From d26543360b31c858516d55282fec6b4ba59a5714 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Wed, 27 Aug 2014 12:18:36 +0200
Subject: [PATCH] KEYCLOAK-646 Fix LDAP authentication when there are commas in
 the value of bindingProperty

---
 .../idm/LDAPKeycloakCredentialHandler.java    | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java
index 7844e8e19f..dea12085e3 100644
--- a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java
+++ b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java
@@ -1,7 +1,15 @@
 package org.keycloak.picketlink.idm;
 
+import javax.naming.directory.SearchResult;
+
 import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.config.LDAPMappingConfiguration;
+import org.picketlink.idm.credential.UsernamePasswordCredentials;
+import org.picketlink.idm.credential.storage.CredentialStorage;
+import org.picketlink.idm.ldap.internal.LDAPIdentityStore;
+import org.picketlink.idm.ldap.internal.LDAPOperationManager;
 import org.picketlink.idm.ldap.internal.LDAPPlainTextPasswordCredentialHandler;
+import org.picketlink.idm.model.Account;
 import org.picketlink.idm.model.basic.BasicModel;
 import org.picketlink.idm.model.basic.User;
 import org.picketlink.idm.spi.IdentityContext;
@@ -24,4 +32,33 @@ public class LDAPKeycloakCredentialHandler extends LDAPPlainTextPasswordCredenti
 
         return BasicModel.getUser(identityManager, loginName);
     }
+
+
+    @Override
+    protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) {
+        Account account = getAccount(context, credentials.getUsername());
+        char[] password = credentials.getPassword().getValue();
+        String userDN = getDNOfUser(ldapIdentityStore, account);
+        if (CREDENTIAL_LOGGER.isDebugEnabled()) {
+            CREDENTIAL_LOGGER.debugf("Using DN [%s] for authentication of user [%s]", userDN, credentials.getUsername());
+        }
+
+        if (ldapIdentityStore.getOperationManager().authenticate(userDN, new String(password))) {
+            return true;
+        }
+
+        return false;
+    }
+
+    protected String getDNOfUser(LDAPIdentityStore ldapIdentityStore, Account user) {
+        LDAPMappingConfiguration userMappingConfig = ldapIdentityStore.getConfig().getMappingConfig(User.class);
+        SearchResult sr = ldapIdentityStore.getOperationManager().lookupById(userMappingConfig.getBaseDN(), user.getId(), userMappingConfig);
+
+        if (sr != null) {
+            return sr.getNameInNamespace();
+        } else {
+            // Fallback
+            return ldapIdentityStore.getBindingDN(user, true);
+        }
+    }
 }