ntHash = new byte[0];
                    writeString(password, lmHash, 0);
                }
                accountName = auth.username;
                if (useUnicode) {
                    accountName = accountName.toUpperCase();
                }
                primaryDomain = auth.domain.toUpperCase();
            } else if (cred instanceof byte[]) {

                        this.accountName = a.getUsername();
                        if (this.isUseUnicode()) {
                            this.accountName = this.accountName.toUpperCase();
                        }
                        this.primaryDomain = a.getUserDomain() != null ? a.getUserDomain().toUpperCase() : "?";
                    } else {
                        this.accountName = "";

	}

	return len(resp.Segment.BlobItems) > 0, nil
}

type azureConf struct {
	madmin.TierAzure
}

func (conf azureConf) Validate() error {
	switch {
	case conf.AccountName == "":
		return errors.New("the account name is required")
	case conf.AccountKey != "" && (conf.SPAuth.TenantID != "" || conf.SPAuth.ClientID != "" || conf.SPAuth.ClientSecret != ""):

            }

            @Override
            public String toDisplayString() {
                return "DOMAIN\\" + accountName;
            }

            @Override
            public String getAccountName() {
                return accountName;
            }

            @Override
            public String getDomainName() {
                return "DOMAIN";
            }

        String accountName = (String) getField(obj, "accountName");
        String primaryDomain = (String) getField(obj, "primaryDomain");

        // The actual implementation keeps lowercase for guest when Unicode is not enabled
        assertEquals("guest", accountName);
        assertEquals("DOM", primaryDomain);

			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.BypassGovernanceRetentionAction,
			BucketName:      bucketName,
			ObjectName:      objectName,
			ConditionValues: conditions,
			IsOwner:         owner,
			Claims:          cred.Claims,
		})
	}
	if globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,

		if err != nil {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
	}

	accountName := cred.AccessKey
	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		accountName = cred.ParentUser
	}

	roleArn := policy.Args{Claims: cred.Claims}.GetRoleArn()

    @Test
    void toStringContainsKeyFields() {
        SmbSession session = new SmbSession(addr, 445, inet, 0, auth);
        String s = session.toString();
        assertTrue(s.contains("accountName="), "toString should contain accountName");
        assertTrue(s.contains("primaryDomain="), "toString should contain primaryDomain");
        assertTrue(s.contains("uid="), "toString should contain uid");
    }

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.ListServiceAccountsAdminAction,
			ConditionValues: getConditionValues(r, "", cred),
			IsOwner:         owner,

		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)
		return
	}

	// Empty DN list and not self, list access keys for all users
	if isAll {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.ListUsersAdminAction,
			ConditionValues: getConditionValues(r, "", cred),
			IsOwner:         owner,
			Claims:          cred.Claims,