Prohibited character behaviour in stringprep/string matching differs in OpenLDAP
OpenLDAP matches attribute values with (at least some) prohibited characters in searches as if these characters were not prohibited. python-ldapserver strictly implements RFC4510 and consequently rejects (in case of matching: ignores) such values.
E.g. an entry with the cn
value "foo" followed by U+1D25
(part of A.1, unassigned code points) matches the search filter (cn=foo*)
with OpenLDAP but not with an LDAP server based on python-ldapserver.
We should investigate why that is.