Active Directory returns attributes with lots of values using an illegal attribute option that is rejected by the SDK even when "allowMalformedNamesAndOptions" is true, e.g. "memberOf;range=0-1999".
An entry returned from AD that contains an attribute with an illegal option cannot be parsed, and we cannot read the entry.
The illegal character used by AD is "=". It is not permitted in the definition of <keychar> in RFC 4512 section 1.4.
Adding "=" to the list of allowed malformed characters improves interworking with AD.