[PR] [improvement](fe) Support LDAP default roles [doris]

[via GitHub]

Jungzhang opened a new pull request, #63411:
URL: https://github.com/apache/doris/pull/63411

   ### What problem does this PR solve?
   
   Issue Number: N/A
   
   Related PR: N/A
   
   Problem Summary:
   
   LDAP temporary users could only receive roles mapped from LDAP groups and 
the built-in information_schema-only role. This PR adds `ldap_default_roles` so 
every LDAP-authenticated user can receive configured Doris roles while still 
keeping LDAP group roles.
   
   ### Release note
   
   Support configuring default Doris roles for LDAP-authenticated users through 
`ldap_default_roles`.
   
   ### Check List (For Author)
   
   - Test <!-- At least one of them must be included. -->
       - [ ] Regression test
       - [x] Unit Test
           - Ran `env 
PATH=/private/tmp/doris-brew-shim:/opt/homebrew/bin:/usr/bin:/bin:/usr/sbin:/sbin
 FE_UT_PARALLEL=1 
JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home 
CUSTOM_MVN=/Users/zhanggen/.m2/wrapper/dists/apache-maven-3.9.5-bin/32db9c34/apache-maven-3.9.5/bin/mvn
 ./run-fe-ut.sh --run 
'org.apache.doris.mysql.authenticate.ldap.LdapManagerTest#testGetUserInfoWithLdapDefaultRoles'`
           - Ran `env 
PATH=/private/tmp/doris-brew-shim:/opt/homebrew/bin:/usr/bin:/bin:/usr/sbin:/sbin
 FE_UT_PARALLEL=1 
JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home 
CUSTOM_MVN=/Users/zhanggen/.m2/wrapper/dists/apache-maven-3.9.5-bin/32db9c34/apache-maven-3.9.5/bin/mvn
 ./run-fe-ut.sh --run org.apache.doris.mysql.authenticate.ldap.LdapManagerTest`
           - Ran `env 
JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home 
/Users/zhanggen/.m2/wrapper/dists/apache-maven-3.9.5-bin/32db9c34/apache-maven-3.9.5/bin/mvn
 checkstyle:check -pl fe-core`
       - [ ] Manual test
       - [ ] No need to test or manual test. Explain why:
           - [ ] This is a refactor/code format and no logic has been changed.
           - [ ] Previous test can cover this change.
           - [ ] No code files have been changed.
           - [ ] Other reason
   
   - Behavior changed:
       - [ ] No.
       - [x] Yes. LDAP-authenticated users can receive configured default Doris 
roles in addition to LDAP group roles, and online updates of 
`ldap_default_roles` refresh the LDAP user cache.
   
   - Does this need documentation?
       - [ ] No.
       - [x] Yes. Added `ldap_default_roles` entry in `conf/ldap.conf`.
   
   ### Check List (For Reviewer who merge this PR)
   
   - [ ] Confirm the release note
   - [ ] Confirm test cases
   - [ ] Confirm document
   - [ ] Add branch pick label


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org