LDAP User import with privileges and profile broken #8947
Description
Issue Description:
I am unable to import users from LDAP using pre-configured defaults, instead, users are given Registered User role:
My LDAP overrides file contains:
ldapUserContextMapper.mapping[privilege]=,CSIRO
ldapUserContextMapper.mapping[profile]=,Editor
I.e., My intention is for every user logging in via ldap to be automatically added to the CSIRO group with role Editor. And for them to have user profile Editor too.
Explanation of cause
This is because the following if statement clauses never execute as true
https://github.com/geonetwork/core-geonetwork/blob/main/core/src/main/java/org/fao/geonet/kernel/security/ldap/LDAPUserDetailsContextMapper.java#L67
and also
https://github.com/geonetwork/core-geonetwork/blob/main/core/src/main/java/org/fao/geonet/kernel/security/ldap/AbstractLDAPUserDetailsContextMapper.java#L147
They do not execute as true because the user profile has a default setting of RegisteredUser set here:
https://github.com/geonetwork/core-geonetwork/blob/main/domain/src/main/java/org/fao/geonet/domain/LDAPUser.java#L46
and also here,
https://github.com/geonetwork/core-geonetwork/blob/main/domain/src/main/java/org/fao/geonet/domain/User.java#L70
- GeoNetwork Version [4.4.7]
I have made a workaround for my purposes here: Rosspetcsiro#1
But I am not sure what the correct / best fix could be. Perhaps its better to remove the default profiles, but this may have other breaking changes. I have noticed that with my fix to always evaluate those blocks (by setting true as the logical expression) the users profile is not reverted down to Editor if I grant them (as an admin) a higher role first like Reviewer. However, if i remove Editor, they will be given Editor again on next log in. This is ok for me.