[test](fe) Add LDAP default role coverage

### What problem does this PR solve?

Issue Number: N/A

Related PR: N/A

Problem Summary: Add FE unit coverage for LDAP default role behavior. The tests verify that blank LDAP default role entries are ignored while valid LDAP group and default roles are preserved, and that online updates of ldap_default_roles refresh LDAP user cache through Env.setMutableConfigWithCallback.

### Release note

None

### Check List (For Author)

- Test: Unit Test
    - Ran `env PATH=/private/tmp/doris-brew-shim:/opt/homebrew/bin:/usr/bin:/bin:/usr/sbin:/sbin FE_UT_PARALLEL=1 JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home CUSTOM_MVN=/Users/zhanggen/.m2/wrapper/dists/apache-maven-3.9.5-bin/32db9c34/apache-maven-3.9.5/bin/mvn ./run-fe-ut.sh --coverage --run 'org.apache.doris.mysql.authenticate.ldap.LdapManagerTest,org.apache.doris.catalog.EnvTest'`
- Behavior changed: No
- Does this need documentation: No

Author: Jungzhang

fe/fe-core/src/test/java/org/apache/doris/catalog/EnvTest.java

@@ -17,9 +17,13 @@
 
 package org.apache.doris.catalog;
 
+import org.apache.doris.common.ConfigBase;
 import org.apache.doris.common.FeConstants;
+import org.apache.doris.common.LdapConfig;
 import org.apache.doris.common.io.CountingDataOutputStream;
 import org.apache.doris.meta.MetaContext;
+import org.apache.doris.mysql.authenticate.ldap.LdapManager;
+import org.apache.doris.mysql.privilege.Auth;
 import org.apache.doris.persist.meta.MetaHeader;
 
 import org.junit.After;
@@ -36,6 +40,9 @@
 import java.io.FileOutputStream;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Random;
 
 public class EnvTest {
@@ -146,4 +153,34 @@ public void testSaveLoadHeader() throws Exception {
 
         deleteDir(dir);
     }
+
+    @Test
+    public void testSetLdapDefaultRolesConfigRefreshesLdapCache() throws Exception {
+        Env env = Mockito.spy(new Env(false));
+        Auth auth = Mockito.mock(Auth.class);
+        LdapManager ldapManager = Mockito.mock(LdapManager.class);
+        Mockito.doReturn(auth).when(env).getAuth();
+        Mockito.when(auth.getLdapManager()).thenReturn(ldapManager);
+
+        Map<String, Field> oldConfFields = ConfigBase.confFields;
+        Field oldLdapDefaultRolesField = ConfigBase.ldapConfFields.put("ldap_default_roles",
+                LdapConfig.class.getField("ldap_default_roles"));
+        String[] oldLdapDefaultRoles = LdapConfig.ldap_default_roles;
+        try {
+            ConfigBase.confFields = new HashMap<>();
+
+            env.setMutableConfigWithCallback("ldap_default_roles", "role1,role2");
+
+            Assert.assertArrayEquals(new String[] {"role1", "role2"}, LdapConfig.ldap_default_roles);
+            Mockito.verify(ldapManager).refresh(true, null);
+        } finally {
+            ConfigBase.confFields = oldConfFields;
+            if (oldLdapDefaultRolesField == null) {
+                ConfigBase.ldapConfFields.remove("ldap_default_roles");
+            } else {
+                ConfigBase.ldapConfFields.put("ldap_default_roles", oldLdapDefaultRolesField);
+            }
+            LdapConfig.ldap_default_roles = oldLdapDefaultRoles;
+        }
+    }
 }

fe/fe-core/src/test/java/org/apache/doris/mysql/authenticate/ldap/LdapManagerTest.java

@@ -60,12 +60,19 @@ private void mockClient(boolean userExist, boolean passwd, ArrayList<String> gro
     }
 
     private void mockAuth(MockedStatic<Env> envMockedStatic, Role ldapGroupRole, Role ldapDefaultRole) {
+        mockAuth(envMockedStatic, ldapGroupRole, ldapDefaultRole, true);
+    }
+
+    private void mockAuth(MockedStatic<Env> envMockedStatic, Role ldapGroupRole, Role ldapDefaultRole,
+            boolean ldapGroupRoleExists) {
         Env env = Mockito.mock(Env.class);
         Auth auth = Mockito.mock(Auth.class);
         envMockedStatic.when(Env::getCurrentEnv).thenReturn(env);
         Mockito.when(env.getAuth()).thenReturn(auth);
-        Mockito.when(auth.doesRoleExist(LDAP_GROUP_ROLE)).thenReturn(true);
-        Mockito.when(auth.getRoleByName(LDAP_GROUP_ROLE)).thenReturn(ldapGroupRole);
+        Mockito.when(auth.doesRoleExist(LDAP_GROUP_ROLE)).thenReturn(ldapGroupRoleExists);
+        if (ldapGroupRoleExists) {
+            Mockito.when(auth.getRoleByName(LDAP_GROUP_ROLE)).thenReturn(ldapGroupRole);
+        }
         Mockito.when(auth.doesRoleExist(LDAP_DEFAULT_ROLE)).thenReturn(true);
         Mockito.when(auth.getRoleByName(LDAP_DEFAULT_ROLE)).thenReturn(ldapDefaultRole);
         Mockito.when(auth.doesRoleExist(MISSING_LDAP_DEFAULT_ROLE)).thenReturn(false);
@@ -101,6 +108,63 @@ public void testCheckUserPasswd() {
         Assert.assertFalse(ldapManager.checkUserPasswd(USER2, "123"));
     }
 
+    @Test
+    public void testGetUserInfoWithLdapDefaultRolesWithoutLdapGroups() {
+        LdapManager ldapManager = new LdapManager();
+        Deencapsulation.setField(ldapManager, "ldapClient", ldapClient);
+        LdapConfig.ldap_default_roles = new String[] {LDAP_DEFAULT_ROLE, MISSING_LDAP_DEFAULT_ROLE};
+        Role ldapGroupRole = new Role(LDAP_GROUP_ROLE);
+        Role ldapDefaultRole = new Role(LDAP_DEFAULT_ROLE);
+        mockClient(true, true, new ArrayList<>());
+        try (MockedStatic<Env> envMockedStatic = Mockito.mockStatic(Env.class)) {
+            mockAuth(envMockedStatic, ldapGroupRole, ldapDefaultRole);
+
+            LdapUserInfo ldapUserInfo = ldapManager.getUserInfo(USER1);
+            Assert.assertNotNull(ldapUserInfo);
+            Assert.assertFalse(ldapUserInfo.getRoles().contains(ldapGroupRole));
+            Assert.assertTrue(ldapUserInfo.getRoles().contains(ldapDefaultRole));
+            Assert.assertEquals(2, ldapUserInfo.getRoles().size());
+        }
+    }
+
+    @Test
+    public void testGetUserInfoWithLdapDefaultRolesWhenLdapGroupRoleMissing() {
+        LdapManager ldapManager = new LdapManager();
+        Deencapsulation.setField(ldapManager, "ldapClient", ldapClient);
+        LdapConfig.ldap_default_roles = new String[] {LDAP_DEFAULT_ROLE, MISSING_LDAP_DEFAULT_ROLE};
+        Role ldapGroupRole = new Role(LDAP_GROUP_ROLE);
+        Role ldapDefaultRole = new Role(LDAP_DEFAULT_ROLE);
+        mockClient(true, true, new ArrayList<>(Arrays.asList(LDAP_GROUP_ROLE)));
+        try (MockedStatic<Env> envMockedStatic = Mockito.mockStatic(Env.class)) {
+            mockAuth(envMockedStatic, ldapGroupRole, ldapDefaultRole, false);
+
+            LdapUserInfo ldapUserInfo = ldapManager.getUserInfo(USER1);
+            Assert.assertNotNull(ldapUserInfo);
+            Assert.assertFalse(ldapUserInfo.getRoles().contains(ldapGroupRole));
+            Assert.assertTrue(ldapUserInfo.getRoles().contains(ldapDefaultRole));
+            Assert.assertEquals(2, ldapUserInfo.getRoles().size());
+        }
+    }
+
+    @Test
+    public void testGetUserInfoWithBlankLdapDefaultRoles() {
+        LdapManager ldapManager = new LdapManager();
+        Deencapsulation.setField(ldapManager, "ldapClient", ldapClient);
+        LdapConfig.ldap_default_roles = new String[] {null, "", "   ", LDAP_DEFAULT_ROLE};
+        Role ldapGroupRole = new Role(LDAP_GROUP_ROLE);
+        Role ldapDefaultRole = new Role(LDAP_DEFAULT_ROLE);
+        mockClient(true, true, new ArrayList<>(Arrays.asList(LDAP_GROUP_ROLE)));
+        try (MockedStatic<Env> envMockedStatic = Mockito.mockStatic(Env.class)) {
+            mockAuth(envMockedStatic, ldapGroupRole, ldapDefaultRole);
+
+            LdapUserInfo ldapUserInfo = ldapManager.getUserInfo(USER1);
+            Assert.assertNotNull(ldapUserInfo);
+            Assert.assertTrue(ldapUserInfo.getRoles().contains(ldapGroupRole));
+            Assert.assertTrue(ldapUserInfo.getRoles().contains(ldapDefaultRole));
+            Assert.assertEquals(3, ldapUserInfo.getRoles().size());
+        }
+    }
+
     @Test
     public void testGetUserInfoWithLdapDefaultRoles() {
         LdapManager ldapManager = new LdapManager();