From 13d2f872fff56fe78ba15e8801416fc427cc7816 Mon Sep 17 00:00:00 2001
From: ratcashdev <developer@ratcash.net>
Date: Thu, 17 Mar 2016 13:37:25 +0100
Subject: [PATCH] KEYCLOAK-2679: Fix when importing empty uniqueMember
 attributes

---
 .../org/keycloak/federation/ldap/idm/model/LDAPDn.java   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index a872b77811..b8401de615 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -34,7 +34,14 @@ public class LDAPDn {
 
     public static LDAPDn fromString(String dnString) {
         LDAPDn dn = new LDAPDn();
-
+        
+        // In certain OpenLDAP implementations the uniqueMember attribute is mandatory
+        // Thus, if a new group is created, it will contain an empty uniqueMember attribute
+        // Later on, when adding members, this empty attribute will be kept
+        // Keycloak must be able to process it, properly, w/o throwing an ArrayIndexOutOfBoundsException
+        if(dnString.trim().isEmpty())
+            return dn;
+        
         String[] rdns = dnString.split("(?<!\\\\),");
         for (String entryStr : rdns) {
             String[] rdn = entryStr.split("(?<!\\\\)=");