diff --git a/server/src/main/java/password/pwm/config/DomainConfig.java b/server/src/main/java/password/pwm/config/DomainConfig.java
index f4a0d71008..bc16195d76 100644
--- a/server/src/main/java/password/pwm/config/DomainConfig.java
+++ b/server/src/main/java/password/pwm/config/DomainConfig.java
@@ -57,6 +57,7 @@
 import password.pwm.util.secure.PwmHashAlgorithm;
 import password.pwm.util.secure.PwmSecurityKey;
 import password.pwm.util.secure.SecureEngine;
+import password.pwm.http.HttpMethod;
 
 import java.io.StringWriter;
 import java.security.cert.X509Certificate;
@@ -233,6 +234,14 @@ public PrivateKeyCertificate readSettingAsPrivateKey( final PwmSetting setting )
         return settingReader.readSettingAsPrivateKey( setting );
     }
 
+    public HttpMethod readSettingAsHttpMethod( final PwmSetting setting )
+    {
+        return settingReader.readSettingAsEnum( setting,
+                password.pwm.config.option.HttpMethod.class ) == password.pwm.config.option.HttpMethod.POST
+                        ? HttpMethod.POST
+                        : HttpMethod.GET;
+    }
+
     public PwmSecurityKey getSecurityKey( ) throws PwmUnrecoverableException
     {
         //return configurationSuppliers.pwmSecurityKey.call();
diff --git a/server/src/main/java/password/pwm/config/PwmSetting.java b/server/src/main/java/password/pwm/config/PwmSetting.java
index 128ad8a35d..e69ead1f61 100644
--- a/server/src/main/java/password/pwm/config/PwmSetting.java
+++ b/server/src/main/java/password/pwm/config/PwmSetting.java
@@ -822,6 +822,8 @@ public enum PwmSetting
             "recovery.oauth.idserver.codeResolveUrl", PwmSettingSyntax.STRING, PwmSettingCategory.RECOVERY_OAUTH ),
     RECOVERY_OAUTH_ID_ATTRIBUTES_URL(
             "recovery.oauth.idserver.attributesUrl", PwmSettingSyntax.STRING, PwmSettingCategory.RECOVERY_OAUTH ),
+    RECOVERY_OAUTH_ID_ATTRIBUTES_METHOD(
+            "recovery.oauth.idserver.attributesMethod", PwmSettingSyntax.SELECT, PwmSettingCategory.RECOVERY_OAUTH ),
     RECOVERY_OAUTH_ID_CERTIFICATE(
             "recovery.oauth.idserver.serverCerts", PwmSettingSyntax.X509CERT, PwmSettingCategory.RECOVERY_OAUTH ),
     RECOVERY_OAUTH_ID_CLIENTNAME(
@@ -1190,6 +1192,8 @@ public enum PwmSetting
             "oauth.idserver.codeResolveUrl", PwmSettingSyntax.STRING, PwmSettingCategory.OAUTH ),
     OAUTH_ID_ATTRIBUTES_URL(
             "oauth.idserver.attributesUrl", PwmSettingSyntax.STRING, PwmSettingCategory.OAUTH ),
+    OAUTH_ID_ATTRIBUTES_METHOD(
+            "oauth.idserver.attributesMethod", PwmSettingSyntax.SELECT, PwmSettingCategory.OAUTH ),
     OAUTH_ID_CERTIFICATE(
             "oauth.idserver.serverCerts", PwmSettingSyntax.X509CERT, PwmSettingCategory.OAUTH ),
     OAUTH_ID_CLIENTNAME(
diff --git a/server/src/main/java/password/pwm/config/option/HttpMethod.java b/server/src/main/java/password/pwm/config/option/HttpMethod.java
new file mode 100644
index 0000000000..080a06f1da
--- /dev/null
+++ b/server/src/main/java/password/pwm/config/option/HttpMethod.java
@@ -0,0 +1,27 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://www.pwm-project.org
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2021 The PWM Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package password.pwm.config.option;
+
+public enum HttpMethod implements ConfigurationOption
+{
+    POST,
+    GET,
+}
diff --git a/server/src/main/java/password/pwm/http/PwmResponse.java b/server/src/main/java/password/pwm/http/PwmResponse.java
index a81f36cf49..f1d12fc1ab 100644
--- a/server/src/main/java/password/pwm/http/PwmResponse.java
+++ b/server/src/main/java/password/pwm/http/PwmResponse.java
@@ -289,9 +289,19 @@ public void sendRedirect( final String url, final RedirectType redirectType )
         preCommitActions();
 
         final String basePath = pwmRequest.getBasePath();
-        final String effectiveUrl = url.startsWith( basePath )
-                ? url
-                : basePath + url;
+        final String effectiveUrl;
+
+        // a redirect can either be internal and already include the basePath,
+        // or internal without basePath, in this case we add the basePath
+        // or external with preceding protocol, in this case we use the url as is
+        if ( url.startsWith( basePath ) || url.matches( "^https?://.*" ) )
+        {
+            effectiveUrl  = url;
+        }
+        else
+        {
+            effectiveUrl = basePath + url;
+        }
 
         // http "other" redirect
         final HttpServletResponse resp = pwmRequest.getPwmResponse().getHttpServletResponse();
diff --git a/server/src/main/java/password/pwm/http/servlet/oauth/OAuthMachine.java b/server/src/main/java/password/pwm/http/servlet/oauth/OAuthMachine.java
index 813ae9c967..ed741f646d 100644
--- a/server/src/main/java/password/pwm/http/servlet/oauth/OAuthMachine.java
+++ b/server/src/main/java/password/pwm/http/servlet/oauth/OAuthMachine.java
@@ -160,7 +160,7 @@ OAuthResolveResults makeOAuthResolveRequest(
         requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_CLIENT_ID ), clientID );
         requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_CLIENT_SECRET ), settings.getSecret().getStringValue() );
 
-        final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "oauth code resolver", settings, requestUrl, requestParams, null );
+        final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "oauth code resolver", settings, requestUrl, requestParams, null, HttpMethod.POST );
 
         final OAuthResolveResults results = resolveResultsFromResponseBody( pwmRequest, restResults.getBody() );
 
@@ -204,7 +204,7 @@ private OAuthResolveResults makeOAuthRefreshRequest(
         requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_REFRESH_TOKEN ), refreshCode );
         requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_GRANT_TYPE ), grantType );
 
-        final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "OAuth refresh resolver", settings, requestUrl, requestParams, null );
+        final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "OAuth refresh resolver", settings, requestUrl, requestParams, null, HttpMethod.POST );
 
         return resolveResultsFromResponseBody( pwmRequest, restResults.getBody() );
     }
@@ -219,10 +219,11 @@ String makeOAuthGetUserInfoRequest(
         {
             final DomainConfig config = pwmRequest.getDomainConfig();
             final String requestUrl = settings.getAttributesUrl();
+            final HttpMethod requestMethod = settings.getAttributesMethod();
             final Map<String, String> requestParams = new HashMap<>();
             requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_ACCESS_TOKEN ), accessToken );
             requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_ATTRIBUTES ), settings.getDnAttributeName() );
-            restResults = makeHttpRequest( pwmRequest, "OAuth userinfo", settings, requestUrl, requestParams, accessToken );
+            restResults = makeHttpRequest( pwmRequest, "OAuth userinfo", settings, requestUrl, requestParams, accessToken, requestMethod );
         }
 
         final String resultBody = restResults.getBody();
@@ -250,7 +251,8 @@ private static PwmHttpClientResponse makeHttpRequest(
             final OAuthSettings settings,
             final String requestUrl,
             final Map<String, String> requestParams,
-            final String accessToken
+            final String accessToken,
+            final HttpMethod method
     )
             throws PwmUnrecoverableException
     {
@@ -273,7 +275,7 @@ private static PwmHttpClientResponse makeHttpRequest(
             headers.put( HttpHeader.ContentType.getHttpName(), HttpContentType.form.getHeaderValueWithEncoding() );
 
             pwmHttpClientRequest = PwmHttpClientRequest.builder()
-                    .method( HttpMethod.POST )
+                    .method( method )
                     .url( requestUrl )
                     .body( requestBody )
                     .headers( headers )
@@ -316,7 +318,7 @@ private static String figureOauthSelfEndPointUrl( final PwmRequest pwmRequest )
 
         {
             final String returnUrlOverride = pwmRequest.getDomainConfig().readAppProperty( AppProperty.OAUTH_RETURN_URL_OVERRIDE );
-            final String siteURL = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.PWM_SITE_URL );
+            final String siteURL = pwmRequest.getAppConfig().readSettingAsString( PwmSetting.PWM_SITE_URL );
             if ( returnUrlOverride != null && !returnUrlOverride.trim().isEmpty() )
             {
                 debugSource = "AppProperty(\"" + AppProperty.OAUTH_RETURN_URL_OVERRIDE.getKey() + "\")";
@@ -470,7 +472,8 @@ private Optional<String> figureUsernameGrantParam(
         }
 
         LOGGER.debug( sessionLabel, () -> "preparing to send username to OAuth /sign endpoint for future injection to /grant redirect" );
-        final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "OAuth pre-inject username signing service", settings, signUrl, requestPayload, null );
+        final PwmHttpClientResponse restResults = makeHttpRequest( pwmRequest, "OAuth pre-inject username signing service", settings,
+                                                                    signUrl, requestPayload, null, HttpMethod.POST );
 
         final String resultBody = restResults.getBody();
         final Map<String, String> resultBodyMap = JsonUtil.deserializeStringMap( resultBody );
diff --git a/server/src/main/java/password/pwm/http/servlet/oauth/OAuthSettings.java b/server/src/main/java/password/pwm/http/servlet/oauth/OAuthSettings.java
index b511c2a555..4b3c79aa44 100644
--- a/server/src/main/java/password/pwm/http/servlet/oauth/OAuthSettings.java
+++ b/server/src/main/java/password/pwm/http/servlet/oauth/OAuthSettings.java
@@ -26,6 +26,7 @@
 import password.pwm.config.PwmSetting;
 import password.pwm.config.profile.ForgottenPasswordProfile;
 import password.pwm.util.PasswordData;
+import password.pwm.http.HttpMethod;
 
 import java.io.Serializable;
 import java.security.cert.X509Certificate;
@@ -38,6 +39,7 @@ public class OAuthSettings implements Serializable
     private String loginURL;
     private String codeResolveUrl;
     private String attributesUrl;
+    private HttpMethod attributesMethod;
     private String scope;
     private String clientID;
     private PasswordData secret;
@@ -62,6 +64,7 @@ public static OAuthSettings forSSOAuthentication( final DomainConfig config )
                 .loginURL( config.readSettingAsString( PwmSetting.OAUTH_ID_LOGIN_URL ) )
                 .codeResolveUrl( config.readSettingAsString( PwmSetting.OAUTH_ID_CODERESOLVE_URL ) )
                 .attributesUrl( config.readSettingAsString( PwmSetting.OAUTH_ID_ATTRIBUTES_URL ) )
+                .attributesMethod( config.readSettingAsHttpMethod( PwmSetting.OAUTH_ID_ATTRIBUTES_METHOD ) )
                 .clientID( config.readSettingAsString( PwmSetting.OAUTH_ID_CLIENTNAME ) )
                 .secret( config.readSettingAsPassword( PwmSetting.OAUTH_ID_SECRET ) )
                 .dnAttributeName( config.readSettingAsString( PwmSetting.OAUTH_ID_DN_ATTRIBUTE_NAME ) )
diff --git a/server/src/main/java/password/pwm/ws/server/rest/RestSetPasswordServer.java b/server/src/main/java/password/pwm/ws/server/rest/RestSetPasswordServer.java
index be072a1bb4..58410eaea6 100644
--- a/server/src/main/java/password/pwm/ws/server/rest/RestSetPasswordServer.java
+++ b/server/src/main/java/password/pwm/ws/server/rest/RestSetPasswordServer.java
@@ -211,7 +211,8 @@ private static RestResultBean doSetPassword(
             );
 
             StatisticsClient.incrementStat( restRequest.getDomain(), Statistic.REST_SETPASSWORD );
-            final JsonInputData jsonResultData = new JsonInputData( targetUserIdentity.getUserIdentity().toDelimitedKey(), null, random );
+            final JsonInputData jsonResultData = new JsonInputData( targetUserIdentity.getUserIdentity().toDelimitedKey(),
+                            newPassword.getStringValue(), random );
             return RestResultBean.forSuccessMessage( jsonResultData, restRequest, Message.Success_PasswordChange );
         }
         catch ( final PwmException e )
diff --git a/server/src/main/resources/password/pwm/config/PwmSetting.xml b/server/src/main/resources/password/pwm/config/PwmSetting.xml
index a58f2a26ff..8e2896bc03 100644
--- a/server/src/main/resources/password/pwm/config/PwmSetting.xml
+++ b/server/src/main/resources/password/pwm/config/PwmSetting.xml
@@ -2509,6 +2509,15 @@
         <example>https://oauthserver.example.com/osp/a/idm/auth/oauth2/getattributes</example>
         <default/>
     </setting>
+    <setting hidden="false" key="recovery.oauth.idserver.attributesMethod" level="2" required="true">
+        <default>
+            <value>POST</value>
+        </default>
+        <options>
+            <option value="POST">POST</option>
+            <option value="GET">GET</option>
+        </options>
+    </setting>
     <setting hidden="false" key="recovery.oauth.idserver.serverCerts" level="2">
         <default/>
         <properties>
@@ -4068,6 +4077,15 @@
         <example>https://oauthserver.example.com/osp/a/idm/auth/oauth2/getattributes</example>
         <default/>
     </setting>
+    <setting hidden="false" key="oauth.idserver.attributesMethod" level="2" required="true">
+        <default>
+            <value>POST</value>
+        </default>
+        <options>
+            <option value="POST">POST</option>
+            <option value="GET">GET</option>
+        </options>
+    </setting>
     <setting hidden="false" key="oauth.idserver.serverCerts" level="2">
         <default/>
         <properties>
diff --git a/server/src/main/resources/password/pwm/i18n/PwmSetting.properties b/server/src/main/resources/password/pwm/i18n/PwmSetting.properties
index df652687d8..e6a90c90b7 100644
--- a/server/src/main/resources/password/pwm/i18n/PwmSetting.properties
+++ b/server/src/main/resources/password/pwm/i18n/PwmSetting.properties
@@ -547,6 +547,7 @@ Setting_Description_newUser.username.definition=<p>Specify the display name, or
 Setting_Description_newUser.writeAttributes=Specify the actions the system takes when it creates a user.  The actions will be executed just after the user is created in the LDAP directory.    You can use macros in this setting.
 Setting_Description_notes.noteText=Specify any configuration notes about your system. This option allows you to keep notes about any specific configuration options you have made with the system.
 Setting_Description_oauth.idserver.attributesUrl=Specify the URL of the web service provided by the identity server to return attribute data about the user.
+Setting_Description_oauth.idserver.attributesMethod=Select the HTTP method to use when calling the Attributes URL
 Setting_Description_oauth.idserver.scope=Specify the optional OAuth scope. The OAuth identity service provider(IdP) provides this value.  The scope provided, if any, must contain the user attribute to be read for authentication.
 Setting_Description_oauth.idserver.clientName=Specify the OAuth client ID. The OAuth identity service provider(IdP) provides this value.
 Setting_Description_oauth.idserver.codeResolveUrl=Specify the OAuth Code Resolve Service URL. The system uses this web service URL to resolve the artifact returned by the OAuth identity server.
@@ -681,6 +682,7 @@ Setting_Description_recovery.enable=Enable this option to have the forgotten pas
 Setting_Description_recovery.form=Specify the form fields for the activate user module. @PwmAppName@ requires the users to enter each attribute. Ideally, @PwmAppName@ requires the users to enter some personal data that is not publicly known.
 Setting_Description_recovery.minimumPasswordLifetimeOptions=Options to control behavior when a user attempts to use the forgotten password module while their password is within the minimum password policy lifetime window of their effective password policy.  These options are only relevant if the user has an effective minimum password lifetime as part of their password policy.
 Setting_Description_recovery.oauth.idserver.attributesUrl=Specify the web service URL provided by the identity server to return attribute data about the user.
+Setting_Description_recovery.oauth.idserver.attributesMethod=Select the HTTP method to use when calling the Attributes URL
 Setting_Description_recovery.oauth.idserver.clientName=Specify the OAuth client ID. The OAuth identity service provider gives you this value.
 Setting_Description_recovery.oauth.idserver.codeResolveUrl=Specify the OAuth Token / Code Resolve Service URL. @PwmAppName@ uses this web service URL to resolve the artifact returned by the OAuth identity server.
 Setting_Description_recovery.oauth.idserver.dnAttributeName=Specify the attribute to request from the OAuth server that @PwmAppName@ uses as the user name for local authentication. @PwmAppName@ then resolves this value the same as if the user had typed the password at the local authentication page.
@@ -1086,6 +1088,7 @@ Setting_Label_newUser.username.definition=LDAP Entry ID Definition
 Setting_Label_newUser.writeAttributes=New User Actions
 Setting_Label_notes.noteText=Configuration Notes
 Setting_Label_oauth.idserver.attributesUrl=OAuth Profile/UserInfo Service URL
+Setting_Label_oauth.idserver.attributesMethod=OAuth Profile/UserInfo Service HTTP Method
 Setting_Label_oauth.idserver.scope=OAuth Scope
 Setting_Label_oauth.idserver.clientName=OAuth Client ID
 Setting_Label_oauth.idserver.codeResolveUrl=OAuth Token / Code Resolve Service URL
@@ -1220,6 +1223,7 @@ Setting_Label_recovery.enable=Enable Forgotten Password
 Setting_Label_recovery.form=Forgotten Password User Search Form
 Setting_Label_recovery.minimumPasswordLifetimeOptions=Minimum Password Lifetime Options
 Setting_Label_recovery.oauth.idserver.attributesUrl=OAuth Profile Service URL
+Setting_Label_recovery.oauth.idserver.attributesMethod=OAuth Profile Service HTTP Method
 Setting_Label_recovery.oauth.idserver.clientName=OAuth Client ID
 Setting_Label_recovery.oauth.idserver.codeResolveUrl=OAuth Code Resolve Service URL
 Setting_Label_recovery.oauth.idserver.dnAttributeName=OAuth User Name/DN Login Attribute
diff --git a/server/src/test/java/password/pwm/util/java/XmlFactoryTest.java b/server/src/test/java/password/pwm/util/java/XmlFactoryTest.java
index 2d3d74ec24..60b9ee6196 100644
--- a/server/src/test/java/password/pwm/util/java/XmlFactoryTest.java
+++ b/server/src/test/java/password/pwm/util/java/XmlFactoryTest.java
@@ -41,6 +41,6 @@ public void testLoadXml()
         Assert.assertTrue( configIsEditable.isPresent() );
         Assert.assertEquals( "false", configIsEditable.get().getText().orElseThrow() );
         final List<XmlElement> allSettings = xmlDocument.evaluateXpathToElements( "//setting" );
-        Assert.assertEquals( 279, allSettings.size() );
+        Assert.assertEquals( 281, allSettings.size() );
     }
 }
diff --git a/server/src/test/resources/password/pwm/config/stored/ConfigurationCleanerTest.xml b/server/src/test/resources/password/pwm/config/stored/ConfigurationCleanerTest.xml
index a7fd3441b8..2739f64061 100644
--- a/server/src/test/resources/password/pwm/config/stored/ConfigurationCleanerTest.xml
+++ b/server/src/test/resources/password/pwm/config/stored/ConfigurationCleanerTest.xml
@@ -681,6 +681,10 @@
             <label>OAuth Profile Service URL</label>
             <value><![CDATA[http://ldap.example.com:8180/osp/a/idm/auth/oauth2/getattributes]]></value>
         </setting>
+        <setting key="oauth.idserver.attributesMethod" syntax="SELECT" syntaxVersion="0" modifyTime="2018-07-11T05:43:23Z" modifyUser="default|cn=testuser,ou=example,o=org">
+            <label>OAuth Profile Service HTTP Method</label>
+            <value><![CDATA[POST]]></value>
+        </setting>
         <setting key="oauth.idserver.serverCerts" syntax="X509CERT" syntaxVersion="0" modifyTime="2016-11-07T16:57:44Z" modifyUser="default|cn=testuser,ou=example,o=org">
             <default />
         </setting>
@@ -736,6 +740,10 @@
             <label>OAuth Profile Service URL</label>
             <value><![CDATA[https://db.example.org44/osp/a/TOP/auth/oauth2/getattributes]]></value>
         </setting>
+        <setting key="recovery.oauth.idserver.attributesMethod" syntax="SELECT" syntaxVersion="0" modifyTime="2018-07-11T05:43:23Z" modifyUser="default|cn=testuser,ou=example,o=org">
+            <label>OAuth Profile Service HTTP Method</label>
+            <value><![CDATA[POST]]></value>
+        </setting>
         <setting key="recovery.oauth.idserver.clientName" syntax="STRING" profile="default" syntaxVersion="0" modifyTime="2016-11-14T19:55:23Z" modifyUser="default|cn=testuser,ou=example,o=org">
             <label>OAuth Client ID</label>
             <value><![CDATA[id-jUE41S73VVGoIetABWUKwBmYzM4B51yb]]></value>
diff --git a/server/src/test/resources/password/pwm/util/java/XmlFactoryTest.xml b/server/src/test/resources/password/pwm/util/java/XmlFactoryTest.xml
index 2913addd20..c9084d44db 100644
--- a/server/src/test/resources/password/pwm/util/java/XmlFactoryTest.xml
+++ b/server/src/test/resources/password/pwm/util/java/XmlFactoryTest.xml
@@ -683,6 +683,10 @@
       <label>OAuth Profile Service URL</label>
       <value><![CDATA[http://ldap.example.com:8180/osp/a/idm/auth/oauth2/getattributes]]></value>
     </setting>
+    <setting key="oauth.idserver.attributesMethod" syntax="SELECT" syntaxVersion="0" modifyTime="2018-07-11T05:43:23Z" modifyUser="default|cn=testuser,ou=example,o=org">
+      <label>OAuth Profile Service HTTP Method</label>
+      <value><![CDATA[POST]]></value>
+    </setting>
     <setting key="oauth.idserver.serverCerts" syntax="X509CERT" syntaxVersion="0" modifyTime="2016-11-07T16:57:44Z" modifyUser="default|cn=testuser,ou=example,o=org">
       <default />
     </setting>
@@ -738,6 +742,10 @@
       <label>OAuth Profile Service URL</label>
       <value><![CDATA[https://db.example.org44/osp/a/TOP/auth/oauth2/getattributes]]></value>
     </setting>
+    <setting key="recovery.oauth.idserver.attributesMethod" syntax="SELECT" syntaxVersion="0" modifyTime="2018-07-11T05:43:23Z" modifyUser="default|cn=testuser,ou=example,o=org">
+      <label>OAuth Profile Service HTTP Method</label>
+      <value><![CDATA[POST]]></value>
+    </setting>
     <setting key="recovery.oauth.idserver.clientName" syntax="STRING" profile="default" syntaxVersion="0" modifyTime="2016-11-14T19:55:23Z" modifyUser="default|cn=testuser,ou=example,o=org">
       <label>OAuth Client ID</label>
       <value><![CDATA[id-jUE41S73VVGoIetABWUKwBmYzM4B51yb]]></value>
diff --git a/webapp/src/build/ldif/AD-schema.ldif b/webapp/src/build/ldif/AD-schema.ldif
index 2644d564b7..90f6ac6c14 100644
--- a/webapp/src/build/ldif/AD-schema.ldif
+++ b/webapp/src/build/ldif/AD-schema.ldif
@@ -156,7 +156,7 @@ searchFlags: 1
 #------------------------------------------------------
 #--  Update the schema now
 #------------------------------------------------------
-dn: 
+dn:
 changetype: modify
 add: schemaUpdateNow
 schemaUpdateNow: 1
@@ -192,7 +192,7 @@ adminDescription: pwmUser Auxiliary class
 #------------------------------------------------------
 #--  Update the schema now
 #------------------------------------------------------
-dn: 
+dn:
 changetype: modify
 add: schemaUpdateNow
 schemaUpdateNow: 1
@@ -222,7 +222,7 @@ mayContain: pwmData
 #------------------------------------------------------
 #--  Update the schema now
 #------------------------------------------------------
-dn: 
+dn:
 changetype: modify
 add: schemaUpdateNow
 schemaUpdateNow: 1