@vzakaznikov Should we add a test for this case?

1. the ldap server is configured as a user directory in clickhouse
2. typical role mapping is configured there, with a clickhouse_ prefix
3. user1 user exists only in ldap
4. role1 role exists in clickhouse
5. unknown role does not exist in clickhouse
6. user1 is a member of clickhouse_role1 group in ldap initially
7. user1 logs in successfully (show grants shows only role1), then logs out
8. user1 also becomes a member of clickhouse_unknown group in ldap (clickhouse server process is not restarted during this)
9. user1 should be able to log in successfully again (with show grants still showing only role1)

@Mergifyio update

Command update: success

Branch has been successfully updated

@vzakaznikov Should we add a test for this case?

1. the ldap server is configured as a user directory in clickhouse
2. typical role mapping is configured there, with a clickhouse_ prefix
3. user1 user exists only in ldap
4. role1 role exists in clickhouse
5. unknown role does not exist in clickhouse
6. user1 is a member of clickhouse_role1 group in ldap initially
7. user1 logs in successfully (show grants shows only role1), then logs out
8. user1 also becomes a member of clickhouse_unknown group in ldap (clickhouse server process is not restarted during this)
9. user1 should be able to log in successfully again (with show grants still showing only role1)

Yes, I can add an explicit test case for this. Also, we need to compare this scenario to xfailed test cases we already have. Right now LDAP tests are disabled in CI/CD, therefore you need to run them manually to check if there are no regressions.

@Mergifyio update

Command update: success

Branch has been successfully updated

@traceon, see 33f270c for the new test.