diff --git a/connector/ldap/ldap_test.go b/connector/ldap/ldap_test.go
index de85b6a256ea6c4cb24074cb7831787f26d80734..6590124b419d6ae9a104400b72f1450bb36dae51 100644
--- a/connector/ldap/ldap_test.go
+++ b/connector/ldap/ldap_test.go
@@ -2,6 +2,7 @@ package ldap
 
 import (
 	"context"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"log/slog"
@@ -40,6 +41,10 @@ type subtest struct {
 	want      connector.Identity
 }
 
+func enc(s string) string {
+	return hex.EncodeToString([]byte(s))
+}
+
 func TestQuery(t *testing.T) {
 	c := &Config{}
 	c.UserSearch.BaseDN = "ou=People,ou=TestQuery,dc=example,dc=org"
@@ -54,7 +59,7 @@ func TestQuery(t *testing.T) {
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestQuery,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestQuery,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -65,7 +70,7 @@ func TestQuery(t *testing.T) {
 			username: "john",
 			password: "bar",
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestQuery,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestQuery,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -114,7 +119,7 @@ func TestQueryWithEmailSuffix(t *testing.T) {
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "jane@test.example.com",
 				EmailVerified: true,
@@ -125,7 +130,7 @@ func TestQueryWithEmailSuffix(t *testing.T) {
 			username: "john",
 			password: "bar",
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "john@test.example.com",
 				EmailVerified: true,
@@ -151,7 +156,7 @@ func TestUserFilter(t *testing.T) {
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -162,7 +167,7 @@ func TestUserFilter(t *testing.T) {
 			username: "john",
 			password: "bar",
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -208,7 +213,7 @@ func TestGroupQuery(t *testing.T) {
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -221,7 +226,7 @@ func TestGroupQuery(t *testing.T) {
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestGroupQuery,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestGroupQuery,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -255,7 +260,7 @@ func TestGroupsOnUserEntity(t *testing.T) {
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -268,7 +273,7 @@ func TestGroupsOnUserEntity(t *testing.T) {
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -303,7 +308,7 @@ func TestGroupFilter(t *testing.T) {
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -316,7 +321,7 @@ func TestGroupFilter(t *testing.T) {
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -356,7 +361,7 @@ func TestGroupToUserMatchers(t *testing.T) {
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -369,7 +374,7 @@ func TestGroupToUserMatchers(t *testing.T) {
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -404,7 +409,7 @@ func TestDeprecatedGroupToUserMatcher(t *testing.T) {
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -417,7 +422,7 @@ func TestDeprecatedGroupToUserMatcher(t *testing.T) {
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org",
+				UserID:        enc("cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org"),
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@@ -443,7 +448,7 @@ func TestStartTLS(t *testing.T) {
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestStartTLS,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestStartTLS,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -467,7 +472,7 @@ func TestInsecureSkipVerify(t *testing.T) {
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@@ -491,7 +496,7 @@ func TestLDAPS(t *testing.T) {
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=TestLDAPS,dc=example,dc=org",
+				UserID:        enc("cn=jane,ou=People,ou=TestLDAPS,dc=example,dc=org"),
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,