}

	if isAll && len(userList) > 0 {
		// This should be checked on client side, so return generic error
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)
		return
	}

	// Empty DN list and not self, list access keys for all users
	if isAll {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.ListUsersAdminAction,

labels.ldapProviderUrl=LDAP URL
labels.ldapSecurityPrincipal=User DN
labels.ldapAdminSecurityPrincipal=Bind DN
labels.ldapAdminSecurityCredentials=パスワード
labels.ldapBaseDn=Base DN
labels.ldap_provider_url=LDAP URL
labels.ldap_security_principal=User DN
labels.ldap_admin_security_principal=Bind DN
labels.ldap_admin_security_credentials=パスワード
labels.ldap_base_dn=Base DN
labels.ldapAccountFilter=アカウントフィルタ
labels.ldapGroupFilter=グループフィルタ

ldap.admin.user.filter=uid\=%s
# Base DN for LDAP admin user.
ldap.admin.user.base.dn=ou\=People,dc\=fess,dc\=codelibs,dc\=org
# Object classes for LDAP admin user.
ldap.admin.user.object.classes=organizationalPerson,top,person,inetOrgPerson
# Role filter for LDAP admin.
ldap.admin.role.filter=cn\=%s
# Base DN for LDAP admin role.
ldap.admin.role.base.dn=ou\=Role,dc\=fess,dc\=codelibs,dc\=org

          throw SSLPeerUnverifiedException(
            """
            |Hostname ${address.url.host} not verified:
            |    certificate: ${CertificatePinner.pin(cert)}
            |    DN: ${cert.subjectDN.name}
            |    subjectAltNames: ${OkHostnameVerifier.allSubjectAltNames(cert)}
            """.trimMargin(),
          )
        } else {
          throw SSLPeerUnverifiedException(

Create a file called `cert.cnf` with the content below. This file contains all of the information necessary to generate a certificate using `certtool.exe`:

```
# X.509 Certificate options
#
# DN options

# The organization of the subject.
organization = "Example Inc."

# The organizational unit of the subject.
#unit = "sleeping dept."

# The state of the certificate owner.
state = "Example"

    // LDAP Configuration Constants
    // ============================================================

    /** LDAP base DN configuration key. */
    public static final String LDAP_BASE_DN = "ldap.base.dn";

    /** LDAP security principal configuration key. */
    public static final String LDAP_SECURITY_PRINCIPAL = "ldap.security.principal";

¹ô‡‰O/>§MetaSys ¼x-minio-internal-inline-dataÄ true§MetaUsr‚¬content-type­text/markdown¤etagÙ 4af243ccccbadaf12545¡vÎeçnÐδg»Ä ¤nullÅ%uûc¿“êíûO á §hÁ¿ÂÄ·Î,2ù ÞV² 6R6u2·¾ çò] „ ]iyýYVa~v„ yûJEØέ¡ µXiA[5¦dN@^Í ¯µA~eMýªi}d g )Õv mý…vMFe¯Õ~c›?ª~^tBK’1•_VIwY¸÷s`”SU©¤ ‹' ñmwON¾ MhzÕ}ªd Ð{œ™¡û=M°sR_eô*Kºim¿ðñ)cKÖ»`w~h]» ûzq]»oeRa{®}Úk ãh'wg­œ¸Ž–Œ ;/²XDBbÕÔ£­* æœ~Yuý%r°C[S»Ö÷is`g 1}gp i»³ ·# Tqc}~Gi% `nÄÐ{œ™¡ûué&Ojg}nFO&ûo½æËìaK£XqCïR_K7Y ,Fñ 0±›lPÃïÝ-²ø* BIÜï1#_^^uB¸å7i¹}û,W{•[ixU !v\YF—ÃýËF}J- › 3)%ÄÌ1±3‰c`...

	issClaim = "iss"

	// JWT claim to check the parent user
	parentClaim = "parent"

	// LDAP claim keys
	ldapUser       = "ldapUser"       // this is a key name for a normalized DN value
	ldapActualUser = "ldapActualUser" // this is a key name for the actual DN value
	ldapUserN      = "ldapUsername"   // this is a key name for the short/login username
	// Claim key-prefix for LDAP attributes
	ldapAttribPrefix = "ldapAttrib_"

    public static final String LABELS_LDAP_PROVIDER_URL = "{labels.ldapProviderUrl}";

    /** The key of the message: User DN */
    public static final String LABELS_LDAP_SECURITY_PRINCIPAL = "{labels.ldapSecurityPrincipal}";

    /** The key of the message: Bind DN */
    public static final String LABELS_LDAP_ADMIN_SECURITY_PRINCIPAL = "{labels.ldapAdminSecurityPrincipal}";

		for k, v := range cred.Claims {
			if k == expClaim {
				continue
			}
			opts.claims[k] = v
		}
	} else if globalIAMSys.LDAPConfig.Enabled() {
		// In case of LDAP we need to resolve the targetUser to a DN and
		// query their groups:
		opts.claims[ldapUserN] = targetUser // simple username
		var lookupResult *xldap.DNSearchResult
		lookupResult, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser)