diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml
index bc60afed58..0043d9aefe 100755
--- a/federation/ldap/pom.xml
+++ b/federation/ldap/pom.xml
@@ -52,6 +52,11 @@
             <artifactId>jboss-logging</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index f1cd3414d8..a7cf098702 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -1,5 +1,6 @@
 package org.keycloak.federation.ldap.idm.model;
 
+import java.util.Collection;
 import java.util.Deque;
 import java.util.LinkedList;
 import java.util.regex.Matcher;
@@ -26,6 +27,10 @@ public class LDAPDn {
 
     @Override
     public String toString() {
+        return toString(entries);
+    }
+
+    private static String toString(Collection<Entry> entries) {
         StringBuilder builder = new StringBuilder();
 
         boolean first = true;
@@ -62,7 +67,9 @@ public class LDAPDn {
      * @return string like "dc=something,dc=org" from the DN like "uid=joe,dc=something,dc=org"
      */
     public String getParentDn() {
-        return new LinkedList<>(entries).remove().toString();
+        LinkedList<Entry> parentDnEntries = new LinkedList<>(entries);
+        parentDnEntries.remove();
+        return toString(parentDnEntries);
     }
 
     public void addFirst(String rdnName, String rdnValue) {
diff --git a/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java b/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java
new file mode 100644
index 0000000000..77bc4ceb60
--- /dev/null
+++ b/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java
@@ -0,0 +1,22 @@
+package org.keycloak.federation.ldap.idm.model;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class LDAPDnTest {
+
+    @Test
+    public void testDn() throws Exception {
+        LDAPDn dn = LDAPDn.fromString("dc=keycloak, dc=org");
+        dn.addFirst("ou", "People");
+        Assert.assertEquals("ou=People,dc=keycloak,dc=org", dn.toString());
+
+        dn.addFirst("uid", "Johny,Depp");
+        Assert.assertEquals("uid=Johny\\,Depp,ou=People,dc=keycloak,dc=org", dn.toString());
+
+        Assert.assertEquals("ou=People,dc=keycloak,dc=org", dn.getParentDn());
+    }
+}