keycloak-uncached

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index dfccec7..f1cd341 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -66,13 +66,33 @@ public class LDAPDn {
     }
 
     public void addFirst(String rdnName, String rdnValue) {
+        rdnValue = escape(rdnValue);
         entries.addFirst(new Entry(rdnName, rdnValue));
     }
 
-    public void addLast(String rdnName, String rdnValue) {
+    private void addLast(String rdnName, String rdnValue) {
         entries.addLast(new Entry(rdnName, rdnValue));
     }
 
+    // Need to escape "john,dot" to be "john\,dot"
+    private String escape(String rdnValue) {
+        if (rdnValue.contains(",")) {
+            StringBuilder result = new StringBuilder();
+            boolean first = true;
+            for (String split : rdnValue.split(",")) {
+                if (!first) {
+                    result.append("\\,");
+                } else {
+                    first = false;
+                }
+                result.append(split);
+            }
+            return result.toString();
+        } else {
+            return rdnValue;
+        }
+    }
+
 
     private static class Entry {
         private final String attrName;

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
index 2caed44..cd5bb5b 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@@ -352,6 +352,24 @@ public class FederationProvidersIntegrationTest {
     }
 
     @Test
+    public void testDotInUsername() {
+        // Add LDAP user with same email like existing model user
+        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
+                LDAPObject johnDot = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,dot", "John", "Dot", "johndot@email.org", null, "12387");
+                ldapFedProvider.getLdapIdentityStore().updatePassword(johnDot, "Password1");
+            }
+
+        });
+
+        // Try to import the duplicated LDAP user into Keycloak
+        loginSuccessAndLogout("john,dot", "Password1");
+    }
+
+    @Test
     public void testDirectLDAPUpdate() {
         KeycloakSession session = keycloakRule.startSession();