diff --git a/ldapalchemy/core.py b/ldapalchemy/core.py
index 57c8663ec421998c94f147860d3562512d4c15aa..c20a93ef789a057ff52470a2e310665b673fe63c 100644
--- a/ldapalchemy/core.py
+++ b/ldapalchemy/core.py
@@ -193,7 +193,14 @@ class Session:
 		if not conn.response:
 			return None
 		assert len(conn.response) == 1
-		assert conn.response[0]['dn'] == dn
+		if conn.response[0]['dn'] != dn:
+			# To use DNs as cache keys, we assume each DN has a single unique string
+			# representation. This is not generally true: RDN attributes may be
+			# case insensitive or values may contain escape sequences.
+			# In this case, the provided DN differs from the canonical form the
+			# server returned. We cannot handle this consistently, so we report no
+			# match.
+			return None
 		obj = Object(self, conn.response[0])
 		self.state.objects[dn] = obj
 		self.committed_state.objects[dn] = obj