cred, err := auth.GetNewCredentialsWithMetadata(claims, globalActiveCred.SecretKey)
	if err != nil {
		return nil, err
	}

	// Set the parent of the temporary access key, this is useful
	// in obtaining service accounts by this cred.
	cred.ParentUser = lookupResult.NormDN

	// Set this value to LDAP groups, LDAP user can be part
	// of large number of groups
	cred.Groups = targetGroups

		SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
		SID_NAME_ALIAS    = 4, /* local group */
		SID_NAME_WKN_GRP  = 5, /* well-known group */
		SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
		SID_NAME_INVALID  = 7, /* invalid account */
		SID_NAME_UNKNOWN  = 8  /* oops. */
	} LsarSidType;

	typedef struct {
		LsarSidType sid_type;
		uint32_t rid;
		uint32_t sid_index;
	} LsarTranslatedSid;

		SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
		SID_NAME_ALIAS    = 4, /* local group */
		SID_NAME_WKN_GRP  = 5, /* well-known group */
		SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
		SID_NAME_INVALID  = 7, /* invalid account */
		SID_NAME_UNKNOWN  = 8  /* oops. */
	} LsarSidType;

	typedef struct {
		LsarSidType sid_type;
		uint32_t rid;
		uint32_t sid_index;
	} LsarTranslatedSid;

			Key:         LookupBindDN,
			Description: `DN for LDAP read-only service account used to perform DN and group lookups` + defaultHelpPostfix(LookupBindDN),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         LookupBindPassword,
			Description: `Password for LDAP read-only service account used to perform DN and group lookups` + defaultHelpPostfix(LookupBindPassword),

          export VAULT_TOKEN
          export data=$(vault read -format=json secret/elasticsearch-ci/azure_thirdparty_sas_test_creds)
          export azure_storage_account=$(echo $data | jq -r .data.account_id)
          export azure_storage_sas_token=$(echo $data | jq -r .data.account_sas_token)
          unset VAULT_TOKEN data
          set -x

  login credentials.

- Allows authentication and access for all
  - Built-in IDP users and their respective service accounts
  - LDAP/AD users and their respective service accounts
  - OpenID/OIDC service accounts

- On versioned buckets, FTP/SFTP only operates on latest objects, if you need to retrieve

          export VAULT_TOKEN
          export data=$(vault read -format=json secret/elasticsearch-ci/azure_thirdparty_test_creds)
          export azure_storage_account=$(echo $data | jq -r .data.account_id)
          export azure_storage_key=$(echo $data | jq -r .data.account_key)
          unset VAULT_TOKEN data
          set -x

    return form_data


@app.get("/users/me")
def read_users_me(current_user: User | None = Depends(get_current_user)):
    if current_user is None:
        return {"msg": "Create an account first"}
    return current_user


client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})

./mc admin service restart myminio --json
./mc ready myminio
./mc admin cluster iam import myminio docs/distributed/samples/myminio-iam-info.zip
sleep 10

# Verify the list of users and service accounts from the import
./mc admin user list myminio
USER_COUNT=$(./mc admin user list myminio | wc -l)
if [ "${USER_COUNT}" -ne 2 ]; then
	echo "BUG: Expected no of users: 2 Found: ${USER_COUNT}"
	exit 1
fi

    return form_data


@app.get("/users/me")
def read_users_me(current_user: User | None = Depends(get_current_user)):
    if current_user is None:
        return {"msg": "Create an account first"}
    return current_user


client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})