Hi Roland, My understanding of the LDAP attribute is that it's for defining how the user's full name is to be displayed, e.g. based on the values of the surname and give name attributes. So it's purpose is not really equivalent to username. RFC 2798, section 2.3 has an explanation of displayName. Cheers, Vladimir