From 58bc651c8511ec28e54060c00031aaed5436c9e1 Mon Sep 17 00:00:00 2001
From: Aiden Foxx <aiden.foxx.mail@gmail.com>
Date: Sat, 4 Dec 2021 15:18:20 +0100
Subject: [PATCH] Fixed escaping error on LDAP filters (#10297)

---
 api/src/auth/drivers/ldap.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/src/auth/drivers/ldap.ts b/api/src/auth/drivers/ldap.ts
index 85f419f65dc8b..f7f26f730615c 100644
--- a/api/src/auth/drivers/ldap.ts
+++ b/api/src/auth/drivers/ldap.ts
@@ -2,6 +2,7 @@ import { Router } from 'express';
 import ldap, {
 	Client,
 	Error,
+	EqualityFilter,
 	SearchCallbackResponse,
 	SearchEntry,
 	InappropriateAuthenticationError,
@@ -108,7 +109,10 @@ export class LDAPAuthDriver extends AuthDriver {
 			// Search for the user in LDAP by attribute
 			this.bindClient.search(
 				userDn,
-				{ filter: `(${userAttribute ?? 'cn'}=${identifier})`, scope: userScope ?? 'one' },
+				{
+					filter: new EqualityFilter({ attribute: userAttribute, value: identifier }),
+					scope: userScope ?? 'one',
+				},
 				(err: Error | null, res: SearchCallbackResponse) => {
 					if (err) {
 						reject(handleError(err));
@@ -186,7 +190,7 @@ export class LDAPAuthDriver extends AuthDriver {
 				groupDn,
 				{
 					attributes: ['cn'],
-					filter: `(${groupAttribute ?? 'member'}=${userDn})`,
+					filter: new EqualityFilter({ attribute: groupAttribute, value: userDn }),
 					scope: groupScope ?? 'one',
 				},
 				(err: Error | null, res: SearchCallbackResponse) => {