import jcifs.smb1.dcerpc.DcerpcHandle;
import jcifs.smb1.dcerpc.rpc;
import jcifs.smb1.smb1.SmbException;

/**
 * LSA policy handle for Local Security Authority operations.
 */
public class LsaPolicyHandle extends rpc.policy_handle {

    DcerpcHandle handle;

    /**
     * Constructs an LSA policy handle.
     *
     * @param handle the DCERPC handle
     * @param server the server name

	var ldapOpts []cr.LDAPIdentityOpt
	if sessionPolicyFile != "" {
		var policy string
		if f, err := os.Open(sessionPolicyFile); err != nil {
			log.Fatalf("Unable to open session policy file %s: %v", sessionPolicyFile, err)
		} else {
			bs, err := io.ReadAll(f)
			if err != nil {
				log.Fatalf("Error reading session policy file: %v", err)
			}
			policy = string(bs)
		}
		ldapOpts = append(ldapOpts, cr.LDAPIdentityPolicyOpt(policy))

}
```

Now you have successfully configured Dex IdP with MinIO.

> NOTE: Dex supports groups with external connectors so you can use `groups` as policy claim instead of `name`.

```
export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
```

and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`

## Explore Further

// error returned in IAM subsystem when policy doesn't exist.
var errNoSuchPolicy = errors.New("Specified canned policy does not exist")

// error returned when policy to be deleted is in use.
var errPolicyInUse = errors.New("Specified policy is in use and cannot be deleted.")

// error returned when more than a single policy is specified when only one is
// expected.

        }
    }

    @Nested
    @DisplayName("Policy Handle Tests")
    class PolicyHandleTests {

        @Test
        @DisplayName("Should encode policy handle correctly")
        void testPolicyHandleEncode() throws NdrException {
            // Given: A policy handle with test values
            rpc.policy_handle policyHandle = new rpc.policy_handle();

### List of Amazon S3 Bucket APIs not supported on MinIO

- BucketACL (Use [bucket policies](https://docs.min.io/community/minio-object-store/administration/identity-access-management/policy-based-access-control.html) instead)
- BucketCORS (CORS enabled by default on all buckets for all HTTP verbs, you can optionally restrict the CORS domains)

	"github.com/minio/minio/internal/bucket/replication"
	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/logger"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/policy"
)

// PutBucketReplicationConfigHandler - PUT Bucket replication configuration.
// ----------

/**
 * Default conflict resolver.Implements closer newer first policy by default, but could be configured via plexus
 *
 */
@Named
@Singleton
@Deprecated
public class DefaultGraphConflictResolver implements GraphConflictResolver {
    /**
     * artifact, closer to the entry point, is selected
     */
    @Inject
    protected GraphConflictResolutionPolicy policy;

client_id     (string)    unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"

### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.