RFC 2831 not well implemented, causing SASL with DIGEST-MD5 not working with every username / password on Active Directory

[Shirakawa42]

As indicated in RFC 2831 page 10,

If "charset=UTF-8" is present, and all the characters of either "username-value" or "passwd" are
in the ISO 8859-1 character set, then it must be converted to ISO 8859-1 before being hashed.

source: https://www.rfc-editor.org/rfc/rfc2831#page-10

Here is a sample code that does not work but should be working if the RFC 2831 was correctly implemented:

import ldap3
from ldap3.protocol.sasl.digestMd5 import *

ldapserver = ldap3.Server(host='ldap://ldap_server', port=389)
realm = 'realm'
username = 'Ürsôlàéèç'
password = 'hello'

conn = ldap3.Connection(ldapserver, authentication=ldap3.SASL, sasl_mechanism=ldap3.DIGEST_MD5, sasl_credentials=(realm, username, password, None, 'sign'))
print(str(conn.bind()))

-> False

Here is how to fix the problem (with charset = utf-8):

in ldap3/protocol/sasl/digestMd5.py

def patch_string(string):
    try:
        return string.encode('latin-1')
    except UnicodeEncodeError:
        pass
    return string.encode('utf-8')

def sasl_digest_md5(connection, controls):
...
    patched_user = patch_string(connection.sasl_credentials[1])
    patched_pwd = patch_string(connection.sasl_credentials[2])

    a0 = md5_h(b':'.join([patched_user, realm, patched_pwd]))
...