[BACKPORT-2025.1.3][PLAT-19739]Skip updating roleBindings if old user is being used

Summary:
**Issue**
After enabling RBAC, YBA does not persist role changes that it overrides for LDAP users when the role lookup fails.
Refer - https://docs.yugabyte.com/stable/yugabyte-platform/administer-yugabyte-platform/ldap-authentication/#role-assignment

**Fix**
The fix skips the roleBinding reset in the unique case where the user’s role is not determined in the current session.

Test Plan:
  - Configure LDAP auth -> Login with a user with no role -> (YBA defaults to readOnly) -> Login as superAdmin -> modify the role -> login again as ldap user -> role change is being persisted

Reviewers: skurapati

Reviewed By: skurapati

Subscribers: yugaware, skurapati

Differential Revision: https://phorge.dev.yugabyte.com/D50577

Author: Arpit-yb

managed/src/main/java/com/yugabyte/yw/common/LdapUtil.java

@@ -629,6 +629,7 @@ public Users authViaLDAP(String email, String password, LdapConfiguration ldapCo
       }
 
       Users oldUser = Users.find.query().where().eq("email", email).findOne();
+      boolean shouldUpdateRoleBindings = true;
 
       if (oldUser != null) {
         /* If we find a valid role from LDAP then assign that to this user and disallow further
@@ -651,6 +652,10 @@ public Users authViaLDAP(String email, String password, LdapConfiguration ldapCo
           log.warn("No valid role could be ascertained, defaulting to {}.", roleToAssign);
           oldUser.setRole(roleToAssign);
           oldUser.setLdapSpecifiedRole(false);
+        } else {
+          // Preserve the existing admin-set role, no need to update role bindings
+          log.debug("Using existing role: {}", oldUser.getRole().name());
+          shouldUpdateRoleBindings = false;
         }
         users = oldUser;
       } else {
@@ -674,14 +679,15 @@ public Users authViaLDAP(String email, String password, LdapConfiguration ldapCo
       users.setGroupMemberships(groupMemberships);
       users.save();
 
-      if (ldapConfiguration.isUseNewRbacAuthz()) {
+      if (ldapConfiguration.isUseNewRbacAuthz() && shouldUpdateRoleBindings) {
         log.debug("Using new RBAC authorization...");
+        String roleName = users.getRole().name();
         List<RoleBinding> currentRoleBindings = RoleBinding.getAll(users.getUuid());
         currentRoleBindings.stream().forEach(rB -> rB.delete());
         com.yugabyte.yw.models.rbac.Role newRbacRole =
-            com.yugabyte.yw.models.rbac.Role.get(users.getCustomerUUID(), roleToAssign.name());
+            com.yugabyte.yw.models.rbac.Role.get(users.getCustomerUUID(), roleName);
         if (newRbacRole != null) {
-          log.debug("Found role with name: {}", roleToAssign.name());
+          log.debug("Found role with name: {}", roleName);
           ResourceGroup rG =
               ResourceGroup.getSystemDefaultResourceGroup(users.getCustomerUUID(), users);
           RoleBinding createdRoleBinding =
@@ -690,7 +696,7 @@ public Users authViaLDAP(String email, String password, LdapConfiguration ldapCo
             log.debug("Created role binding: {}", createdRoleBinding);
           }
         } else {
-          throw new RuntimeException(String.format("No role with the name: %s found", role));
+          throw new RuntimeException(String.format("No role with the name: %s found", roleName));
         }
       }
       DB.commitTransaction();