I am working on my first desktop app that queries LDAP. I’m working in

Question

0

Asked: May 15, 20262026-05-15T14:48:48+00:00 2026-05-15T14:48:48+00:00

I am working on my first desktop app that queries LDAP. I’m working in

0

I am working on my first desktop app that queries LDAP. I’m working in C under unix and using opends, and I’m new to LDAP. After woking a while on that I noticed that the user could be able to alter the LDAP query by injecting malicious code.
I’d like to know which sanitizing techniques are known, not only for C/unix development but in more general terms, i.e., web development etc.
I thought that escaping equals and semicolons would be enough, but not sure.

Here is a little piece of code so I can make clearer the question:

 String ldapSearchQuery = "(cn=" + $userName + ")";
 System.out.println(ldapSearchQuery);

Obviously I do need to sanitize $userName, as stated in this OWASP ARTICLE

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T14:48:48+00:00

Editorial Team

2026-05-15T14:48:48+00:00Added an answer on May 15, 2026 at 2:48 pm

OWASP is a good security guide that I use a lot, and has example code (in Java, but you should be able to translate):
http://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java

Also, here’s an Active Directory specific reference:
http://www.rlmueller.net/CharactersEscaped.htm

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am working on my first desktop app that queries LDAP. I’m working in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply