From 8e1d407e3e0bd9f1dbde1af9b1707736bad9aaee Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 1 Nov 2011 13:28:56 +0000
Subject: [PATCH] SEC-1848: LDAP encode name when using user DN patterns in
 AbstractLdapAuthenticator.

---
 .../security/ldap/authentication/BindAuthenticatorTests.java   | 3 ++-
 .../ldap/authentication/AbstractLdapAuthenticator.java         | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
index c58cf65597..69a1ac0f10 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
@@ -55,10 +55,11 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
 
     @Test
     public void testAuthenticationWithCorrectPasswordSucceeds() {
-        authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
+        authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people", "cn={0},ou=people"});
 
         DirContextOperations user = authenticator.authenticate(bob);
         assertEquals("bob", user.getStringAttribute("uid"));
+        authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
     }
 
     @Test
diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
index bc0c57d6f1..23e3072223 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java
@@ -15,6 +15,7 @@
 
 package org.springframework.security.ldap.authentication;
 
+import org.springframework.ldap.core.LdapEncoder;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.ldap.search.LdapUserSearch;
 import org.springframework.beans.factory.InitializingBean;
@@ -91,7 +92,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
         }
 
         List<String> userDns = new ArrayList<String>(userDnFormat.length);
-        String[] args = new String[] {username};
+        String[] args = new String[] {LdapEncoder.nameEncode(username)};
 
         synchronized (userDnFormat) {
             for (MessageFormat formatter : userDnFormat) {