how can LDAP injection blocked?

Burak Arslan burak at
Tue Apr 28 15:10:43 CEST 2009

Michael Ströder yazmış:
> mete bilgin wrote:
>> I'm developing a web-based ldap gui with python ( with python-ldap ).
>> And i miss something about security. How can i blocked ldap injection?
> Could you please elaborate on what you mean with "ldap injection"?

i guess what he means is something like this: imagine the following filter:


where $input comes from a web form, or similar. if $input==')' you get


which is invalid.

so some form of input validation must be used.

please correct me if i'm wrong

best regards

More information about the python-ldap mailing list