From 743cc9fec79976b343853568f4e4f906d67bd2b2 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sun, 16 Apr 2006 16:11:02 +0000
Subject: [PATCH] Fix for SEC-215. Check for empty nameInNameSpace before
 appending.

---
 .../ldap/search/FilterBasedLdapUserSearch.java        | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java b/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java
index 4556f41a47..aebba8cc31 100644
--- a/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java
+++ b/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java
@@ -22,7 +22,10 @@ import org.acegisecurity.ldap.LdapUtils;
 import org.acegisecurity.ldap.InitialDirContextFactory;
 import org.acegisecurity.ldap.LdapUserInfo;
 import org.acegisecurity.ldap.LdapDataAccessException;
+
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -136,8 +139,12 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
                 userDn.append(searchBase);
             }
 
-            userDn.append(",");
-            userDn.append(ctx.getNameInNamespace());
+            String nameInNamespace = ctx.getNameInNamespace();
+
+            if(StringUtils.hasLength(nameInNamespace)) {
+                userDn.append(",");
+                userDn.append(nameInNamespace);
+            }
 
             return new LdapUserInfo(userDn.toString(), searchResult.getAttributes());