diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php
index 15ce4d2f4129c..d501f08a5ecb3 100644
--- a/apps/user_ldap/lib/LDAP.php
+++ b/apps/user_ldap/lib/LDAP.php
@@ -37,6 +37,7 @@
 use OCA\User_LDAP\DataCollector\LdapDataCollector;
 use OCA\User_LDAP\Exceptions\ConstraintViolationException;
 use OCP\IConfig;
+use OCP\ILogger;
 use OCP\Profiler\IProfiler;
 use Psr\Log\LoggerInterface;
 
@@ -44,6 +45,7 @@ class LDAP implements ILDAPWrapper {
 	protected string $logFile = '';
 	protected array $curArgs = [];
 	protected LoggerInterface $logger;
+	protected IConfig $config;
 
 	private ?LdapDataCollector $dataCollector = null;
 
@@ -316,6 +318,21 @@ protected function invokeLDAPMethod(string $func, ...$arguments) {
 		return null;
 	}
 
+	/**
+	 * Turn resources into string, and removes potentially problematic cookie string to avoid breaking logfiles
+	 */
+	private function sanitizeFunctionParameters(array $args): array {
+		return array_map(function ($item) {
+			if ($this->isResource($item)) {
+				return '(resource)';
+			}
+			if (isset($item[0]['value']['cookie']) && $item[0]['value']['cookie'] !== '') {
+				$item[0]['value']['cookie'] = '*opaque cookie*';
+			}
+			return $item;
+		}, $args);
+	}
+
 	private function preFunctionCall(string $functionName, array $args): void {
 		$this->curArgs = $args;
 		if(strcasecmp($functionName, 'ldap_bind') === 0 || strcasecmp($functionName, 'ldap_exop_passwd') === 0) {
@@ -326,11 +343,14 @@ private function preFunctionCall(string $functionName, array $args): void {
 			$args[2] = IConfig::SENSITIVE_VALUE;
 		}
 
-		$this->logger->debug('Calling LDAP function {func} with parameters {args}', [
-			'app' => 'user_ldap',
-			'func' => $functionName,
-			'args' => json_encode($args),
-		]);
+		if ($this->config->getSystemValue('loglevel') === ILogger::DEBUG) {
+			/* Only running this if debug loglevel is on, to avoid processing parameters on production */
+			$this->logger->debug('Calling LDAP function {func} with parameters {args}', [
+				'app' => 'user_ldap',
+				'func' => $functionName,
+				'args' => $this->sanitizeFunctionParameters($args),
+			]);
+		}
 
 		if ($this->dataCollector !== null) {
 			$args = array_map(function ($item) {
@@ -344,14 +364,13 @@ private function preFunctionCall(string $functionName, array $args): void {
 			}, $this->curArgs);
 
 			$backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
-			$this->dataCollector->startLdapRequest($functionName, $args, $backtrace);
+			$this->dataCollector->startLdapRequest($functionName, $this->sanitizeFunctionParameters($args), $backtrace);
 		}
 
 		if ($this->logFile !== '' && is_writable(dirname($this->logFile)) && (!file_exists($this->logFile) || is_writable($this->logFile))) {
-			$args = array_map(fn ($item) => (!$this->isResource($item) ? $item : '(resource)'), $this->curArgs);
 			file_put_contents(
 				$this->logFile,
-				$functionName . '::' . json_encode($args) . "\n",
+				$functionName . '::' . json_encode($this->sanitizeFunctionParameters($args)) . "\n",
 				FILE_APPEND
 			);
 		}