Issue #1159 (closed) exposed a bug where LDAP DNs would be loaded in ASCII-8BIT encoding but compared against UTF-8-encoded values. This comparison would always fail, causing the LDAP group sync to evict users with Unicode characters. The problem was quietly masked because the user would be re-added later in the group sync worker.
This commit forces the UTF-8 encoding and falls back to the original value if that fails.
The net-ldap library has an outstanding issue (https://github.com/ruby-ldap/ruby-net-ldap/issues/4) to load data in UTF-8 format instead of ASCII-8BIT. Per https://tools.ietf.org/html/rfc4514#section-3, LDAP DNs should be in UTF-8.