diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 63e12252f73b920253540effaad16de57917d7d5..469ffd7bd065f7dbda297503b34e21772a2a0a0d 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -406,9 +406,21 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
                     "Unsupported principal type " + user.getUserID()
                             .getClass());
         }
-
-        searchField = "(" + searchField + "=" + user.getUserID().getName()
-                      + ")";
+        
+        // change the DN to be in the 'java' format
+        if (user.getUserID() instanceof X500Principal)
+        {
+            X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm(
+                (X500Principal) user.getUserID());
+            searchField = "(" + searchField + "=" + orderedPrincipal.toString() + ")";
+        }
+        else
+        {
+            searchField = "(" + searchField + "=" + user.getUserID().getName()
+                    + ")";
+        }
+        
+        logger.debug("Search field is: " + searchField);
 
         SearchResultEntry searchResult = null;
         try