diff -rupN krb5-1.10.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c krb5-1.10.3.new/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
--- krb5-1.10.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c	2012-08-08 15:27:56.000000000 -0700
+++ krb5-1.10.3.new/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c	2012-08-26 20:33:51.000000000 -0700
@@ -501,6 +501,7 @@ krb5_ldap_put_principal(krb5_context con
     char                        *polname = NULL;
     OPERATION optype;
     krb5_boolean                found_entry = FALSE;
+    char                        *filter_user = NULL;
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
@@ -562,12 +563,19 @@ krb5_ldap_put_principal(krb5_context con
                                      "name not found"));
             goto cleanup;
         }
-        princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
+
+        filter_user = ldap_filter_correct(user);
+        if (filter_user == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
+
+        princlen = strlen(FILTER) + strlen(filter_user) + 2 + 1;      /* 2 for closing brackets */
         if ((filter = malloc(princlen)) == NULL) {
             st = ENOMEM;
             goto cleanup;
         }
-        snprintf(filter, princlen, FILTER"%s))", user);
+        snprintf(filter, princlen, FILTER"%s))", filter_user);
 
         /* get the current subtree list */
         if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
@@ -673,8 +681,16 @@ krb5_ldap_put_principal(krb5_context con
         }
         CHECK_NULL(subtree);
 
+        if (filter_user == NULL) {
+            filter_user = ldap_filter_correct(user);
+            if (filter_user == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+        }
+ 
         if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s",
-                     user, subtree) < 0)
+                     filter_user, subtree) < 0)
             standalone_principal_dn = NULL;
         CHECK_NULL(standalone_principal_dn);
         /*
@@ -1252,6 +1268,9 @@ cleanup:
     if (user)
         free(user);
 
+    if (filter_user) {
+        free(filter_user);
+    }
     free_xargs(xargs);
 
     if (standalone_principal_dn)
diff -rupN krb5-1.10.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c krb5-1.10.3.new/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
--- krb5-1.10.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c	2012-08-08 15:27:56.000000000 -0700
+++ krb5-1.10.3.new/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c	2012-08-26 20:33:35.000000000 -0700
@@ -88,6 +88,10 @@ ldap_filter_correct (char *in)
         case ')':
         case '\\':
         case '\0':
+        case '+':
+        case '#':
+        case ';':
+        case ',':
             count ++;
         }
 
@@ -127,6 +131,30 @@ ldap_filter_correct (char *in)
             ptr[2] = '0';
             ptr += 3;
             break;
+        case '+':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = 'b';
+            ptr += 3;
+            break;
+        case '#':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = '3';
+            ptr += 3;
+            break;
+        case ',':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = 'c';
+            ptr += 3;
+            break;
+        case ';':
+            ptr[0] = '\\';
+            ptr[1] = '3';
+            ptr[2] = 'b';
+            ptr += 3;
+            break;
         default:
             ptr[0] = in[i];
             ptr += 1;