Many Active Directory and other LDAP services are setup with [DNS SRV Records](https://ldap.com/dns-srv-records-for-ldap/) for high-availability of the directory service. To use this to find LDAP servers to connect to, an LDAP client makes a DNS SRV record request to the DNS service on a domain that looks like `_service._proto.example.com`. For LDAP the `proto` value is always `tcp`, and `service` is usually `ldap` or `ldaps`.

			return
		}

		// In case of LDAP/OIDC we need to set `opts.claims` to ensure
		// it is associated with the LDAP/OIDC user properly.
		for k, v := range cred.Claims {
			if k == expClaim {
				continue
			}
			opts.claims[k] = v
		}
	} else {
		// We still need to ensure that the target user is a valid LDAP user.
		//

)

// Config contains AD/LDAP server connectivity information.
type Config struct {
	LDAP ldap.Config

	stsExpiryDuration time.Duration // contains converted value
}

// Enabled returns if LDAP is enabled.
func (l *Config) Enabled() bool {
	return l.LDAP.Enabled
}

// Clone returns a cloned copy of LDAP config.
func (l *Config) Clone() Config {
	if l == nil {

        if: matrix.ldap == 'ldaphost:389'
        env:
          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
        run: |
          make test-iam-ldap-upgrade-import
      - name: Test LDAP for automatic site replication
        if: matrix.ldap == 'localhost:389'
        run: |
          make test-site-replication-ldap
      - name: Test OIDC for automatic site replication

     * input before using it in LDAP search filters to prevent LDAP injection vulnerabilities.
     *
     * @param filter the LDAP search filter to escape (null is treated as empty string)
     * @return the escaped filter string safe for use in LDAP queries (empty string if filter is null)
     * @see <a href="https://tools.ietf.org/html/rfc4515">RFC 4515 - LDAP String Representation of Search Filters</a>
     */

import org.codelibs.fess.util.ComponentUtil;
import org.dbflute.optional.OptionalThing;

/**
 * An LDAP user.
 */
public class LdapUser implements FessUser {

    private static final long serialVersionUID = 1L;

    /** The environment for LDAP connection. */
    protected Hashtable<String, String> env;

    /** The name of the user. */
    protected String name;

    public Integer purgeSuggestSearchLogDay;

    /**
     * LDAP server URL for authentication.
     * Used when LDAP authentication is enabled.
     */
    @Size(max = 1000)
    public String ldapProviderUrl;

    /**
     * LDAP security principal for binding to the LDAP server.
     * Used for authenticating with the LDAP server.
     */
    @Size(max = 1000)
    public String ldapSecurityPrincipal;

ldap.role.search.role.enabled=true

# LDAP attribute for surname.
ldap.attr.surname=sn
# LDAP attribute for given name.
ldap.attr.givenName=givenName
# LDAP attribute for employee number.
ldap.attr.employeeNumber=employeeNumber
# LDAP attribute for mail.
ldap.attr.mail=mail
# LDAP attribute for telephone number.
ldap.attr.telephoneNumber=telephoneNumber

	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio-go/v7/pkg/set"
	"github.com/minio/minio/internal/config"
	cfgldap "github.com/minio/minio/internal/config/identity/ldap"
	"github.com/minio/minio/internal/config/identity/openid"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/ldap"
	"github.com/minio/pkg/v3/policy"
)

func addOrUpdateIDPHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, isUpdate bool) {

    /** The key of the configuration. e.g. cn=%s */
    String LDAP_ADMIN_GROUP_FILTER = "ldap.admin.group.filter";

    /** The key of the configuration. e.g. ou=Group,dc=fess,dc=codelibs,dc=org */
    String LDAP_ADMIN_GROUP_BASE_DN = "ldap.admin.group.base.dn";

    /** The key of the configuration. e.g. groupOfNames */