SEC-1641: Correct code and test for null groupSearchBase.

ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java

@@ -143,7 +143,9 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
         ldapTemplate.setSearchControls(searchControls);
         this.groupSearchBase = groupSearchBase;
 
-        if (groupSearchBase.length() == 0) {
+        if (groupSearchBase == null) {
+            logger.info("groupSearchBase is null. No group search will be performed.");
+        } else if (groupSearchBase.length() == 0) {
             logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
         }
     }
@@ -197,7 +199,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 
     public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username) {
         if (getGroupSearchBase() == null) {
-            return Collections.emptySet();
+            return new HashSet<GrantedAuthority>();
         }
 
         Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();

ldap/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java

@@ -58,7 +58,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
 
     @Test
     public void nullSearchBaseIsAccepted() throws Exception {
-        populator = new DefaultLdapAuthoritiesPopulator(getContextSource(), "ou=groups");
+        populator = new DefaultLdapAuthoritiesPopulator(getContextSource(), null);
         populator.setDefaultRole("ROLE_USER");
 
         Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(