Skip to content

LDAP Injection attack safety #31

New issue
New issue
Open
Open
LDAP Injection attack safety#31
@bhavberi

Description

@bhavberi
bhavberi
opened on Mar 4, 2026

We should not pass the user input directly to LDAP, but rather use https://www.python-ldap.org/en/latest/reference/ldap-filter.html#ldap.filter.escape_filter_chars to prevent any unwanted attack.

Example of how it should be done:

import ldap
from ldap.filter import escape_filter_chars

search_filter = f"(mail={escape_filter_chars(email)})"
results = conn.search_s(BASE_DN, ldap.SCOPE_SUBTREE, search_filter)

Please read more about it and try to fix it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions