ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.