Details
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index 239639c..a872b77 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -23,6 +23,8 @@ import java.util.LinkedList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.naming.ldap.Rdn;
+
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@@ -127,7 +129,7 @@ public class LDAPDn {
}
public void addFirst(String rdnName, String rdnValue) {
- rdnValue = escape(rdnValue);
+ rdnValue = Rdn.escapeValue(rdnValue);
entries.addFirst(new Entry(rdnName, rdnValue));
}
@@ -135,26 +137,6 @@ public class LDAPDn {
entries.addLast(new Entry(rdnName, rdnValue));
}
- // Need to escape "john,dot" to be "john\,dot"
- private String escape(String rdnValue) {
- if (rdnValue.contains(",")) {
- StringBuilder result = new StringBuilder();
- boolean first = true;
- for (String split : rdnValue.split(",")) {
- if (!first) {
- result.append("\\,");
- } else {
- first = false;
- }
- result.append(split);
- }
- return result.toString();
- } else {
- return rdnValue;
- }
- }
-
-
private static class Entry {
private final String attrName;
private final String attrValue;
diff --git a/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java b/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java
index cd7938c..620a166 100644
--- a/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java
+++ b/federation/ldap/src/test/java/org/keycloak/federation/ldap/idm/model/LDAPDnTest.java
@@ -31,9 +31,9 @@ public class LDAPDnTest {
dn.addFirst("ou", "People");
Assert.assertEquals("ou=People,dc=keycloak,dc=org", dn.toString());
- dn.addFirst("uid", "Johny,Depp");
- Assert.assertEquals("uid=Johny\\,Depp,ou=People,dc=keycloak,dc=org", dn.toString());
- Assert.assertEquals(LDAPDn.fromString("uid=Johny\\,Depp,ou=People,dc=keycloak,dc=org"), dn);
+ dn.addFirst("uid", "Johny,Depp+Pepp");
+ Assert.assertEquals("uid=Johny\\,Depp\\+Pepp,ou=People,dc=keycloak,dc=org", dn.toString());
+ Assert.assertEquals(LDAPDn.fromString("uid=Johny\\,Depp\\+Pepp,ou=People,dc=keycloak,dc=org"), dn);
Assert.assertEquals("ou=People,dc=keycloak,dc=org", dn.getParentDn());
@@ -44,6 +44,6 @@ public class LDAPDnTest {
Assert.assertFalse(dn.isDescendantOf(dn));
Assert.assertEquals("uid", dn.getFirstRdnAttrName());
- Assert.assertEquals("Johny\\,Depp", dn.getFirstRdnAttrValue());
+ Assert.assertEquals("Johny\\,Depp\\+Pepp", dn.getFirstRdnAttrValue());
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java
index f6c59b0..273a125 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java
@@ -405,6 +405,9 @@ public class FederationProvidersIntegrationTest {
if (!skip) {
LDAPObject johnComma = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,comma", "John", "Comma", "johncomma@email.org", null, "12387");
FederationTestUtils.updateLDAPPassword(ldapFedProvider, johnComma, "Password1");
+
+ LDAPObject johnPlus = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john+plus,comma", "John", "Plus", "johnplus@email.org", null, "12387");
+ FederationTestUtils.updateLDAPPassword(ldapFedProvider, johnPlus, "Password1");
}
} finally {
keycloakRule.stopSession(session, false);
@@ -413,6 +416,7 @@ public class FederationProvidersIntegrationTest {
if (!skip) {
// Try to import the user with comma in username into Keycloak
loginSuccessAndLogout("john,comma", "Password1");
+ loginSuccessAndLogout("john+plus,comma", "Password1");
}
}
