- Add strict username validation to prevent LDAP injection attacks
- Only allow alphanumeric characters, underscores, and hyphens in usernames
- Implement length limits and format validation for usernames
- Replace direct string interpolation with validated input in LDAP filters
- Update all logging to use sanitized username consistently
- Fix ESLint warnings for code style compliance
This prevents injection attacks like: *)(|(uid=admin that could bypass
authentication or allow user enumeration through malicious LDAP filters.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add comprehensive input validation for LDAP authentication:
- Validate bindDN, bindCredentials, userDN, and password parameters
- Add configuration validation during service initialization
- Enhanced error messages for missing/invalid LDAP settings
- Prevent "stringToWrite must be a string" errors from ldapjs client
- Added null/undefined checks for all LDAP credential parameters
This fixes authentication errors when LDAP configuration values
are missing, empty, or of incorrect type.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
