protected function getAttributeToQuery($alias)
{
$attribute = $this->getTranslatedAttribute($alias) ?: $this->getAttribute();
// This avoids possible LDAP injection from unverified input for an attribute name.
if (!LdapUtilities::isValidAttributeFormat($attribute)) {
throw new LdapQueryException(sprintf('Attribute "%s" is not a valid name or OID.', $attribute));
}
return $attribute;
}