ldap-escape

Escape functions for LDAP filters and distinguished names to prevent LDAP injection attacks.

Usage no npm install needed!

<script type="module">
  import ldapEscape from 'https://cdn.skypack.dev/ldap-escape';
</script>

README

ldap-escape

Template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks. Uses the escape codes from Active Directory: Characters to Escape.

Installation

npm install --save ldap-escape

Specification

escapes for search filter

Character Escape
* \2A
( \28
) \29
\ \5C
NUL \00

escapes for distinguished names

Character Escape
, \,
\ \\
# \#
+ \+
< \<
> \>
; \;
" \"
= \=
SPC (leading or trailing) \

Template Literal Tag Functions

ldapEscape.filter

Escapes input for use as an LDAP filter.

ldapEscape.dn

Escapes input for use as an LDAP distinguished name.

Examples

Escape a Search Filter

"use strict";

const ldapEscape = require('ldap-escape');

const uid = 1337;

console.log(ldapEscape.filter`uid=${uid}`); // -> 'uid=1337'

Escape a DN

"use strict";

const ldapEscape = require('ldap-escape');

const cn = 'alice';

console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'

Testing

npm test

License

See LICENSE.md