[jira] [Work logged] (KNOX-3351) LDAP roles lookup isn't working when user has no group

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3351?focusedWorklogId=1025352&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1025352
 ]

ASF GitHub Bot logged work on KNOX-3351:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Jun/26 07:59
            Start Date: 16/Jun/26 07:59
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #1266:
URL: https://github.com/apache/knox/pull/1266

   [KNOX-3351](https://issues.apache.org/jira/browse/KNOX-3351) - Resolve LDAP 
roles for users with no groups
   
   ## What changes were proposed in this pull request?
   
   Modified `AbstractAuthResource` to ensure that LDAP role lookup is performed 
even if the user does not belong to any groups. 
   
   Key changes:
      - Moved the `lookupRoles` call outside of the 
`matchingGroupNames.isEmpty()` check to allow role resolution for users with 
zero groups.
      - Updated the header addition logic to trigger if either groups or roles 
are present
      - Refactored `lookupRoles` to consistently return an empty collection 
instead of `null`, simplifying the downstream logic and avoiding 
`NullPointerException` risks.
   
   This ensures that users with no groups can still have their roles resolved 
and included in the `X-Knox-Actor-Groups` headers.
   
   ## How was this patch tested?
   
   Verified the logic change ensures `lookupRoles` is invoked even when the 
initial group set is empty (by running existing unit tests).
   
   ## Integration Tests
   N/A
   
   ## UI changes
   N/A




Issue Time Tracking
-------------------

            Worklog Id:     (was: 1025352)
    Remaining Estimate: 0h
            Time Spent: 10m

> LDAP roles lookup isn't working when user has no group
> ------------------------------------------------------
>
>                 Key: KNOX-3351
>                 URL: https://issues.apache.org/jira/browse/KNOX-3351
>             Project: Apache Knox
>          Issue Type: Bug
>    Affects Versions: 3.0.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There is an issue with the recently introduced LDAP roles lookup: if the user 
> has no group, Knox's doesn't resolve associated roles.
> I got to know that our reference LDAP roles lookup service's contract allows 
> us to pass the userId with an empty group array and reply back with the roles 
> -> we should fix this issue in the KNOX-AUTH service.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)