Interesting, so it's technically a valid RDN as per the RFC, the frustration I guess is that I can't just feed that straight then into gopkg.in/ldap.v2 to retrieve that object. Whereas say in nginx, nodejs etc. querying the subject string I'd get a DN that I could lookup in LDAP.
Am I misunderstanding the use of a multivalue? It seems to suggest that in this case the OU could be either one or the other where in the directory it's actually a nested OU and as such has a fixed order.