t.Fatalf("Bad data response: %s", err)
	}

	if err := c.Quit(); err != nil {
		t.Fatalf("QUIT failed: %s", err)
	}

	bcmdbuf.Flush()
	actualcmds := cmdbuf.String()
	if client != actualcmds {
		t.Fatalf("Got:\n%s\nExpected:\n%s", actualcmds, client)
	}
}

var basicServer = `250 mx.google.com at your service
502 Unrecognized command.
250-mx.google.com at your service
250-SIZE 35651584

	}

	if ips[0] != ip {
		t.Fatalf("service IP incorrect => %q, want %q", ips[0], ip)
	}

	actualIPs := service.ClusterVIPs.GetAddressesFor(clusterID)
	expectedIPs := []string{ip}
	if !reflect.DeepEqual(actualIPs, expectedIPs) {
		t.Fatalf("service IPs incorrect => %q, want %q", actualIPs, expectedIPs)
	}

	if !reflect.DeepEqual(service.Attributes.LabelSelectors, localSvc.Spec.Selector) {

		errRet := fmt.Errorf("Unable to find user DN: %w", err)
		return nil, nil, errRet
	}

	// Authenticate the user credentials.
	err = conn.Bind(lookupResult.ActualDN, password)
	if err != nil {
		errRet := fmt.Errorf("LDAP auth failed for DN %s: %w", lookupResult.ActualDN, err)
		return nil, nil, errRet
	}

	// Bind to the lookup user account again to perform group search.
	if err = l.LDAP.LookupBind(conn); err != nil {

				req.Header.Set("X-Forwarded-For", test.forwardedFor)
			}
			if test.realIP != "" {
				req.Header.Set("X-Real-Ip", test.realIP)
			}

			actualIPs := SourceIPs(req)
			actual := make([]string, len(actualIPs))
			for i, ip := range actualIPs {
				actual[i] = ip.String()
			}

			assert.Equal(t, test.expected, actual)
		})
	}
}

func TestParseWarningHeader(t *testing.T) {

		in.peek = true
		in.Push(NewSlice(in.Base(), in.Line(), []Token{Make(macroName, macro.name)}))
		return
	}
	actuals := in.argsFor(macro)
	var tokens []Token
	for _, tok := range macro.tokens {
		if tok.ScanToken != scanner.Ident {
			tokens = append(tokens, tok)
			continue
		}
		substitution := actuals[tok.text]
		if substitution == nil {
			tokens = append(tokens, tok)
			continue
		}

			}
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
		targetUser = lookupResult.NormDN
		opts.claims[ldapUser] = targetUser // DN
		opts.claims[ldapActualUser] = lookupResult.ActualDN

		// Check if this user or their groups have a policy applied.
		ldapPolicies, err := globalIAMSys.PolicyDBGet(targetUser, targetGroups...)
		if err != nil {

				return nil, err
			}
			claims := make(map[string]interface{})
			claims[expClaim] = UTCNow().Add(expiryDur).Unix()

			claims[ldapUser] = lookupResult.NormDN
			claims[ldapActualUser] = lookupResult.ActualDN
			claims[ldapUserN] = ctx.Sess.LoginUser()

			// Add LDAP attributes that were looked up into the claims.
			for attribKey, attribValue := range lookupResult.Attributes {

	if err != nil {
		err = fmt.Errorf("LDAP server error: %w", err)
		writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, err)
		return
	}
	ldapUserDN := lookupResult.NormDN
	ldapActualUserDN := lookupResult.ActualDN

	// Check if this user or their groups have a policy applied.
	ldapPolicies, err := globalIAMSys.PolicyDBGet(ldapUserDN, groupDistNames...)
	if err != nil {
		writeSTSErrorResponse(ctx, w, ErrSTSInternalError, err)