From ea73bf9510726b247c57798da961e6f95cbd2baf Mon Sep 17 00:00:00 2001
From: Hardy <luohoufu@infinilabs.com>
Date: Thu, 13 Feb 2025 23:18:21 +0800
Subject: [PATCH] feat: add default roles to LDAP config (#114) (#130)

* chore: add anonymous roles to fix the issue (#114)

* docs: add release notes

* chore: change config key

* docs: update release notes

* chore: update comment

---------

Co-authored-by: hardy <luohf@infinilabs.com>
---
 docs/content.en/docs/release-notes/_index.md | 1 +
 docs/content.zh/docs/release-notes/_index.md | 1 +
 modules/security/realm/authc/ldap/ldap.go    | 6 +++++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/content.en/docs/release-notes/_index.md b/docs/content.en/docs/release-notes/_index.md
index fe2d282e..2d70da26 100644
--- a/docs/content.en/docs/release-notes/_index.md
+++ b/docs/content.en/docs/release-notes/_index.md
@@ -25,6 +25,7 @@ Information about release notes of INFINI Console is provided here.
 - Add Copy request to alerting chart
 - Add credential settings for agent in enrolling agent
 - Add collection mode to cluster editing
+- Add default roles to fix the issue (#114) (#130)
 
 ## 1.28.1 (2025-01-24)
 
diff --git a/docs/content.zh/docs/release-notes/_index.md b/docs/content.zh/docs/release-notes/_index.md
index 9db422c1..19271bc9 100644
--- a/docs/content.zh/docs/release-notes/_index.md
+++ b/docs/content.zh/docs/release-notes/_index.md
@@ -23,6 +23,7 @@ title: "版本历史"
 - 在注册 Agent 中新增 Agent 凭据设置
 - 在集群编辑中新增采集模式
 - 当使用 Easysearch 存储指标时，自动为系统集群创建 Agent 指标写入最小权限用户 (#120)
+- 修复 LDAP 用户映射增加默认权限组 (#114) (#130)
 
 ## 1.28.1 (2025-01-24)
 
diff --git a/modules/security/realm/authc/ldap/ldap.go b/modules/security/realm/authc/ldap/ldap.go
index 88e16fe7..6ee2fe93 100644
--- a/modules/security/realm/authc/ldap/ldap.go
+++ b/modules/security/realm/authc/ldap/ldap.go
@@ -48,7 +48,8 @@ type LDAPConfig struct {
 	UidAttribute   string `config:"uid_attribute"`
 	GroupAttribute string `config:"group_attribute"`
 
-	RoleMapping struct {
+	DefaultRoles []string `config:"default_roles"`
+	RoleMapping  struct {
 		Group map[string][]string `config:"group"`
 		Uid   map[string][]string `config:"uid"`
 	} `config:"role_mapping"`
@@ -93,6 +94,9 @@ func (r *LDAPRealm) mapLDAPRoles(authInfo auth.Info) []string {
 		}
 	}
 
+	//auto append default roles
+	ret = append(ret, r.config.DefaultRoles...)
+
 	return ret
 }