diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 05720b02..a8fca122 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -752,7 +752,7 @@ function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes
 	$filter = '';
 	$filterParts = array();
 	if ($name != null) {
-		$filterParts[] = '(' . $name . '=' . $value . ')';
+		$filterParts[] = '(' . $name . '=' . ldap_escape($value) . ')';
 	}
 	if ($objectClass != null) {
 		$filterParts[] = '(objectClass=' . $objectClass . ')';
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index b30719b3..ca1ec154 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -573,7 +573,7 @@ class posixAccount extends baseModule implements passwordService {
 			$types = array('gon', 'group');
 			$gonList = array();
 			foreach ($types as $type) {
-				$gonFilter = '(|(&(objectClass=groupOfNames)(member=' . $this->getAccountContainer()->dn_orig . '))(&(objectClass=groupOfMembers)(member=' . $this->getAccountContainer()->dn_orig . '))(&(objectClass=groupOfUniqueNames)(uniqueMember=' . $this->getAccountContainer()->dn_orig . ')))';
+				$gonFilter = '(|(&(objectClass=groupOfNames)(member=' . ldap_escape($this->getAccountContainer()->dn_orig) . '))(&(objectClass=groupOfMembers)(member=' . $this->getAccountContainer()->dn_orig . '))(&(objectClass=groupOfUniqueNames)(uniqueMember=' . $this->getAccountContainer()->dn_orig . ')))';
 				if (!empty($typeSettings['filter_' . $type])) {
 					$typeFilter = $typeSettings['filter_' . $type];
 					if (strpos($typeFilter, '(') !== 0) {