keycloak-uncached

diff --git a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
index 1a32097..e935063 100644
--- a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
+++ b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
@@ -74,7 +74,7 @@ public class LDAPConstants {
     public static final String COMMA = ",";
     public static final String EQUAL = "=";
     public static final String EMPTY_ATTRIBUTE_VALUE = " ";
-    public static final String EMPTY_MEMBER_ATTRIBUTE_VALUE = "";
+    public static final String EMPTY_MEMBER_ATTRIBUTE_VALUE = "cn=empty-membership-placeholder";
 
     public static final String CUSTOM_ATTRIBUTE_ENABLED = "enabled";
     public static final String CUSTOM_ATTRIBUTE_CREATE_DATE = "createDate";

diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractFormAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractFormAuthenticator.java
index 5e16237..9ac6f07 100755
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractFormAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractFormAuthenticator.java
@@ -163,7 +163,7 @@ public abstract class AbstractFormAuthenticator implements Authenticator {
     public boolean validatePassword(AuthenticatorContext context, MultivaluedMap<String, String> inputData) {
         List<UserCredentialModel> credentials = new LinkedList<>();
         String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
-        if (password == null) {
+        if (password == null || password.isEmpty()) {
             if (context.getUser() != null) {
                 context.getEvent().user(context.getUser());
             }

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
index b91ee08..533b43f 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@@ -121,22 +121,22 @@ public class FederationProvidersIntegrationTest {
             RealmModel appRealm = manager.getRealm("test");
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
             LDAPObject jbrown2 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown2", "John", "Brown2", "jbrown2@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown2, "password");
+            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown2, "Password1");
             LDAPObject jbrown3 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown3", "John", "Brown3", "JBrown3@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown3, "password");
+            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown3, "Password1");
         } finally {
             keycloakRule.stopSession(session, true);
         }
 
-        loginSuccessAndLogout("jbrown2", "password");
-        loginSuccessAndLogout("JBrown2", "password");
-        loginSuccessAndLogout("jbrown2@email.org", "password");
-        loginSuccessAndLogout("JBrown2@email.org", "password");
+        loginSuccessAndLogout("jbrown2", "Password1");
+        loginSuccessAndLogout("JBrown2", "Password1");
+        loginSuccessAndLogout("jbrown2@email.org", "Password1");
+        loginSuccessAndLogout("JBrown2@email.org", "Password1");
 
-        loginSuccessAndLogout("jbrown3", "password");
-        loginSuccessAndLogout("JBrown3", "password");
-        loginSuccessAndLogout("jbrown3@email.org", "password");
-        loginSuccessAndLogout("JBrown3@email.org", "password");
+        loginSuccessAndLogout("jbrown3", "Password1");
+        loginSuccessAndLogout("JBrown3", "Password1");
+        loginSuccessAndLogout("jbrown3@email.org", "Password1");
+        loginSuccessAndLogout("JBrown3@email.org", "Password1");
     }
 
     private void loginSuccessAndLogout(String username, String password) {
@@ -155,9 +155,9 @@ public class FederationProvidersIntegrationTest {
             RealmModel appRealm = manager.getRealm("test");
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
             LDAPObject jbrown2 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown2, "password");
+            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown2, "Password1");
             LDAPObject jbrown3 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown3, "password");
+            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown3, "Password1");
         } finally {
             keycloakRule.stopSession(session, true);
         }