diff --git a/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm b/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
index 912e8e6..6770221 100644
--- a/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -3,6 +3,7 @@ package RT::Authen::ExternalAuth::LDAP;
 use Net::LDAP qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS);
 use Net::LDAP::Util qw(ldap_error_name escape_filter_value);
 use Net::LDAP::Filter;
+use Encode;
 
 use strict;
 
@@ -401,8 +402,18 @@ sub CanonicalizeUserInfo {
                 if ($RT::LdapAttrMap and $RT::LdapAttrMap->{$key} eq 'dn') {
                     $params{$key} = $entry->dn();
                 } else {
-                    $params{$key} =
-                      ($entry->get_value($config->{'attr_map'}->{$key}))[0];
+                    my $val = ($entry->get_value($config->{'attr_map'}->{$key}))[0];
+                    # Sometimes Net::LDAP returns garbled data which can be ungarbled
+                    # by runnning it through decode.
+                    # This is an ugly fix, but it works for us...
+                    if (defined($val)) {
+                        my $val_decoded = decode('utf-8', $val);
+                        if($val ne $val_decoded) {
+                            $RT::Logger->warning("Whoops: " . $val . " vs " . $val_decoded);
+                            $val = $val_decoded;
+                        }
+                    }
+                    $params{$key} = $val;
                 }
             }
             $found = 1;