Testing ldap connection should not process or bind the credentials (k…

…eycloak#31081) Closes keycloak#30821 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
pedroigor · Jul 8, 2024 · e927195 · e927195
1 parent 6f988ef
commit e927195
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/...tion/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java b/...tion/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
@@ -66,7 +66,7 @@ private static int parseConnectionTimeout(String connectionTimeout) {
 
     public static LDAPConfig buildLDAPConfig(TestLdapConnectionRepresentation config, RealmModel realm) {
         String bindCredential = config.getBindCredential();
-        if (config.getComponentId() != null && !LDAPConstants.AUTH_TYPE.equals(LDAPConstants.AUTH_TYPE_NONE)
+        if (config.getComponentId() != null && !LDAPConstants.AUTH_TYPE_NONE.equals(config.getAuthType())
                 && ComponentRepresentation.SECRET_VALUE.equals(bindCredential)) {
             // check the connection URL and the bind DN are the same to allow using the same configured password
             ComponentModel component = realm.getComponent(config.getComponentId());

diff --git a/...sts/base/src/test/java/org/keycloak/testsuite/admin/UserFederationLdapConnectionTest.java b/...sts/base/src/test/java/org/keycloak/testsuite/admin/UserFederationLdapConnectionTest.java
@@ -48,7 +48,7 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
     public static LDAPRule ldapRule = new LDAPRule();
 
     @Test
-    public void testLdapConnections1() {
+    public void testLdapConnections() {
         // Unknown action
         Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation("unknown", "ldap://localhost:10389", "foo", "bar", "false", null));
         assertStatus(response, 400);
@@ -61,6 +61,14 @@ public void testLdapConnections1() {
         response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
         assertStatus(response, 204);
 
+        // Connection success with invalid credentials
+        String ldapModelId = testingClient.testing().ldap(REALM_NAME).createLDAPProvider(ldapRule.getConfig(), false);
+        getCleanup().addCleanup(() -> {
+            adminClient.realm(REALM_NAME).components().removeComponent(ldapModelId);;
+        });
+        response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", "invalid-db", ComponentRepresentation.SECRET_VALUE, "false", null, "false", LDAPConstants.AUTH_TYPE_SIMPLE, ldapModelId));
+        assertStatus(response, 204);
+
         // Bad authentication
         response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false", "10000"));
         assertStatus(response, 400);