- name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Check used wrapper
        run: |
          set -eu
          for commit in $(git rev-list ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}); do
              git checkout $commit --quiet --detach

	// 6. Check that service account cannot be created for some other user.
	c.mustNotCreateSvcAccount(ctx, globalActiveCred.AccessKey, userAdmClient)

	// Detach the policy from the user
	if _, err = s.adm.DetachPolicyLDAP(ctx, userReq); err != nil {
		c.Fatalf("Unable to detach user policy: %v", err)
	}
}

func (s *TestSuiteIAM) TestLDAPSTSServiceAccountsWithUsername(c *check) {

```sh
mc idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
```

```sh
mc idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
```

To remove a policy association, use the similar `detach` command:

```sh
mc idp ldap policy detach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'

		return
	}

	// Validate operation
	operation := mux.Vars(r)["operation"]
	if operation != "attach" && operation != "detach" {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminInvalidArgument), r.URL)
		return
	}

	isAttach := operation == "attach"

	// Validate API arguments in body.
	password := cred.SecretKey

	}
	_, ok := ps[policy1]
	if !ok {
		c.Fatalf("policy was missing!")
	}

	// Detach policy1 to set up for policy2
	_, err = s.adm.DetachPolicy(ctx, madmin.PolicyAssociationReq{
		Policies: []string{policy1},
		User:     accessKey,
	})
	if err != nil {
		c.Fatalf("unable to detach policy: %v", err)
	}

	// 3.2 associate policy to user

// operation, we fetch this info from storage, and refresh the cache as well.
func (store *IAMStoreSys) ListGroups(ctx context.Context) (res []string, err error) {
	cache := store.lock()
	defer store.unlock()

	return store.updateGroups(ctx, cache)
}

// listGroups - lists groups - fetch groups from cache

		return
	}

	operation := mux.Vars(r)["operation"]
	if operation != "attach" && operation != "detach" {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminInvalidArgument), r.URL)
		return
	}
	isAttach := operation == "attach"

	password := cred.SecretKey
	reqBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))

					var changed bool
					clearField := true
					for i, sz := range version.ObjectV2.PartActualSizes {
						if len(version.ObjectV2.PartIndices) > i {
							// 8<<20 is current 'compMinIndexSize', but we detach it in case it should change in the future.
							if sz <= 8<<20 && len(version.ObjectV2.PartIndices[i]) > 0 {
								changed = true
								version.ObjectV2.PartIndices[i] = nil
							}

	if r.User != "" {
		dnResult, err = sys.LDAPConfig.GetValidatedDNForUsername(r.User)
		if err != nil {
			iamLogIf(ctx, err)
			return
		}
		if dnResult == nil {
			// dn not found - still attempt to detach if provided user is a DN.
			if !isAttach && sys.LDAPConfig.IsLDAPUserDN(r.User) {
				dn = sys.LDAPConfig.QuickNormalizeDN(r.User)
			} else {
				err = errNoSuchUser
				return
			}
		} else {

Sofie Van Landeghem <******@****.***> 1757061224 +0200