We are creating a document with our security guidelines, based on the OWASP Top 10. Our application is using Grails and the spring-security-ldap plugin for authenticating against and LDAP server. However, we need to document that LDAP Injection is prevented by using this plugin.

I've found some information in another thread about using the DistinguishedName and Filter classes to prevent this (http://forum.springsource.org/showth...LDAP-Injection), but wanted to see something more official.

Is there some place in the documentation and/or code that shows the username being properly escaped when authenticating against an LDAP server?

Thanks so much