import org.codelibs.fess.util.ComponentUtil;
import org.dbflute.optional.OptionalThing;

public class LdapUser implements FessUser {

    private static final long serialVersionUID = 1L;

    protected Hashtable<String, String> env;

    protected String name;

    protected String[] permissions = null;

    public LdapUser(final Hashtable<String, String> env, final String name) {
        this.env = env;
        this.name = name;

nt":"uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io","accessKey":"bobfisher-svcacct-1","secretKey":"bobfisher-svcacct-1","groups":null,"claims":{"accessKey":"bobfisher-svcacct-1","ldapActualUser":"uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io","ldapUser":"uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io","ldapUsername":"bobfisher","parent":"uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io","sa-policy":"inherited-policy"},"sessionPolicy":null,"status":"on","name":"","description":"","expiration":"19...

        });
        LdapManager ldapManager = new LdapManager();
        ldapManager.fessConfig = ComponentUtil.getFessConfig();
        final List<String> permissionList = new ArrayList<>();
        LdapUser user = new LdapUser(new Hashtable<>(), "test") {
            @Override
            public String[] getPermissions() {
                return permissionList.toArray(n -> new String[n]);
            }
        };

        try (DirContextHolder holder = getDirContext(() -> env)) {
            final DirContext context = holder.get();
            final LdapUser ldapUser = createLdapUser(username, env);
            if (!allowEmptyGroupAndRole(ldapUser)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Login failed. No permissions. {}", context);
                }

            if (!fessConfig.isAdminUser(username)) {
                final OptionalEntity<FessUser> ldapUser = ComponentUtil.getLdapManager().login(username, password);
                if (ldapUser.isPresent()) {
                    return ldapUser;
                }
            }
            return doFindLoginUser(username, encryptPassword(password));
        });

			if err != nil {
				return nil, err
			}
			claims := make(map[string]interface{})
			claims[expClaim] = UTCNow().Add(expiryDur).Unix()

			claims[ldapUser] = lookupResult.NormDN
			claims[ldapActualUser] = lookupResult.ActualDN
			claims[ldapUserN] = ctx.Sess.LoginUser()

			// Add LDAP attributes that were looked up into the claims.
			for attribKey, attribValue := range lookupResult.Attributes {

	audClaim = "aud"
	issClaim = "iss"

	// JWT claim to check the parent user
	parentClaim = "parent"

	// LDAP claim keys
	ldapUser       = "ldapUser"       // this is a key name for a normalized DN value
	ldapActualUser = "ldapActualUser" // this is a key name for the actual DN value
	ldapUserN      = "ldapUsername"   // this is a key name for the short/login username
	// Claim key-prefix for LDAP attributes
	ldapAttribPrefix = "ldapAttrib_"

	}

	expiryDur, err := globalIAMSys.LDAPConfig.GetExpiryDuration("")
	if err != nil {
		return nil, err
	}

	claims[expClaim] = UTCNow().Add(expiryDur).Unix()
	claims[ldapUserN] = user
	claims[ldapUser] = lookupResult.NormDN

	cred, err := auth.GetNewCredentialsWithMetadata(claims, globalActiveCred.SecretKey)
	if err != nil {
		return nil, err
	}

			selfDN = cred.ParentUser
		}
		dnList = append(dnList, selfDN)
	}

	var ldapUserList []string
	if isAll {
		ldapUsers, err := globalIAMSys.ListLDAPUsers(ctx)
		if err != nil {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
		for user := range ldapUsers {
			ldapUserList = append(ldapUserList, user)
		}
	} else {
		for _, userDN := range dnList {
			// Validate the userDN

	}

	// Extract the username and lookup DN and groups in LDAP.
	ldapUser, isLDAPSTS := claims.Lookup(ldapUserN)
	if isLDAPSTS {
		// Need to lookup the groups from LDAP.
		_, ldapGroups, err := globalIAMSys.LDAPConfig.LookupUserDN(ldapUser)
		if err != nil {
			return fmt.Errorf("unable to query LDAP server for %s: %w", ldapUser, err)
		}

		cred.Groups = ldapGroups
	}