LDAP (AD) passes wrong DN during the user(s) lookup on RHBK

Issue

• Users are unable to reset their passwords through the account client due to an incorrect DN being passed to AD.
• An incorrect DN is passed to AD when a user tries to update its password, causing an object not found error.
• The correct DN is passed to AD when a user updates any attribute through the Client account management.
• However, during a password reset attempt, the incorrect object DN is passed to Active Directory, resulting in an error.

• The error messages in the server logs are the following:

  ERROR [org.keycloak.services] (executor-thread-43) KC-SERVICES0055: Error when authenticating to LDAP: LDAP connection has been closed: javax.naming.CommunicationException: LDAP connection has been closed [Root exception is java.io.IOException: LDAP connection has been closed]
  ...
  ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (executor-thread-433) Could not query server using DN [***] and filter [***]: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of: '***']
  ...
  ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (executor-thread-455) Failed during import user from LDAP: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: username, user DN: ***, attributes from LDAP: {***}