About LDAP injection

The concept of LDAP injection is similar to SQL injection, except that the target is Active Directory or any LDAP server. The idea is to inject untrusted data into a LDAP query by malicious users.

Here comes a paper to explain that.

http://www.spidynamics.com/support/whitepapers/LDAPinjection.pdf