* Looks like the failure case also is just reflecting back the signature we sent
         */

        /**
         * Maybe this is related:
         *
         * If signing is not active, the SecuritySignature field of the SMB Header for all messages sent, except
         * the SMB_COM_SESSION_SETUP_ANDX Response (section 2.2.4.53.2), MUST be set to

		sys.metadataMap[buckets[i]] = meta
	}
	sys.Unlock()

	for i, meta := range bucketMetas {
		if errs[i] != nil {
			continue
		}
		globalEventNotifier.set(buckets[i], meta)   // set notification targets
		globalBucketTargetSys.set(buckets[i], meta) // set remote replication targets
	}
}

func (sys *BucketMetadataSys) refreshBucketsMetadataLoop(ctx context.Context) {
	const bucketMetadataRefresh = 15 * time.Minute

- Once obtained the JWT id_token is further sent to STS endpoint i.e MinIO to retrieve temporary credentials.
- Temporary credentials are displayed on the browser upon successful retrieval.

## Using MinIO Console

To support WebIdentity based login for MinIO Console, set openid configuration and restart MinIO

```
mc admin config set myminio identity_openid config_url="<CONFIG_URL>" client_id="<client_identifier>"

	ReplicationSourceRetentionTimestamp time.Time // set if MinIOSourceObjectRetentionTimestamp received
	DeletePrefix                        bool      // set true to enforce a prefix deletion, only application for DeleteObject API,
	DeletePrefixObject                  bool      // set true when object's erasure set is resolvable by object name (using getHashedSetIndex)

		}
	}
	return nonExistentUsers, nil
}

// LookupGroupMemberships - for each DN finds the set of LDAP groups they are a
// member of.
func (l *Config) LookupGroupMemberships(userDistNames []string, userDNToUsernameMap map[string]string) (map[string]set.StringSet, error) {
	conn, err := l.LDAP.Connect()
	if err != nil {
		return nil, err
	}
	defer conn.Close()

  sufficient copyright rights in its Contribution, if any, to grant
  the copyright license set forth in this Agreement.

  e) Notwithstanding the terms of any Secondary License, no
  Contributor makes additional grants to any Recipient (other than
  those set forth in this Agreement) as a result of such Recipient's
  receipt of the Program under the terms of a Secondary License

type MSS map[string]string

// Get returns the value for the given key.
func (m *MSS) Get(key string) string {
	if m == nil {
		return ""
	}
	return (*m)[key]
}

// Set a key, value pair.
func (m *MSS) Set(key, value string) {
	if m == nil {
		*m = mssPool.Get()
	}
	(*m)[key] = value
}

// UnmarshalMsg deserializes m from the provided byte slice and returns the
// remainder of bytes.

	if !globalIAMSys.LDAPConfig.Enabled() {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminLDAPNotEnabled), r.URL)
		return
	}

	// Find the user for the request sender (as it may be sent via a service
	// account or STS account):
	requestorUser := cred.AccessKey
	requestorParentUser := cred.AccessKey
	requestorGroups := cred.Groups
	requestorIsDerivedCredential := false

// uint32 is the set of all unsigned 32-bit integers.
// Range: 0 through 4294967295.
type uint32 uint32

// uint64 is the set of all unsigned 64-bit integers.
// Range: 0 through 18446744073709551615.
type uint64 uint64

// int8 is the set of all signed 8-bit integers.
// Range: -128 through 127.
type int8 int8

// int16 is the set of all signed 16-bit integers.
// Range: -32768 through 32767.
type int16 int16

#### OpenAPI and JSON Schema { #openapi-and-json-schema }

OpenAPI defines an API schema for your API. And that schema includes definitions (or "schemas") of the data sent and received by your API using **JSON Schema**, the standard for JSON data schemas.

#### Check the `openapi.json` { #check-the-openapi-json }