user := GetUser("TestJoinWithSoftDeletedUser", Config{Account: true, NamedPet: true})
	DB.Create(&user)

	var user1 User
	DB.Model(&User{}).Joins("NamedPet").Joins("Account").First(&user1, user.ID)
	if user1.NamedPet == nil || user1.Account.ID == 0 {
		t.Fatalf("joins NamedPet and Account should not empty:%v", user1)
	}

	// Account should empty
	DB.Delete(&user1.Account)

	var user2 User

		t.Fatalf("errors happened when create: %v", err)
	}

	user.Account = Account{Number: "account-has-one-association"}

	if err := DB.Save(&user).Error; err != nil {
		t.Fatalf("errors happened when update: %v", err)
	}

	var user2 User
	DB.Preload("Account").Find(&user2, "id = ?", user.ID)
	CheckUser(t, user2, user)

	user.Account.Number += "new"
	if err := DB.Save(&user).Error; err != nil {

		t.Errorf("should update two records, but got %v", rowsAffected)
	}

	var results []User

	}

	var users2 []User
	DB.Preload("Account", clause.Eq{Column: "number", Value: users[0].Account.Number}).Find(&users2, "id IN ?", userIDs)
	sort.Slice(users2, func(i, j int) bool {
		return users2[i].ID < users2[j].ID
	})

	for idx, user := range users2[1:2] {
		if user.Account.Number != "" {
			t.Errorf("No account should found for user %v but got %v", idx+2, user.Account.Number)
		}
	}

- `account` client_id is a confidential client that belongs to the realm `{realm}`
- `account` client_id is has **Service Accounts Enabled** option enabled.
- `account` client_id has a custom "Audience" mapper, in the Mappers section.
  - Included Client Audience: security-admin-console

#### Adding 'admin' Role

		"ManagerID", "Active")

	t.Run("Account", func(t *testing.T) {
		AssertObjEqual(t, user.Account, expect.Account, "ID", "CreatedAt", "UpdatedAt", "DeletedAt", "UserID", "Number")

		if user.Account.Number != "" {
			if !user.Account.UserID.Valid {
				t.Errorf("Account's foreign key should be saved")
			} else {
				var account Account
				db(unscoped).First(&account, "user_id = ?", user.ID)

	}

	for key, value := range map[string]int64{"Account": 1, "Pets": 2, "Toys": 4, "Company": 1, "Manager": 1, "Team": 1, "Languages": 0, "Friends": 0} {
		if count := DB.Unscoped().Model(&user).Association(key).Count(); count != value {
			t.Errorf("user's %v expects: %v, got %v", key, value, count)
		}
	}

	user.Birthday = nil
	user.Account = Account{}
	user.Toys = nil
	user.Manager = nil

	CheckUser(t, result, user)

	user2 := *GetUser("omit_create", Config{Account: true, Pets: 3, Toys: 3, Company: true, Manager: true, Team: 3, Languages: 3, Friends: 4})
	DB.Omit(clause.Associations).Create(&user2)

	var result2 User
	DB.Preload(clause.Associations).First(&result2, user2.ID)

	user2.Account = Account{}
	user2.Toys = nil

	c.assertSvcAccS3Access(ctx, s, cr, bucket)

	// 3. Check that svc account can restrict the policy, and that the
	// session policy can be updated.
	c.assertSvcAccSessionPolicyUpdate(ctx, s, s.adm, accessKey, bucket)

	// 4. Check that service account's secret key and account status can be
	// updated.
	c.assertSvcAccSecretKeyAndStatusUpdate(ctx, s, s.adm, accessKey, bucket)

}

// GetNonEligibleUserDistNames - find user accounts (DNs) that are no longer
// present in the LDAP server or do not meet filter criteria anymore
func (l *Config) GetNonEligibleUserDistNames(userDistNames []string) ([]string, error) {
	conn, err := l.LDAP.Connect()
	if err != nil {
		return nil, err
	}
	defer conn.Close()

	// Bind to the lookup user account
	if err = l.LDAP.LookupBind(conn); err != nil {