You are attempting to search all those 'cn' value which has a 'space' character a first value but failing to do so.
It either comes back with no entries OR shows the value you are looking for in encoded format.

e.g. you have values such as:

cn: exampleUser1
cn: exampleUser2
cn: exampleUser3
cn:  exampleUser4<== This one starts with space character.
cn: exampleUser5

When you run:
dxsearch -LLL -v -h hostname:port -b ou=im,ou=ca,o=com -s sub "(cn=\20*)" cn

It results into no values returned.

When you run:
dxsearch -LLL -v -h hostname:port -b ou=im,ou=ca,o=com -s sub "(cn=\20h*)" cn

It results into:

cn: exampleUser1
cn: exampleUser2
cn: exampleUser3
cn:: IGhvYUdjbkXXXXXXXXX5ob2FnLm9yZw== (here you are expecting a clear text value while is shows base64 encoded value)
cn: exampleUser5

Release : 14.1

Component : CA Directory

What you are seeing is a normal behavior. Due to first character being a space, the value is base64 encoded.

From RFC 2849 -
SAFE-CHAR = %x01-09 / %x0B-0C / %x0E-7F
; any value <= 127 decimal except NUL, LF,
; and CR

SAFE-INIT-CHAR = %x01-09 / %x0B-0C / %x0E-1F /
%x21-39 / %x3B / %x3D-7F
; any value <= 127 except NUL, LF, CR,
; SPACE, colon (":", ASCII 58 decimal)
; and less-than ("<" , ASCII 60 decimal)

SAFE-STRING = [SAFE-INIT-CHAR *SAFE-CHAR]

If the value does not fall within these parameter it MUST be base64 encoded.

"Any value that contains characters other than those defined as "SAFE-CHAR", or begins with a character other than those defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded."

However, what you do is to return all 'cn' value that start with 'h' (including the one with ' h') with use of -B option.

Using above example, the search would be:

xsearch -LLL -v -B -h hostname:port -b ou=im,ou=ca,o=com -s sub "(cn=h*)" cn

It should result into:

cn: exampleUser1
cn: exampleUser2
cn: exampleUser3
cn:  exampleUser4
cn: exampleUser5