if err != nil {
			t.Fatal(err)
		}
		_, err = globalIAMSys.PolicyDBSet(ctx, accessKey, testKMSPolicyName, regUser, false)
		if err != nil {
			t.Fatal(err)
		}
	} else {
		err = globalIAMSys.DeletePolicy(ctx, testKMSPolicyName, false)
		if err != nil {
			t.Fatal(err)
		}
		_, err = globalIAMSys.PolicyDBSet(ctx, accessKey, "", regUser, false)
		if err != nil {
			t.Fatal(err)
		}
	}

		return sys.store.ListGroups(ctx)
	case <-ctx.Done():
		return nil, ctx.Err()
	}
}

// PolicyDBSet - sets a policy for a user or group in the PolicyDB. This does
// not validate if the user/group exists - that is the responsibility of the
// caller.
func (sys *IAMSys) PolicyDBSet(ctx context.Context, name, policy string, userType IAMUserType, isGroup bool) (updatedAt time.Time, err error) {
	if !sys.Initialized() {

			}
			entityName = foundUserDN.NormDN
		}
		if err != nil {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
	}

	updatedAt, err := globalIAMSys.PolicyDBSet(ctx, entityName, policyName, userType, isGroup)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

}

// PolicyDBSet - update the policy mapping for the given user or group in
// storage and in cache. We do not check for the existence of the user here
// since users can be virtual, such as for:
//   - LDAP users
//   - CommonName for STS accounts generated by AssumeRoleWithCertificate

			} else if foundUserDN == nil {
				err = errNoSuchUser
			}
			entityName = foundUserDN.NormDN
		}
		if err != nil {
			return wrapSRErr(err)
		}
	}

	_, err := globalIAMSys.PolicyDBSet(ctx, entityName, mapping.Policy, userType, isGroup)
	if err != nil {
		return wrapSRErr(err)
	}
	return nil
}

// PeerSTSAccHandler - replicates STS credential locally.