 2005 11:40 am; edited 1 time in total |
|
Back to top |
|
 |
slaapkop n00b


Joined: 04 Mar 2004 Posts: 66 Location: Nijmegen
|
Posted: Sun Oct 09, 2005 11:24 am Post subject: |
|
|
Hi,
I was a little too soon..
When i do a adduser i get the following:
Code: |
TRUUS ~ # /usr/sbin/adduser_ox --username=pim --passwd=mypassword --name=pim --sname=janssen--maildomain=mydomain.nl --ox_timezone="Europe/Amsterdam"
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no secret in database
LDAP Success
SQL Success
|
I changed the line LDAPSEARCH_BIN="ldapsearch" into LDAPSEARCH_BIN="ldapsearch -d -3".
So i got a lot of output, so when i saw the LDAP success and SQL success i thought it went good. But it did't
With the ssl enabled like you told me too, either way i get this message adding a new user.
It's not going smoothly for me, is it?
Can you help me out once again? |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Sun Oct 09, 2005 12:26 pm Post subject: |
|
|
sonix wrote: | EDIT: I missed the JKMounts. |
If you use the build, you get all inclusive  |
|
Back to top |
|
 |
Dark_Hunter Apprentice


Joined: 28 Mar 2003 Posts: 230 Location: Germany
|
Posted: Sun Oct 09, 2005 12:48 pm Post subject: |
|
|
slaapkop wrote: |
With the ssl enabled like you told me too, either way i get this message adding a new user.
|
Did I? Sorry for the wrong information at first try to install ox without ssl. After all working fine, switch it on.
slaapkop wrote: |
It's not going smoothly for me, is it?
|
Somehow not But we will hopefully get this done.
Try to edit the /etc/saslauthd.conf the following way
Code: |
ldap_servers: ldap://127.0.0.1
ldap_bind_dn: cn=Manager,dc=mydomain,dc=nl
ldap_bind_pw: yourLDAPpassword
ldap_search_base: dc=mydomain,dc=nl
ldap_auth_method: userPassword
|
and restart your saslauthd service |
|
Back to top |
|
 |
|