An example of an LDAP client which is vulnerable to blind LDAP injection attack. For more details see An example of LDAP injection in Java. For more details see https://blog.gypsyengineer.com/fun/security/ldap-injections.html

LDAPInfo.java

import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import java.util.Hashtable;

public class LDAPInfo {

    public static void main(String[] args) throws Exception {
        if (args.length < 1) {
            throw new RuntimeException("I need UID!");
        }

        String uid = args[0];

        String query = String.format("(&(uid=%s)(objectClass=person))", uid);
        System.out.println("LDAP query: " + query);

        Hashtable<String, Object> env = new Hashtable<>();
        env.put("java.naming.provider.url", "ldap://localhost:8080/dc=example,dc=org");
        env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        InitialLdapContext ctx = new InitialLdapContext(env, null);

        SearchControls constraints = new SearchControls();
        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        constraints.setReturningAttributes(new String[] { "telephoneNumber" });

        NamingEnumeration<SearchResult> results = ctx.search("", query, constraints);
        try {
            if (!results.hasMore()) {
                System.out.println("Nobody found!");
            } else {
                Object phone = results.next().getAttributes().get("telephoneNumber");
                System.out.println("Phone: " + phone);
            }
        } finally {
            results.close();
        }
    }
}