if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	userDN := r.Form.Get("userDN")

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,

}`)

	err := s.adm.AddCannedPolicy(ctx, policy, policyBytes)
	if err != nil {
		c.Fatalf("policy add error: %v", err)
	}

	{
		userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
		userReq := madmin.PolicyAssociationReq{
			Policies: []string{policy},
			User:     userDN,
		}
		if _, err := s.adm.AttachPolicyLDAP(ctx, userReq); err != nil {
			c.Fatalf("Unable to attach policy: %v", err)
		}

     * Adds user attributes to the LDAP entry for user creation.
     *
     * @param entry the BasicAttributes to add user attributes to
     * @param user the user object containing attribute values
     */
    protected void addUserAttributes(final BasicAttributes entry, final User user) {
        entry.put(new BasicAttribute("cn", user.getName()));
        entry.put(new BasicAttribute("userPassword", user.getOriginalPassword()));

		// Remove user IAM
		adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-user").HandlerFunc(adminMiddleware(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}")

		// List users
		adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-users").HandlerFunc(adminMiddleware(adminAPI.ListBucketUsers)).Queries("bucket", "{bucket:.*}")

	}
	return validDN, err
}

// GetValidatedUserDN validates the given user DN. Will error out if conn is nil. The returned
// boolean is true iff the user DN is found under one of the LDAP user base DNs.
func (l *Config) GetValidatedUserDN(conn *ldap.Conn, userDN string) (*xldap.DNSearchResult, bool, error) {
	return l.GetValidatedDNUnderBaseDN(conn, userDN,
		l.LDAP.GetUserDNSearchBaseDistNames(), l.LDAP.GetUserDNAttributesList())
}

		case len(entities.UserMappings) != 1:
			c.Fatalf("Expected to find exactly one user mapping")
		case entities.UserMappings[0].User != testCase.expectedOutDN:
			c.Fatalf("Expected user DN `%s`, found `%s`", testCase.expectedOutDN, entities.UserMappings[0].User)
		case len(entities.UserMappings[0].Policies) != 1:
			c.Fatalf("Expected exactly one policy attached to user")
		case entities.UserMappings[0].Policies[0] != policy:

		CheckUser(t, user, users2[idx])
	}
}

func TestJoinConds(t *testing.T) {
	user := *GetUser("joins-conds", Config{Account: true, Pets: 3})
	DB.Save(&user)

	var users1 []User
	DB.Joins("inner join pets on pets.user_id = users.id").Where("users.name = ?", user.Name).Find(&users1)
	if len(users1) != 3 {
		t.Errorf("should find two users using left join, but got %v", len(users1))
	}

	var users2 []User

 */
package org.codelibs.fess.opensearch.user.cbean.bs;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import org.codelibs.fess.opensearch.user.allcommon.EsAbstractConditionBean;
import org.codelibs.fess.opensearch.user.bsentity.dbmeta.UserDbm;
import org.codelibs.fess.opensearch.user.cbean.UserCB;
import org.codelibs.fess.opensearch.user.cbean.ca.UserCA;

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.opensearch.user.cbean;

import org.codelibs.fess.opensearch.user.cbean.bs.BsUserCB;

/**
 * @author ESFlute (using FreeGen)
 */
public class UserCB extends BsUserCB {

     * Handles user authentication setup and database persistence.
     * If the surname is blank, it will be set to the user's name.
     *
     * @param user the user entity to store
     */
    public void store(final User user) {
        final String username = user.getName();
        final boolean isUpdate = StringUtil.isNotBlank(user.getId());

        if (logger.isDebugEnabled()) {