Just found out what was wrong. The code was also propagating the displayName value to gecos. We used gecos as an extra copy of displayName because of one client application which only did work with gecos.
The error wasn't noticed before because now for the first time we had a user with an umlaut in his name. We could just remove gecos from the directory altogether because the program in question isn't in use any more.
But isn't a gecos value supposed to hold a full name? It being unable to hold an utf8 value seems somehow wrong, no?