Description
This script is possibly vulnerable to LDAP Injection attacks.
Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for both querying and manipulating X.500 directory services. When a web application fails to properly sanitize user-supplied input, it is possible for an attacker to alter the construction of an LDAP statement.
Remediation
Your script should filter metacharacters from user input.