}
		return bindDN, nil
	}

	// Since the username parses as a valid DN, check that it exists and is
	// under a configured base DN in the LDAP directory.
	validDN, isUnderBaseDN, err := l.GetValidatedUserDN(conn, username)
	if err == nil && !isUnderBaseDN {
		return "", fmt.Errorf("Unable to find user DN: %w", err)
	}
	return validDN, err
}

	flag.StringVar(&ldapPassword, "p", "", "AD/LDAP Password")
	flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials")
	flag.DurationVar(&expiryDuration, "e", 0, "Request a duration of validity for the generated credential")
	flag.StringVar(&bucketToList, "b", "", "Bucket to list (defaults to ldap username)")
	flag.StringVar(&sessionPolicyFile, "s", "", "File containing session policy to apply to the STS request")
}