It seems the backslash notation is not actually defined for LDIF.
That indeed is a valuable hint, out of curiosity I will test, wether other ldap server implementations will also accept at least the \FF notation for the dn, but that is off topic here.
RFC 2849 (LDAP Data Interchange Format) says:
SAFE-STRING = [SAFE-INIT-CHAR *SAFE-CHAR]
SAFE-CHAR = %x01-09 / %x0B-0C / %x0E-7F SAFE-INIT-CHAR = %x01-09 / %x0B-0C / %x0E-1F / %x21-39 / %x3B / %x3D-7F
I have come across this way of writing in a couple of rfc, also one about unicode, but the %xFF notation (with or without the x) never worked for me. Not even within the dn.
dn: cn=A %xF0%x9F%x99%x82 Test,dc=example,dc=com
Does not work as intended, unless I've made another mistake.
But as said before, I am a bit overwhelmed with understanding these rfc. Or rather translate them into practical action.
So far I had only luck with the \FF notation, and only for the dn, which is correct, as I know now.
But, as mentioned above, I will also test against SDS and 389DS, to figure, wether those will also accept the backslash notation as well.
Just to see, if this is kind of a defacto standard, even if not hardcoded into a rfc.