diff --git a/src/authm_mad/one_auth_mad.rb b/src/authm_mad/one_auth_mad.rb
index 6b9250f49b..91bb065d43 100755
--- a/src/authm_mad/one_auth_mad.rb
+++ b/src/authm_mad/one_auth_mad.rb
@@ -33,6 +33,9 @@ require 'scripts_common'
 require 'OpenNebulaDriver'
 require 'getoptlong'
 require 'shellwords'
+require 'uri'
+
+URI_PARSER=URI::Parser.new
 
 # This is a generic AuthZ/AuthN driver able to manage multiple authentication 
 # protocols (simultaneosly). It also supports the definition of custom 
@@ -111,8 +114,8 @@ class AuthDriver < OpenNebulaDriver
         authN_path = File.join(@local_scripts_path, driver)
 
         command = File.join(authN_path, ACTION[:authN].downcase)
-        command << ([user, password, secret].map do |p|
-            Shellwords.escape(p)
+        command << ' ' << ([user, password, secret].map do |p|
+            Shellwords.escape(URI_PARSER.unescape(p))
         end.join(' '))
 
         rc = LocalCommand.run(command, log_method(request_id))
diff --git a/src/authm_mad/remotes/ldap/authenticate b/src/authm_mad/remotes/ldap/authenticate
index 29846f916b..61ea39980b 100755
--- a/src/authm_mad/remotes/ldap/authenticate
+++ b/src/authm_mad/remotes/ldap/authenticate
@@ -29,8 +29,10 @@ end
 $: << RUBY_LIB_LOCATION
 
 require 'yaml'
-require 'uri'
 require 'ldap_auth'
+require 'uri'
+
+URI_PARSER=URI::Parser.new
 
 user=ARGV[0]
 pass=ARGV[1]
@@ -77,8 +79,9 @@ begin
     end
 
     if ldap.authenticate(user_name, secret)
-        escaped_user=URI.escape(user_name, " \t\n\v\f\r")
-        puts "ldap #{user} #{escaped_user}"
+        escaped_user=URI_PARSER.escape(user_name)
+        escaped_secret=URI_PARSER.escape(secret)
+        puts "ldap #{escaped_user} #{escaped_secret}"
         authenticated=true
         break
     else