if !regexp.MustCompile("SELECT .* FROM .users. left join pets.*join accounts.*").MatchString(stmt.SQL.String()) {

		t.Errorf("should update two records, but got %v", rowsAffected)
	}

	var results []User

        if (username != null) {
            AccountAttempts account = accountAttempts.computeIfAbsent(username, k -> new AccountAttempts());
            account.recordFailure();

            if (account.getFailedAttempts() >= maxAttemptsPerAccount) {
                account.lockOut(lockoutDuration);
                totalAccountsLocked.incrementAndGet();

	// account or STS account):
	requestorUser := cred.AccessKey
	requestorParentUser := cred.AccessKey
	requestorGroups := cred.Groups
	requestorIsDerivedCredential := false
	if cred.IsServiceAccount() || cred.IsTemp() {
		requestorParentUser = cred.ParentUser
		requestorIsDerivedCredential = true
	}

	// Check if we are creating svc account for request sender.

		// Service accounts ops
		adminRouter.Methods(http.MethodPut).Path(adminVersion + "/add-service-account").HandlerFunc(adminMiddleware(adminAPI.AddServiceAccount))
		adminRouter.Methods(http.MethodPost).Path(adminVersion+"/update-service-account").HandlerFunc(adminMiddleware(adminAPI.UpdateServiceAccount)).Queries("accessKey", "{accessKey:.*}")

	}

	var users2 []User
	DB.Preload("Account", clause.Eq{Column: "number", Value: users[0].Account.Number}).Find(&users2, "id IN ?", userIDs)
	sort.Slice(users2, func(i, j int) bool {
		return users2[i].ID < users2[j].ID
	})

	for idx, user := range users2[1:2] {
		if user.Account.Number != "" {
			t.Errorf("No account should found for user %v but got %v", idx+2, user.Account.Number)
		}
	}

     * been resolved and it is not a domain SID or builtin account,
     * the full DOMAIN\name form of the account will be
     * returned (e.g. MYDOM\alice or MYDOM\Domain Users).
     * If the SID has been resolved but it is is a domain SID,
     * only the domain name will be returned (e.g. MYDOM).
     * If the SID has been resolved but it is a builtin account,
     * only the name component will be returned (e.g. SYSTEM).

     * Defines the root of the LDAP directory tree for user lookups.
     */
    @Size(max = 1000)
    public String ldapBaseDn;

    /**
     * LDAP filter for finding user accounts.
     * Defines the search filter used to locate user accounts in LDAP.
     */
    @Size(max = 1000)
    public String ldapAccountFilter;

    /**
     * LDAP filter for finding groups.

    /** Account control bit flag: Normal user account */
    public static final int ACB_NORMAL = 16;
    /** Account control bit flag: MNS logon user account */
    public static final int ACB_MNS = 32;
    /** Account control bit flag: Interdomain trust account */
    public static final int ACB_DOMTRUST = 64;
    /** Account control bit flag: Workstation trust account */
    public static final int ACB_WSTRUST = 128;

    /** Account control bit flag: Normal user account */
    public static final int ACB_NORMAL = 16;
    /** Account control bit flag: MNS logon user account */
    public static final int ACB_MNS = 32;
    /** Account control bit flag: Interdomain trust account */
    public static final int ACB_DOMTRUST = 64;
    /** Account control bit flag: Workstation trust account */
    public static final int ACB_WSTRUST = 128;