ldap-escape
v2.0.6
Published
Escape functions for LDAP filters and distinguished names to prevent LDAP injection attacks.
Maintainers
Readme
ldap-escape
Template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks. Uses the escape codes from Active Directory: Characters to Escape.
Installation
npm install --save ldap-escapeSpecification
escapes for search filter
| Character | Escape |
|-----------|--------|
| * | \2A |
| ( | \28 |
| ) | \29 |
| \ | \5C |
| NUL | \00 |
escapes for distinguished names
| Character | Escape |
|-----------------------------|--------|
| , | \, |
| \ | \\ |
| # | \# |
| + | \+ |
| < | \< |
| > | \> |
| ; | \; |
| " | \" |
| = | \= |
| SPC (leading or trailing) | \ |
Template Literal Tag Functions
ldapEscape.filter
Escapes input for use as an LDAP filter.
ldapEscape.dn
Escapes input for use as an LDAP distinguished name.
Examples
Escape a Search Filter
"use strict";
const ldapEscape = require('ldap-escape');
const uid = 1337;
console.log(ldapEscape.filter`uid=${uid}`); // -> 'uid=1337'Escape a DN
"use strict";
const ldapEscape = require('ldap-escape');
const cn = 'alice';
console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'Testing
npm testLicense
See LICENSE.md
