Apologies if this has been brought up before. I think it might be useful to always escape non-printable characters:
#define LDAP_DN_NEEDESCAPE(c) \ - ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) ) + ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) || !LDAP_DN_ASCII_PRINTABLE(c) ) It seems to me nicer to see them escaped rather than have the whole DN base64 encoded, when presenting DNs using ldapsearch. (The real reason is a replication interoperability issue with AD.) -- Luke --
