From 4380ce58a6f3854d67220b33a03361322c1791d3 Mon Sep 17 00:00:00 2001
From: rmartinc <rmartinc@redhat.com>
Date: Wed, 10 Jul 2024 17:41:54 +0200
Subject: [PATCH] Do not compare user DN using DN comparison as Ad can login
 via username@domain Closes #31196

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit bd90ead892b6a8ba00da747e8e870babc820a14e)
---
 .../services/managers/LDAPServerCapabilitiesManager.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java b/federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
index c34f031029d7..d87411615281 100755
--- a/federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
@@ -56,7 +56,7 @@ public static LDAPConfig buildLDAPConfig(TestLdapConnectionRepresentation config
             if (component != null) {
                 LDAPConfig ldapConfig = new LDAPConfig(component.getConfig());
                 if (Objects.equals(URI.create(config.getConnectionUrl()), URI.create(ldapConfig.getConnectionUrl()))
-                        && Objects.equals(LDAPDn.fromString(config.getBindDn()), LDAPDn.fromString(ldapConfig.getBindDN()))) {
+                        && config.getBindDn() != null && config.getBindDn().equalsIgnoreCase(ldapConfig.getBindDN())) {
                     bindCredential = ldapConfig.getBindCredential();
                 }
             }