const operationTimeout = 10 * time.Second
	ldap := madmin.LDAP{}
	if globalIAMSys.LDAPConfig.Enabled() {
		ldapConn, err := globalIAMSys.LDAPConfig.LDAP.Connect()
		//nolint:gocritic
		if err != nil {
			ldap.Status = string(madmin.ItemOffline)
		} else if ldapConn == nil {
			ldap.Status = "Not Configured"
		} else {
			// Close ldap connection to avoid leaks.
			ldapConn.Close()

        assertFalse(protocolHelper.isValidWebProtocol("file://example.com"));
        assertFalse(protocolHelper.isValidWebProtocol("smb://example.com"));
        assertFalse(protocolHelper.isValidWebProtocol("ldap://example.com"));
        assertFalse(protocolHelper.isValidWebProtocol("example.com"));
        assertFalse(protocolHelper.isValidWebProtocol(""));
        assertFalse(protocolHelper.isValidWebProtocol("xyz"));
    }

     * UnknownHostException uhe = null;
     *
     * try {
     * context = new InitialDirContext();
     * for ( ;; ) {
     * try {
     * Attributes attributes = context.getAttributes(
     * "dns:/_ldap._tcp.dc._msdcs." + name,
     * new String[] { "SRV" }
     * );
     * return name;
     * } catch (NameNotFoundException nnfe) {
     * uhe = new UnknownHostException(nnfe.getMessage());
     * }

Dex is an identity service that uses OpenID Connect to drive authentication for apps. Dex acts as a portal to other identity providers through "connectors." This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.

## Prerequisites

	github.com/eclipse/paho.mqtt.golang v1.5.0
	github.com/elastic/go-elasticsearch/v7 v7.17.10
	github.com/fatih/color v1.18.0
	github.com/felixge/fgprof v0.9.5
	github.com/fraugster/parquet-go v0.12.0
	github.com/go-ldap/ldap/v3 v3.4.11
	github.com/go-openapi/loads v0.22.0
	github.com/go-sql-driver/mysql v1.9.2
	github.com/gobwas/ws v1.4.0
	github.com/golang-jwt/jwt/v4 v4.5.2
	github.com/gomodule/redigo v1.9.2
	github.com/google/uuid v1.6.0

		return madmin.BuiltinProvider // regular users are always internal
	}

	claims := credentials.Claims
	if _, ok := claims[ldapUser]; ok {
		return madmin.LDAPProvider // ldap users
	}

	if _, ok := claims[subClaim]; ok {
		providerPrefix, _, found := strings.Cut(credentials.ParentUser, getKeySeparator())
		if found {
			return providerPrefix // this is true for certificate and custom providers

	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/mcontext"
)

var ldapPwdRegex = regexp.MustCompile("(^.*?)LDAPPassword=([^&]*?)(&(.*?))?$")

// redact LDAP password if part of string
func redactLDAPPwd(s string) string {
	parts := ldapPwdRegex.FindStringSubmatch(s)
	if len(parts) > 3 {
		return parts[1] + "LDAPPassword=*REDACTED*" + parts[3]
	}
	return s
}

     * @return The role query helper.
     */
    public static RoleQueryHelper getRoleQueryHelper() {
        return getComponent(ROLE_QUERY_HELPER);
    }

    /**
     * Gets the LDAP manager component.
     * @return The LDAP manager.
     */
    public static LdapManager getLdapManager() {
        return getComponent(LDAP_MANAGER);
    }

    /**
     * Gets the activity helper component.

### 4. Test with MinIO STS API

Once etcd is configured, **any STS configuration** will work including Client Grants, Web Identity or AD/LDAP.

## Introduction

MinIO provides a custom STS API that allows authentication with client X.509 / TLS certificates.

A major advantage of certificate-based authentication compared to other STS authentication methods, like OpenID Connect or LDAP/AD, is that client authentication works without any additional/external component that must be constantly available. Therefore, certificate-based authentication may provide better availability / lower operational complexity.