From d27cc40b7c6a60aaec6df376199d8ee8861de0d0 Mon Sep 17 00:00:00 2001
From: Wilton Rodrigues <wiltonsr94@gmail.com>
Date: Thu, 3 Nov 2022 14:08:06 -0300
Subject: [PATCH] Adding ldap.EscapeFilter

- Prevents break search filter strings with special characters
- https://github.com/go-ldap/ldap/pull/338#issuecomment-906124695
---
 ldapauth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ldapauth.go b/ldapauth.go
index 1ef0c00..803d0dc 100644
--- a/ldapauth.go
+++ b/ldapauth.go
@@ -268,7 +268,7 @@ func LdapCheckUserGroups(conn *ldap.Conn, config *Config, entry *ldap.Entry, use
 			"(member=%s)"+
 			"(uniqueMember=%s)"+
 			"(memberUid=%s)"+
-			")", entry.DN, entry.DN, username)
+			")", ldap.EscapeFilter(entry.DN), ldap.EscapeFilter(entry.DN), ldap.EscapeFilter(username))
 
 		LoggerDEBUG.Printf("Searching Group: '%s' with User: '%s'", g, entry.DN)