Bootstrap users fix + Ldap Fix error message (#11463)

* Fix issues in Bootstrapping Admin Users

* Fix Ldap Binding Message

* Remove delete

* do not remove the user on own

* failing tests fix

* null should also add auth-mechanism

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/UserRepository.java

@@ -36,7 +36,6 @@ import org.apache.commons.csv.CSVPrinter;
 import org.apache.commons.csv.CSVRecord;
 import org.openmetadata.csv.EntityCsv;
 import org.openmetadata.schema.api.teams.CreateTeam.TeamType;
-import org.openmetadata.schema.auth.SSOAuthMechanism;
 import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
 import org.openmetadata.schema.entity.teams.Team;
 import org.openmetadata.schema.entity.teams.User;
@@ -222,19 +221,17 @@ public class UserRepository extends EntityRepository<User> {
   }
 
   public void initializeUsers(OpenMetadataApplicationConfig config) {
+    String providerType = config.getAuthenticationConfiguration().getProvider();
+    // Create Admins
     Set<String> adminUsers = new HashSet<>(config.getAuthorizerConfiguration().getAdminPrincipals());
     LOG.debug("Checking user entries for admin users {}", adminUsers);
     String domain = SecurityUtil.getDomain(config);
-    String providerType = config.getAuthenticationConfiguration().getProvider();
+    UserUtil.addUsers(providerType, adminUsers, domain, true);
-    if (providerType.equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
-      UserUtil.handleBasicAuth(adminUsers, domain);
-    } else {
-      UserUtil.addUsers(adminUsers, domain, true);
-    }
 
+    // Create Test Users
     LOG.debug("Checking user entries for test users");
     Set<String> testUsers = new HashSet<>(config.getAuthorizerConfiguration().getTestPrincipals());
-    UserUtil.addUsers(testUsers, domain, null);
+    UserUtil.addUsers(providerType, testUsers, domain, null);
   }
 
   private List<EntityReference> getOwns(User user) throws IOException {

openmetadata-service/src/main/java/org/openmetadata/service/security/auth/LdapAuthenticator.java

@@ -171,7 +171,7 @@ public class LdapAuthenticator implements AuthenticatorHandler {
     if (bindingResult != null) {
       throw new CustomExceptionMessage(INTERNAL_SERVER_ERROR, bindingResult.getResultCode().getName());
     } else {
-      throw new CustomExceptionMessage(INTERNAL_SERVER_ERROR, "Binding for User in LDAP Failed.");
+      throw new CustomExceptionMessage(INTERNAL_SERVER_ERROR, INVALID_EMAIL_PASSWORD);
     }
   }
 

openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java

@@ -26,6 +26,7 @@ import static org.openmetadata.service.Entity.ADMIN_USER_NAME;
 
 import at.favre.lib.crypto.bcrypt.BCrypt;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
@@ -51,46 +52,57 @@ import org.openmetadata.service.security.jwt.JWTTokenGenerator;
 
 @Slf4j
 public final class UserUtil {
-  private static final String COLON_DELIMITER = ":";
 
-  public static void handleBasicAuth(Set<String> adminUsers, String domain) {
+  public static void addUsers(String providerType, Set<String> adminUsers, String domain, Boolean isAdmin) {
     try {
-      for (String adminUser : adminUsers) {
+      for (String username : adminUsers) {
-        if (adminUser.contains(COLON_DELIMITER)) {
+        createOrUpdateUser(providerType, username, domain, isAdmin);
-          String[] tokens = adminUser.split(COLON_DELIMITER);
-          addUserForBasicAuth(tokens[0], tokens[1], domain);
-        } else {
-          boolean isDefaultAdmin = adminUser.equals(ADMIN_USER_NAME);
-          String token = PasswordUtil.generateRandomPassword();
-          if (isDefaultAdmin) {
-            token = ADMIN_USER_NAME;
-          }
-          addUserForBasicAuth(adminUser, token, domain);
-        }
       }
-    } catch (IOException e) {
+    } catch (Exception ex) {
-      LOG.error("Failed in Basic Auth Setup. Reason : {}", e.getMessage());
+      LOG.error("[BootstrapUser] Encountered Exception while bootstrapping admin user", ex);
     }
   }
 
-  public static void addUserForBasicAuth(String username, String pwd, String domain) throws IOException {
+  private static void createOrUpdateUser(String providerType, String username, String domain, Boolean isAdmin)
+      throws IOException {
     UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
+    User updatedUser;
     try {
-      List<String> fields = List.of("profile", "roles", "teams", "authenticationMechanism", "isEmailVerified");
+      // Create Required Fields List
-      User originalUser = userRepository.getByName(null, username, new EntityUtil.Fields(fields));
+      List<String> fieldList = new ArrayList<>(userRepository.getPatchFields().getFieldList());
-      if (originalUser.getAuthenticationMechanism() == null) {
+      fieldList.add("authenticationMechanism");
-        updateBasicAuthUser(originalUser, pwd);
-      }
-    } catch (EntityNotFoundException e) {
-      User user = user(username, domain, username).withIsAdmin(true).withIsEmailVerified(true);
-      updateBasicAuthUser(user, pwd);
-    }
-  }
 
-  private static void updateBasicAuthUser(User user, String pwd) {
+      // Fetch Original User, is available
-    updateUserWithHashedPwd(user, pwd);
+      User originalUser = userRepository.getByName(null, username, new EntityUtil.Fields(fieldList));
-    addOrUpdateUser(user);
+      updatedUser = originalUser;
-    EmailUtil.sendInviteMailToAdmin(user, pwd);
+
+      // Update Auth Mechanism if not present, and send mail to the user
+      if (providerType.equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
+        if (originalUser.getAuthenticationMechanism() == null
+            || originalUser.getAuthenticationMechanism().equals(new AuthenticationMechanism())) {
+          updateUserWithHashedPwd(updatedUser, ADMIN_USER_NAME);
+          EmailUtil.sendInviteMailToAdmin(updatedUser, ADMIN_USER_NAME);
+        }
+      } else {
+        updatedUser.setAuthenticationMechanism(new AuthenticationMechanism());
+      }
+
+      // Update the specific fields isAdmin
+      updatedUser.setIsAdmin(isAdmin);
+
+      // user email
+      updatedUser.setEmail(String.format("%s@%s", username, domain));
+    } catch (EntityNotFoundException e) {
+      updatedUser = user(username, domain, username).withIsAdmin(isAdmin).withIsEmailVerified(true);
+      // Update Auth Mechanism if not present, and send mail to the user
+      if (providerType.equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
+        updateUserWithHashedPwd(updatedUser, ADMIN_USER_NAME);
+        EmailUtil.sendInviteMailToAdmin(updatedUser, ADMIN_USER_NAME);
+      }
+    }
+
+    // Update the user
+    addOrUpdateUser(updatedUser);
   }
 
   public static void updateUserWithHashedPwd(User user, String pwd) {
@@ -101,13 +113,6 @@ public final class UserUtil {
             .withConfig(new BasicAuthMechanism().withPassword(hashedPwd)));
   }
 
-  public static void addUsers(Set<String> users, String domain, Boolean isAdmin) {
-    for (String userName : users) {
-      User user = user(userName, domain, userName).withIsAdmin(isAdmin);
-      addOrUpdateUser(user);
-    }
-  }
-
   public static User addOrUpdateUser(User user) {
     UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
     try {