From 24c61334ff9aa41782bc78c0ce8f27c09d203ec9 Mon Sep 17 00:00:00 2001
From: CL-Andrew <96407253+CL-Andrew@users.noreply.github.com>
Date: Fri, 27 Mar 2026 16:53:12 -0700
Subject: [PATCH] update ldap strings

---
 core/sessions/ldapauth/ldap.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/sessions/ldapauth/ldap.go b/core/sessions/ldapauth/ldap.go
index 39fdd16da0a..208641c7c33 100644
--- a/core/sessions/ldapauth/ldap.go
+++ b/core/sessions/ldapauth/ldap.go
@@ -403,7 +403,7 @@ func (l *ldapAuthenticator) CreateSession(ctx context.Context, sr sessions.Sessi
 	var returnErr error
 
 	// Attempt to LDAP Bind with user provided credentials
-	escapedEmail := ldap.EscapeFilter(strings.ToLower(sr.Email))
+	escapedEmail := ldap.EscapeDN(strings.ToLower(sr.Email))
 	searchBaseDN := fmt.Sprintf("%s=%s,%s,%s", l.config.BaseUserAttr(), escapedEmail, l.config.UsersDN(), l.config.BaseDN())
 	if err = conn.Bind(searchBaseDN, sr.Password); err != nil {
 		l.lggr.Infof("Error binding user authentication request in LDAP Bind: %v", err)
@@ -505,7 +505,7 @@ func (l *ldapAuthenticator) TestPassword(ctx context.Context, email string, pass
 	defer conn.Close()
 
 	// Attempt to LDAP Bind with user provided credentials
-	escapedEmail := ldap.EscapeFilter(strings.ToLower(email))
+	escapedEmail := ldap.EscapeDN(strings.ToLower(email))
 	searchBaseDN := fmt.Sprintf("%s=%s,%s,%s", l.config.BaseUserAttr(), escapedEmail, l.config.UsersDN(), l.config.BaseDN())
 	err = conn.Bind(searchBaseDN, password)
 	if err == nil {