KEYCLOAK-19743 Fix null username in ldap

[mrk-andreev]

Fix MembershipType.getGroupMembers when username is null (invalid configuration).

Context: method MembershipType.getGroupMembers return list of usernames. Username can be fetched by:

• userDn.getFirstRdn().getAttrValue(ldapConfig.getRdnLdapAttribute())
• LDAPUtils.getUsername(ldapUser, ldapConfig)

Inside LDAPUtils.getUsername(ldapUser, ldapConfig) null check is look like:

public static String getUsername(LDAPObject ldapUser, LDAPConfig config) {
        String usernameAttr = config.getUsernameLdapAttribute();
        String ldapUsername = ldapUser.getAttributeAsString(usernameAttr);

        if (ldapUsername == null) {
            throw new ModelException("User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: " +
                    config.getUsernameLdapAttribute() + ", user DN: " + ldapUser.getDn() + ", attributes from LDAP: " + ldapUser.getAttributes());
        }

        return ldapUsername;
    }

But in case userDn.getFirstRdn().getAttrValue(ldapConfig.getRdnLdapAttribute()) there are no null verification.

So MembershipType.getGroupMembers get return list with nulls. This behavior breaks UserCacheSession:getUserByUsername when we transform username to lowercase

@Override
public UserModel getUserByUsername(RealmModel realm, String username) {
        logger.tracev("getUserByUsername: {0}", username);
        username = username.toLowerCase();

---

I suggest to throw exception ModelException like LDAPUtils.getUsername do.

Issue: https://issues.redhat.com/browse/KEYCLOAK-19743

[mposolda]

@mrk-andreev Sorry for late response. The PR looks good, but are you please able to rebase this PR on top of latest Keycloak main?

[mposolda]

@mrk-andreev Sorry, I've merged the latest Keycloak main to your branch. So no rebase needed. Nothing needed for you now.