From e69c3dcb1f8163434c125e9eb09108f9e531270e Mon Sep 17 00:00:00 2001
From: Marcelo Sales <masales@redhat.com>
Date: Thu, 25 Nov 2021 10:30:42 +0100
Subject: [PATCH] KEYCLOAK-19391: Fix ldap query search adding custom serach
 filter

---
 .../idm/store/ldap/LDAPOperationManager.java  | 26 +++++++++++++------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
index 3a240b6f89..b99eac1bc9 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -370,26 +370,36 @@ public class LDAPOperationManager {
     }
 
     public String getFilterById(String id) {
-        String filter = null;
+        StringBuilder filter = new StringBuilder();
+        filter.insert(0, "(&");
 
         if (this.config.isObjectGUID()) {
             byte[] objectGUID = LDAPUtil.encodeObjectGUID(id);
-
-            filter = "(&(objectClass=*)(" + getUuidAttributeName() + LDAPConstants.EQUAL + LDAPUtil.convertObjectGUIDToByteString(objectGUID) + "))";
+            filter.append("(objectClass=*)(").append(
+                    getUuidAttributeName()).append(LDAPConstants.EQUAL)
+                .append(LDAPUtil.convertObjectGUIDToByteString(
+                    objectGUID)).append(")");
 
         } else if (this.config.isEdirectoryGUID()) {
-            filter = "(&(objectClass=*)(" + getUuidAttributeName().toUpperCase() + LDAPConstants.EQUAL + LDAPUtil.convertGUIDToEdirectoryHexString(id) + "))";
+            filter.append("(objectClass=*)(").append(getUuidAttributeName().toUpperCase())
+                .append(LDAPConstants.EQUAL
+                ).append(LDAPUtil.convertGUIDToEdirectoryHexString(id)).append(")");
+        } else {
+            filter.append("(objectClass=*)(").append(getUuidAttributeName()).append(LDAPConstants.EQUAL)
+                .append(id).append(")");
         }
 
-        if (filter == null) {
-            filter = "(&(objectClass=*)(" + getUuidAttributeName() + LDAPConstants.EQUAL + id + "))";
+        if (config.getCustomUserSearchFilter() != null) {
+            filter.append(config.getCustomUserSearchFilter());
         }
 
         if (logger.isTraceEnabled()) {
-            logger.tracef("Using filter for lookup user by LDAP ID: %s", filter);
+            logger.tracef("Using filter for lookup user by LDAP ID: %s", filter.toString());
         }
 
-        return filter;
+        filter.append(")");
+
+        return filter.toString();
     }
 
     public SearchResult lookupById(final String baseDN, final String id, final Collection<String> returningAttributes) {