Fix NPE in LDAPAuthorizationBackend when rolesearch disabled

src/main/java/org/opensearch/security/auth/ldap/backend/LDAPAuthorizationBackend.java

@@ -832,17 +832,17 @@ public User addRoles(User user, AuthenticationContext context) throws OpenSearch
                 userRoleAttributeValue = Utils.getSingleStringValue(userRoleAttribute);
             }
 
+            if (connection == null) {
+                connection = getConnection(settings, configPath);
+            }
+
             if (rolesearchEnabled) {
                 String escapedDn = dn;
 
                 if (isDebugEnabled) {
                     log.debug("DBGTRACE (8): escapedDn" + escapedDn);
                 }
 
-                if (connection == null) {
-                    connection = getConnection(settings, configPath);
-                }
-
                 for (Map.Entry<String, Settings> roleSearchSettingsEntry : roleBaseSettings) {
                     Settings roleSearchSettings = roleSearchSettingsEntry.getValue();
 
@@ -902,10 +902,6 @@ public User addRoles(User user, AuthenticationContext context) throws OpenSearch
                         continue;
                     }
 
-                    if (connection == null) {
-                        connection = getConnection(settings, configPath);
-                    }
-
                     final Set<LdapName> nestedRoles = resolveNestedRoles(
                         roleLdapName,
                         connection,

src/test/java/org/opensearch/security/auth/ldap/LdapBackendTestNewStyleConfig.java

@@ -725,6 +725,29 @@ public void testLdapAuthorizationNestedAttrNoRoleSearch() throws Exception {
         MatcherAssert.assertThat(user.getRoles(), hasItem("rolemo4"));
     }
 
+    @Test
+    public void testLdapAuthorizationRolesearchDisabledWithLdapAuthContext() throws Exception {
+        final Settings settings = Settings.builder()
+            .putList(ConfigConstants.LDAP_HOSTS, "localhost:" + ldapPort)
+            .put("users.u1.search", "(uid={0})")
+            .put("users.u1.base", "ou=people,o=TEST")
+            .put("roles.g1.base", "ou=groups,o=TEST")
+            .put(ConfigConstants.LDAP_AUTHZ_ROLENAME, "cn")
+            .put(ConfigConstants.LDAP_AUTHZ_ROLESEARCH_ENABLED, false)
+            .put(ConfigConstants.LDAP_AUTHZ_USERROLENAME, "description")
+            .build();
+
+        AuthenticationContext context = ctx("spock", "spocksecret");
+        User user = new LDAPAuthenticationBackend(settings, null).authenticate(context);
+        user = new LDAPAuthorizationBackend(settings, null).addRoles(user, context);
+
+        Assert.assertNotNull(user);
+        assertThat(user.getName(), is("cn=Captain Spock,ou=people,o=TEST"));
+        assertThat(user.getRoles().size(), is(2));
+        Assert.assertTrue(user.getRoles().contains("dummyempty"));
+        Assert.assertTrue(user.getRoles().contains("rolemo4"));
+    }
+
     @Test
     public void testCustomAttributes() throws Exception {