The Lightweight Directory Access Protocol (LDAP) allows an application to remotely perform operations such as searching and modifying records existing in directories. LDAP injection results from inadequate input sanitization and validation and allows malicious users to glean restricted information using the directory service.
A white list whitelist can be used to restrict input to a list of valid characters. Characters that must be excluded from whitelists — including JNDI metacharacters and LDAP special characters — are:
...