apache · valdar · Feb 16, 2017
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -125,9 +125,9 @@ private Map<String, Set<String>> parseRoleMapping(String option) {
             LOGGER.debug("Parse role mapping {}", option);
             String[] mappings = option.split(";");
             for (String mapping : mappings) {
-                String[] map = mapping.split("=", 2);
-                String ldapRole = map[0].trim();
-                String[] karafRoles = map[1].split(",");
+                int index = mapping.lastIndexOf("=");
+                String ldapRole = mapping.substring(0,index).trim();
+                String[] karafRoles = mapping.substring(index+1).split(",");
                 if (roleMapping.get(ldapRole) == null) {
                     roleMapping.put(ldapRole, new HashSet<String>());
                 }

diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
@@ -438,5 +438,55 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback
         assertTrue(module.logout());
         assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
     }
+
+    @Test
+    public void testRoleMappingFqdn() throws Exception {
+        Properties options = ldapLoginModuleOptions();
+        options.put(LDAPOptions.ROLE_MAPPING, "cn=admin,ou=groups,dc=example,dc=com=karaf;cn=admin,ou=mygroups,dc=example,dc=com=another");
+        options.put(LDAPOptions.ROLE_BASE_DN, "ou=groups,dc=example,dc=com");
+        options.put(LDAPOptions.ROLE_SEARCH_SUBTREE, "true");
+        options.put(LDAPOptions.ROLE_FILTER, "(member=%fqdn)");
+        options.put(LDAPOptions.ROLE_NAME_ATTRIBUTE, "description");
+        LDAPLoginModule module = new LDAPLoginModule();
+        CallbackHandler cb = new CallbackHandler() {
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+                for (Callback cb : callbacks) {
+                    if (cb instanceof NameCallback) {
+                        ((NameCallback) cb).setName("admin");
+                    } else if (cb instanceof PasswordCallback) {
+                        ((PasswordCallback) cb).setPassword("admin123".toCharArray());
+                    }
+                }
+            }
+        };
+        Subject subject = new Subject();
+        module.initialize(subject, cb, null, options);
+
+        assertEquals("Precondition", 0, subject.getPrincipals().size());
+        assertTrue(module.login());
+        assertTrue(module.commit());
+
+        assertEquals(2, subject.getPrincipals().size());
+
+        final List<String> roles = new ArrayList<String>(Arrays.asList("karaf"));
+
+        boolean foundUser = false;
+        boolean foundRole = false;
+        for (Principal principal : subject.getPrincipals()) {
+            if (principal instanceof UserPrincipal) {
+                assertEquals("admin", principal.getName());
+                foundUser = true;
+            } else if (principal instanceof RolePrincipal) {
+                assertTrue(roles.remove(principal.getName()));
+                foundRole = true;
+            }
+        }
+        assertTrue(foundUser);
+        assertTrue(foundRole);
+        assertTrue(roles.isEmpty());
+
+        assertTrue(module.logout());
+        assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+    }
 }
 
diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
@@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com
 objectClass: top
 objectClass: groupOfNames
 cn: admin
+description: cn=admin,ou=groups,dc=example,dc=com
 member: cn=admin,ou=people,dc=example,dc=com
 
 dn: cn=admin,ou=people,dc=example,dc=com
@@ -55,4 +56,3 @@ cn: cheese
 sn: cheese
 uid: cheese
 userPassword: foodie
-
diff --git a/...dules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif b/...dules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
@@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com
 objectClass: top
 objectClass: groupOfNames
 cn: admin
+description: cn=admin,ou=groups,dc=example,dc=com
 member: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
 
 dn: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com