12 Apr
2007
12 Apr
'07
4:48 p.m.
No. It's part of the LDAP query.
In order to avoid external users logging in with names that are valid LDAP queries, the untrusted user input is escaped before it is passed to the LDAP module.
Apparently something in the ldap_escape_func is broken when talking to Microsoft AD. I replaced the code of that function with the much more lenient code of the 1.0.1 ldap_escape_func, and it works great with MS LDAP now!