diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java index 94014fa8bf..39e7d9762a 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java @@ -50,7 +50,11 @@ public class LDAPDn { String[] rdns = dnString.split("(?1) { + dn.addLast(rdn[0].trim(), rdn[1].trim()); + } else { + dn.addLast(rdn[0].trim(), ""); + } } return dn; diff --git a/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java b/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java index d749c13530..9035ea6f79 100644 --- a/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java +++ b/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java @@ -47,6 +47,25 @@ public class LDAPDnTest { Assert.assertEquals("Johny,Depp+Pepp\\Foo", dn.getFirstRdnAttrValue()); } + @Test + public void testEmptyRDN() throws Exception { + LDAPDn dn = LDAPDn.fromString("dc=keycloak, dc=org"); + dn.addFirst("ou", ""); + + Assert.assertEquals("ou", dn.getFirstRdnAttrName()); + Assert.assertEquals("", dn.getFirstRdnAttrValue()); + + Assert.assertEquals("ou=,dc=keycloak,dc=org", dn.toString()); + + dn.addFirst("uid", "Johny,Depp+Pepp\\Foo"); + Assert.assertEquals("uid=Johny\\,Depp\\+Pepp\\\\Foo,ou=,dc=keycloak,dc=org", dn.toString()); + + dn = LDAPDn.fromString("uid=Johny\\,Depp\\+Pepp\\\\Foo,ou=,O=keycloak,C=org"); + Assert.assertTrue(dn.isDescendantOf(LDAPDn.fromString("ou=, O=keycloak,C=org"))); + Assert.assertTrue(dn.isDescendantOf(LDAPDn.fromString("OU=, o=keycloak,c=org"))); + Assert.assertFalse(dn.isDescendantOf(LDAPDn.fromString("ou=People, O=keycloak,C=org"))); + } + @Test public void testCorrectEscape() throws Exception { LDAPDn dn = LDAPDn.fromString("dc=keycloak, dc=org");