if gi == nil {
		return
	}
	for _, member := range gi.Members {
		v := c.iamUserGroupMemberships[member]
		if v == nil {
			v = set.CreateStringSet(group)
		} else {
			v.Add(group)
		}
		c.iamUserGroupMemberships[member] = v
	}
}

// removeGroupFromMembershipsMap - removes the group from every member
// in the cache. IMPORTANT: Assumes c.Lock() is held by caller.

		"lookup_bind_password=admin",
		"user_dn_search_base_dn=dc=min,dc=io",
		"user_dn_search_filter=(uid=%s)",
		"group_search_base_dn=ou=swengg,dc=min,dc=io",
		"group_search_filter=(&(objectclass=groupofnames)(member=%d))",
	}
	_, err := s.adm.SetConfigKV(ctx, strings.Join(configCmds, " "))
	if err != nil {
		c.Fatalf("unable to setup LDAP for tests: %v", err)
	}

	s.RestartIAMSuite(c)
}

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrParseExpectedMember: {
		Code:           "ParseExpectedMember",
		Description:    "The SQL expression contains an unsupported use of MEMBER.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrParseUnsupportedSelect: {
		Code:           "ParseUnsupportedSelect",
		Description:    "The SQL expression contains an unsupported use of SELECT.",

		// CREATE DATABASE gorm;
		// GO
		// CREATE LOGIN gorm WITH PASSWORD = 'LoremIpsum86';
		// CREATE USER gorm FROM LOGIN gorm;
		// ALTER SERVER ROLE sysadmin ADD MEMBER [gorm];
		// GO
		log.Println("testing sqlserver...")
		if dbDSN == "" {
			dbDSN = sqlserverDSN
		}
		db, err = gorm.Open(sqlserver.Open(dbDSN), cfg)
	case "tidb":
		log.Println("testing tidb...")

		return
	}

	// Reject if the group add and remove are temporary credentials, or root credential.
	for _, member := range updReq.Members {
		ok, _, err := globalIAMSys.IsTempUser(member)
		if err != nil && err != errNoSuchUser {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
		if ok {

		//	---------- 0/0               0 2017-07-13 19:40 global1
		//	---------- 0/0               0 2017-07-13 19:40 file2
		//	gnutar: Substituting `.' for empty member name
		//	---------- 0/0               0 1969-12-31 16:00
		//	gnutar: Substituting `.' for empty member name
		//	---------- 0/0               0 2014-05-13 09:53
		//
		// According to the PAX specification, this should have been the result:

	}
	numEntries, err := strconv.ParseInt(nextToken(), 10, 0) // Intentionally parse as native int
	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
		return nil, ErrHeader
	}

	// Parse for all member entries.
	// numEntries is trusted after this since a potential attacker must have
	// committed resources proportional to what this library used.
	if err := feedTokens(2 * numEntries); err != nil {
		return nil, err
	}

		selector := klabels.SelectorFromSet(labels)
		if selector.Matches(podsLabels) {
			cfgs = append(cfgs, cfg)
		}
	}

	return cfgs
}

// printConfigs prints the applied configs based on the member's type.
// When there is the array is empty, caller should make sure the intended
// log is handled in their methods.
func printConfigs(writer io.Writer, configs []*config.Config) {
	if len(configs) == 0 {
		return

			// expired.
			nonExistentUsers = append(nonExistentUsers, dn)
		}
	}
	return nonExistentUsers, nil
}

// LookupGroupMemberships - for each DN finds the set of LDAP groups they are a
// member of.
func (l *Config) LookupGroupMemberships(userDistNames []string, userDNToUsernameMap map[string]string) (map[string]set.StringSet, error) {
	conn, err := l.LDAP.Connect()
	if err != nil {
		return nil, err
	}

		cause:      err,
	}
}

func errParseExpectedMember(err error) *s3Error {
	return &s3Error{
		code:       "ParseExpectedMember",
		message:    "The SQL expression contains an unsupported use of MEMBER.",
		statusCode: 400,
		cause:      err,
	}
}

func errParseUnsupportedCase(err error) *s3Error {
	return &s3Error{
		code:       "ParseUnsupportedCase",