Little late to the party here but I was experiencing the same issue and found a workaround. This might have been updated in newer versions of the ldapfilter, so I'm not sure if this is relevant anymore.
In this case, the issue seems to arise from "\" needing to be escaped - as you've alluded to. "(" and ")" within the DN can also cause the same issue.
I did a few evals to just replace those characters with their LDAP escape character equivalents. More info on escaping LDAP characters can be found here.
So in your case, I think it'd look something like the following:
* | head 1 | eval x="CN=Doe\, John,OU=Dept,DC=domain,DC=com"
| eval removeBackS = replace(x,"\\\\","\5c")
| eval removeOpPer = replace(removeBackS,"\\(", "\28")
| eval removeClPer = replace(removeOpPer,"\\)", "\29")
| rename removeClPer as final
| ldapfilter domain=domain.com search="(distinguishedName=$final$)" attrs="sAMAccountName"
This will make your DN string look somewhat weird ("CN=Doe\5c, John,OU=Dept,DC=domain,DC=com") but should resolve in the LDAP filter.
Hopefully this will help someone out in the future!
... View more