diff --git a/www/auth/login.php b/www/auth/login.php
index fda493bb8efa34a8eb9a78c8e1dffb6e484e9f50..8e9411464adb5a0e9511c641fe32997ecb12f79b 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -65,11 +65,10 @@ if (isset($_POST['username'])) {
 
 	/* Escape any characters with a special meaning in LDAP. The following
 	 * characters have a special meaning (according to RFC 2253):
-	 * ',', '+', '"', '\', '<', '>', ';'
+	 * ',', '+', '"', '\', '<', '>', ';', '*'
 	 * These characters are escaped by prefixing them with '\'.
-	 * TODO: should '*' be escaped as well?
 	 */
-	$ldapusername = addcslashes($username, ',+"\\<>;');
+	$ldapusername = addcslashes($username, ',+"\\<>;*');
 
 	/* Insert the LDAP username into the pattern configured in the
 	 * 'auth.ldap.dnpattern' option.