diff --git a/src/externalldap.js b/src/externalldap.js
index ab0cdf150..c90fa0129 100644
--- a/src/externalldap.js
+++ b/src/externalldap.js
@@ -40,10 +40,11 @@ function removePrivateFields(ldapConfig) {
 function translateUser(ldapConfig, ldapUser) {
     assert.strictEqual(typeof ldapConfig, 'object');
 
+    // RFC: https://datatracker.ietf.org/doc/html/rfc2798
     return {
         username: ldapUser[ldapConfig.usernameField],
         email: ldapUser.mail || ldapUser.mailPrimaryAddress,
-        displayName: ldapUser.cn // user.giveName + ' ' + user.sn
+        displayName: ldapUser.displayName || ldapUser.cn // user.giveName + ' ' + user.sn
     };
 }
 
diff --git a/src/ldap.js b/src/ldap.js
index d4b5cf2f3..f417bdc22 100644
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -172,7 +172,7 @@ async function userSearch(req, res, next) {
             attributes: {
                 objectclass: ['user', 'inetorgperson', 'person', 'organizationalperson', 'top' ],
                 objectcategory: 'person',
-                cn: user.id,
+                cn: displayName,
                 uid: user.id,
                 entryuuid: user.id, // to support OpenLDAP clients
                 mail: user.email,
diff --git a/src/userdirectory.js b/src/userdirectory.js
index 31742de00..6b30ae743 100644
--- a/src/userdirectory.js
+++ b/src/userdirectory.js
@@ -170,7 +170,7 @@ async function userSearch(req, res, next) {
             attributes: {
                 objectclass: ['user', 'inetorgperson', 'person' ],
                 objectcategory: 'person',
-                cn: user.id,
+                cn: displayName,
                 uid: user.id,
                 entryuuid: user.id, // to support OpenLDAP clients
                 mail: user.email,