if (name != null) {
            sourceMap.put("name", name);
        }
        if (password != null) {
            sourceMap.put("password", password);
        }
        if (groups != null) {
            sourceMap.put("groups", groups);
        }
        if (roles != null) {
            sourceMap.put("roles", roles);
        }
        if (attributes != null) {
            sourceMap.putAll(attributes);
        }

                                    </la:info>
                                    <la:errors property="_global"/>
                                </div>
                                <div class="form-group row">
                                    <label for="name" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.name"/></label>

					<div class="input-group mb-3">
						<c:set var="ph_new_password">
							<la:message key="labels.profile.placeholder_new_password" />
						</c:set>
						<la:password property="newPassword" class="form-control"
									 placeholder="${ph_new_password}" />
						<div class="input-group-append">
							<span class="input-group-text"><em class="fa fa-lock fa-fw"></span>
						</div>
					</div>
					<div class="input-group mb-3">

	}

	// Set the parent of the temporary access key, this is useful
	// in obtaining service accounts by this cred.
	cred.ParentUser = ldapUserDN

	// Set this value to LDAP groups, LDAP user can be part
	// of large number of groups
	cred.Groups = groupDistNames

	// Set the newly generated credentials, policyName is empty on purpose
	// LDAP policies are applied automatically using their ldapUser, ldapGroups
	// mapping.

	// TargetStrip > 0 we strip the left most TargetStrip labels from the
	// DNS name.
	TargetStrip int `json:"targetstrip,omitempty"`

	// Group is used to group (or *not* to group) different services
	// together. Services with an identical Group are returned in
	// the same answer.
	Group string `json:"group,omitempty"`

	// Key carries the original key used during Put().
	Key string `json:"-"`

        assertNull(permissionHelper.encode("{role}"));
        assertNull(permissionHelper.encode("{group}"));
        assertNull(permissionHelper.encode("(allow)"));
        assertNull(permissionHelper.encode("(allow){user}"));
        assertNull(permissionHelper.encode("(allow){group}"));
        assertNull(permissionHelper.encode("(allow){group}"));
        assertNull(permissionHelper.encode("(deny)"));

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.api.admin.group;

import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.getGroup;
import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.validateAttributes;

import java.util.List;
import java.util.stream.Collectors;

import org.apache.logging.log4j.LogManager;

                                    </la:info>
                                    <la:errors property="_global"/>
                                </div>
                                <div class="form-group row">
                                    <label for="hostname" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.webauth_hostname"/></label>

                                <div class="form-group row">
                                    <la:info id="msg" message="true">
                                        <div class="alert alert-info">${msg}</div>
                                    </la:info>
                                    <la:errors property="_global"/>
                                </div>
                                <div class="form-group row">

		if _, ok = eclaims[policy.SessionPolicyName]; ok {
			owner = false
		} else {
			owner = globalActiveCred.AccessKey == ucred.ParentUser
		}

		groups = ucred.Groups
	}

	return claims, groups, owner, nil
}

// newCachedAuthToken returns the cached token.
func newCachedAuthToken() func() string {
	return func() string {
		return globalNodeAuthToken
	}