diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java index 239639c820..a872b77811 100644 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java @@ -23,6 +23,8 @@ import java.util.LinkedList; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.naming.ldap.Rdn; + /** * @author Marek Posolda */ @@ -127,7 +129,7 @@ public class LDAPDn { } public void addFirst(String rdnName, String rdnValue) { - rdnValue = escape(rdnValue); + rdnValue = Rdn.escapeValue(rdnValue); entries.addFirst(new Entry(rdnName, rdnValue)); } @@ -135,26 +137,6 @@ public class LDAPDn { entries.addLast(new Entry(rdnName, rdnValue)); } - // Need to escape "john,dot" to be "john\,dot" - private String escape(String rdnValue) { - if (rdnValue.contains(",")) { - StringBuilder result = new StringBuilder(); - boolean first = true; - for (String split : rdnValue.split(",")) { - if (!first) { - result.append("\\,"); - } else { - first = false; - } - result.append(split); - } - return result.toString(); - } else { - return rdnValue; - } - } - - private static class Entry { private final String attrName; private final String attrValue; diff --git a/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java b/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java index cd7938c758..620a1665af 100644 --- a/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java +++ b/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java @@ -31,9 +31,9 @@ public class LDAPDnTest { dn.addFirst("ou", "People"); Assert.assertEquals("ou=People,dc=keycloak,dc=org", dn.toString()); - dn.addFirst("uid", "Johny,Depp"); - Assert.assertEquals("uid=Johny\\,Depp,ou=People,dc=keycloak,dc=org", dn.toString()); - Assert.assertEquals(LDAPDn.fromString("uid=Johny\\,Depp,ou=People,dc=keycloak,dc=org"), dn); + dn.addFirst("uid", "Johny,Depp+Pepp"); + Assert.assertEquals("uid=Johny\\,Depp\\+Pepp,ou=People,dc=keycloak,dc=org", dn.toString()); + Assert.assertEquals(LDAPDn.fromString("uid=Johny\\,Depp\\+Pepp,ou=People,dc=keycloak,dc=org"), dn); Assert.assertEquals("ou=People,dc=keycloak,dc=org", dn.getParentDn()); @@ -44,6 +44,6 @@ public class LDAPDnTest { Assert.assertFalse(dn.isDescendantOf(dn)); Assert.assertEquals("uid", dn.getFirstRdnAttrName()); - Assert.assertEquals("Johny\\,Depp", dn.getFirstRdnAttrValue()); + Assert.assertEquals("Johny\\,Depp\\+Pepp", dn.getFirstRdnAttrValue()); } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java index f6c59b049d..273a1250bf 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java @@ -405,6 +405,9 @@ public class FederationProvidersIntegrationTest { if (!skip) { LDAPObject johnComma = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,comma", "John", "Comma", "johncomma@email.org", null, "12387"); FederationTestUtils.updateLDAPPassword(ldapFedProvider, johnComma, "Password1"); + + LDAPObject johnPlus = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john+plus,comma", "John", "Plus", "johnplus@email.org", null, "12387"); + FederationTestUtils.updateLDAPPassword(ldapFedProvider, johnPlus, "Password1"); } } finally { keycloakRule.stopSession(session, false); @@ -413,6 +416,7 @@ public class FederationProvidersIntegrationTest { if (!skip) { // Try to import the user with comma in username into Keycloak loginSuccessAndLogout("john,comma", "Password1"); + loginSuccessAndLogout("john+plus,comma", "Password1"); } }