diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js
index 30453e3..6aa116a 100755
--- a/adapters/oidc/js/src/main/resources/keycloak.js
+++ b/adapters/oidc/js/src/main/resources/keycloak.js
@@ -163,6 +163,8 @@
}
} else if (initOptions.onLoad) {
onLoad();
+ } else {
+ initPromise.setSuccess();
}
} else {
initPromise.setSuccess();
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index a872b77..b8401de 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -34,7 +34,14 @@ public class LDAPDn {
public static LDAPDn fromString(String dnString) {
LDAPDn dn = new LDAPDn();
-
+
+ // In certain OpenLDAP implementations the uniqueMember attribute is mandatory
+ // Thus, if a new group is created, it will contain an empty uniqueMember attribute
+ // Later on, when adding members, this empty attribute will be kept
+ // Keycloak must be able to process it, properly, w/o throwing an ArrayIndexOutOfBoundsException
+ if(dnString.trim().isEmpty())
+ return dn;
+
String[] rdns = dnString.split("(?<!\\\\),");
for (String entryStr : rdns) {
String[] rdn = entryStr.split("(?<!\\\\)=");
