diff --git a/src/main/kotlin/no/foreningenbs/usersapi/ldap/Ldap.kt b/src/main/kotlin/no/foreningenbs/usersapi/ldap/Ldap.kt
index 7d0f52d2..f6b18c10 100644
--- a/src/main/kotlin/no/foreningenbs/usersapi/ldap/Ldap.kt
+++ b/src/main/kotlin/no/foreningenbs/usersapi/ldap/Ldap.kt
@@ -518,7 +518,7 @@ fun escape(value: String) =
     .replace("(", "\\28")
     .replace(")", "\\29")
     .replace("*", "\\2a")
-    .replace(0x0.toString(), "\\00")
+    .replace("\u0000", "\\00")
 
 fun <E> Enumeration<E>.toList(): List<E> {
   val list = mutableListOf<E>()
diff --git a/src/test/kotlin/no/foreningenbs/usersapi/ldap/EscapeSpec.kt b/src/test/kotlin/no/foreningenbs/usersapi/ldap/EscapeSpec.kt
new file mode 100644
index 00000000..cb994bf6
--- /dev/null
+++ b/src/test/kotlin/no/foreningenbs/usersapi/ldap/EscapeSpec.kt
@@ -0,0 +1,27 @@
+package no.foreningenbs.usersapi.ldap
+
+import io.kotest.core.spec.style.DescribeSpec
+import io.kotest.matchers.shouldBe
+
+class EscapeSpec :
+  DescribeSpec({
+    describe("escape") {
+      it("escapes the five RFC 2254 special characters") {
+        escape("\\") shouldBe "\\5c"
+        escape("(") shouldBe "\\28"
+        escape(")") shouldBe "\\29"
+        escape("*") shouldBe "\\2a"
+        escape("\u0000") shouldBe "\\00"
+      }
+
+      it("does not mangle digits — regression for leo04 bug where '0' was replaced with \\00") {
+        escape("leo04") shouldBe "leo04"
+        escape("0") shouldBe "0"
+      }
+
+      it("leaves benign input untouched") {
+        escape("alice") shouldBe "alice"
+        escape("user@example.com") shouldBe "user@example.com"
+      }
+    }
+  })