From 1d3496ba58621e4f4fc65bf407d8542b0fa265c8 Mon Sep 17 00:00:00 2001
From: Jan Orel <jorel@opennebula.systems>
Date: Mon, 9 Aug 2021 10:09:43 +0200
Subject: [PATCH] B #5488: LDAP auth: escape username (#1399)

---
 src/authm_mad/remotes/ldap/ldap_auth.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/authm_mad/remotes/ldap/ldap_auth.rb b/src/authm_mad/remotes/ldap/ldap_auth.rb
index 7f5bbbd3f0..359425f487 100644
--- a/src/authm_mad/remotes/ldap/ldap_auth.rb
+++ b/src/authm_mad/remotes/ldap/ldap_auth.rb
@@ -161,7 +161,8 @@ class OpenNebula::LdapAuth
     end
 
     def is_in_group?(user, group)
-        username = user.first.force_encoding(Encoding::UTF_8)
+        username = Net::LDAP::Filter.escape(
+            user.first.force_encoding(Encoding::UTF_8))
         result=@ldap.search(
                     :base   => group,
                     :attributes => [@options[:group_field]],