diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php
index be2fbecad853e563abaf3b326e2ce7e5337d842c..c84f22bdd308108cf54e2ed64a3e797a01a572b1 100644
--- a/apps/user_ldap/lib/Group_LDAP.php
+++ b/apps/user_ldap/lib/Group_LDAP.php
@@ -222,7 +222,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 			$pos = strpos($memberURLs[0], '(');
 			if ($pos !== false) {
 				$memberUrlFilter = substr($memberURLs[0], $pos);
-				$foundMembers = $this->access->searchUsers($memberUrlFilter, 'dn');
+				$foundMembers = $this->access->searchUsers($memberUrlFilter, ['dn']);
 				$dynamicMembers = [];
 				foreach ($foundMembers as $value) {
 					$dynamicMembers[$value['dn'][0]] = 1;
@@ -915,6 +915,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 		$attrs = $this->access->userManager->getAttributes(true);
 		foreach ($members as $member) {
 			switch ($this->ldapGroupMemberAssocAttr) {
+				/** @noinspection PhpMissingBreakStatementInspection */
 				case 'zimbramailforwardingaddress':
 					//we get email addresses and need to convert them to uids
 					$parts = explode('@', $member);
@@ -1088,6 +1089,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 		if (!$this->enabled) {
 			return [];
 		}
+		$search = $this->access->escapeFilterPart($search, true);
 		$cacheKey = 'getGroups-' . $search . '-' . $limit . '-' . $offset;
 
 		//Check cache before driving unnecessary searches