Prosoft Git

keycloak-aplcache

KEYCLOAK-5453 - Empty RDNs makes Keycloak unstable

9/12/2017 8:28:35 AM
Przemyslaw Kadej

Przemyslaw Kadej

Commit: 5b1a761

Tree: 32ee009

Parents: 7f8b5e0

Changes

federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java 6(+5 -1)

federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java 19(+19 -0)

Details

federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java 6(+5 -1) 

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java
index 94014fa..39e7d97 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/model/LDAPDn.java
@@ -50,7 +50,11 @@ public class LDAPDn {
         String[] rdns = dnString.split("(?<!\\\\),");
         for (String entryStr : rdns) {
             String[] rdn = entryStr.split("(?<!\\\\)=");
-            dn.addLast(rdn[0].trim(), rdn[1].trim());
+            if (rdn.length >1) {
+                dn.addLast(rdn[0].trim(), rdn[1].trim());
+            } else {
+                dn.addLast(rdn[0].trim(), "");
+            }
         }
 
         return dn;

federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java 19(+19 -0) 

diff --git a/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java b/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java
index d749c13..9035ea6 100644
--- a/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java
+++ b/federation/ldap/src/test/java/org/keycloak/storage/ldap/idm/model/LDAPDnTest.java
@@ -48,6 +48,25 @@ public class LDAPDnTest {
     }
 
     @Test
+    public void testEmptyRDN() throws Exception {
+        LDAPDn dn = LDAPDn.fromString("dc=keycloak, dc=org");
+        dn.addFirst("ou", "");
+
+        Assert.assertEquals("ou", dn.getFirstRdnAttrName());
+        Assert.assertEquals("", dn.getFirstRdnAttrValue());
+
+        Assert.assertEquals("ou=,dc=keycloak,dc=org", dn.toString());
+
+        dn.addFirst("uid", "Johny,Depp+Pepp\\Foo");
+        Assert.assertEquals("uid=Johny\\,Depp\\+Pepp\\\\Foo,ou=,dc=keycloak,dc=org", dn.toString());
+
+        dn = LDAPDn.fromString("uid=Johny\\,Depp\\+Pepp\\\\Foo,ou=,O=keycloak,C=org");
+        Assert.assertTrue(dn.isDescendantOf(LDAPDn.fromString("ou=, O=keycloak,C=org")));
+        Assert.assertTrue(dn.isDescendantOf(LDAPDn.fromString("OU=, o=keycloak,c=org")));
+        Assert.assertFalse(dn.isDescendantOf(LDAPDn.fromString("ou=People, O=keycloak,C=org")));
+    }
+
+    @Test
     public void testCorrectEscape() throws Exception {
         LDAPDn dn = LDAPDn.fromString("dc=keycloak, dc=org");
         dn.addFirst("cn", "Johny,Džýa Foo");

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github