if err != nil {
							err = msgp.WrapError(err, "Tiers", za0001, "TotalSize")
							return
						}
					case "nv":
						za0002.NumVersions, err = dc.ReadInt()
						if err != nil {
							err = msgp.WrapError(err, "Tiers", za0001, "NumVersions")
							return
						}
					case "no":
						za0002.NumObjects, err = dc.ReadInt()
						if err != nil {

				err = msgp.WrapError(err, "Attempts")
				return
			}
		case "cmp":
			z.Complete, err = dc.ReadBool()
			if err != nil {
				err = msgp.WrapError(err, "Complete")
				return
			}
		case "fld":
			z.Failed, err = dc.ReadBool()
			if err != nil {
				err = msgp.WrapError(err, "Failed")
				return
			}
		case "lbkt":
			z.Bucket, err = dc.ReadString()
			if err != nil {

			if err != nil {
				err = msgp.WrapError(err, "Name")
				return
			}
		case "Created":
			z.Created, err = dc.ReadTime()
			if err != nil {
				err = msgp.WrapError(err, "Created")
				return
			}
		case "LockEnabled":
			z.LockEnabled, err = dc.ReadBool()
			if err != nil {
				err = msgp.WrapError(err, "LockEnabled")
				return
			}
		case "PolicyConfigJSON":

	logger.LogIf(ctx, "authZ", err, errKind...)
}

func peersLogIf(ctx context.Context, err error, errKind ...interface{}) {
	if !errors.Is(err, grid.ErrDisconnected) {
		logger.LogIf(ctx, "peers", err, errKind...)
	}
}

func peersLogAlwaysIf(ctx context.Context, err error, errKind ...interface{}) {
	if !errors.Is(err, grid.ErrDisconnected) {
		logger.LogAlwaysIf(ctx, "peers", err, errKind...)

	if err != nil {
		t.Fatal(err)
	}

	// Checking abandoned parts should do nothing
	err = er.checkAbandonedParts(ctx, bucket, object, madmin.HealOpts{ScanMode: madmin.HealNormalScan, Remove: true})
	if err != nil {
		t.Fatal(err)
	}

	_, err = er.HealObject(ctx, bucket, object, "", madmin.HealOpts{ScanMode: madmin.HealNormalScan})
	if err != nil {
		t.Fatal(err)
	}

		c.Fatalf("expected err(%s) but got (%s)", errAuthentication, err)
	}

	newSSHCon = newSSHConnMock("dillon")
	_, err = sshPubKeyAuth(newSSHCon, testKey)
	if err == nil || !errors.Is(err, errNoSuchUser) {
		c.Fatalf("expected err(%s) but got (%s)", errNoSuchUser, err)
	}
}

func (s *TestSuiteIAM) SFTPPublicKeyAuthentication(c *check) {
	keyBytes, err := os.ReadFile("./testdata/dillon_test_key.pub")

	v := BaseOptions{}
	bts, err := v.MarshalMsg(nil)
	if err != nil {
		t.Fatal(err)
	}
	left, err := v.UnmarshalMsg(bts)
	if err != nil {
		t.Fatal(err)
	}
	if len(left) > 0 {
		t.Errorf("%d bytes left over after UnmarshalMsg(): %q", len(left), left)
	}

	left, err = msgp.Skip(bts)
	if err != nil {
		t.Fatal(err)
	}
	if len(left) > 0 {

	err = minioClient.RemoveObject(ctx, bucket, "someobject", minio.RemoveObjectOptions{})
	if err.Error() != "Access Denied." {
		c.Fatalf("unexpected non-access-denied err: %v", err)
	}

	if _, err = s.adm.DetachPolicyLDAP(ctx, userReq); err != nil {
		c.Fatalf("Unable to detach user policy: %v", err)
	}

	_, err = ldapID.Retrieve()
	if err == nil {

	conn, err := l.LDAP.Connect()
	if err != nil {
		return nil, nil, err
	}
	defer conn.Close()

	// Bind to the lookup user account
	if err = l.LDAP.LookupBind(conn); err != nil {
		return nil, nil, err
	}

	// Lookup user DN
	lookupRes, err := l.LDAP.LookupUsername(conn, username)
	if err != nil {
		errRet := fmt.Errorf("Unable to find user DN: %w", err)

	password := cred.SecretKey

	allCredentials, err := globalIAMSys.ListBucketUsers(ctx, bucket)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	data, err := json.Marshal(allCredentials)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	econfigData, err := madmin.EncryptData(password, data)
	if err != nil {