I've had this problem several times now.

Problem: Calling token-escape-for-dest-dn will use the driver's defined "Supported DN format" in it's escaping rules. There is no way to override this and specify that you want to use another DN format for escaping.

For example: In a null where the Supported DN format (aka Dest-dn-format) is "slash", have tried to tweak this value without success.

What I actually wanted was to within a Null Driver, escape a dn fragment using LDAP DN format instead.

The following code seems to work (but is a bit ugly)

<token-replace-first regex="cn=" replace-with="">
<token-parse-dn dest-dn-format="ldap">
<token-text xml:space="preserve">cn=</token-text>
<token-local-variable name="dnFragment"/>

I suspect that it could also be done via calling the getName method of the XdsDN class as it allows you to specify the DN format delimiters. Has anyone tried that?

Anyone got other another idea/approach?