diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index f929385511697284380d6e5f6f4abef2d6457ce9..33eebfbc0ddb099240953bcafc8f048f18f1e3ba 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -83,6 +83,7 @@ import org.apache.log4j.Logger;
 import ca.nrc.cadc.ac.PersonalDetails;
 import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.UserNotFoundException;
+import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.net.TransientException;
 
@@ -407,7 +408,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
 
         searchField = "(" + searchField + "=" +
-                      user.getUserID().getName() + ")";
+                      AuthenticationUtil.canonizeDistinguishedName(
+                              user.getUserID().getName()) + ")";
 
         SearchResultEntry searchResult = null;
         try
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/User.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/User.java
index 22f609ad0ee492fc483f24a34a0f3b87c6ae87b3..308552eff8fab1b0d9a9e560c3e073d22a5b16e2 100644
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/User.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/User.java
@@ -72,6 +72,9 @@ import java.security.Principal;
 import java.util.HashSet;
 import java.util.Set;
 
+import ca.nrc.cadc.auth.AuthenticationUtil;
+
+
 public class User<T extends Principal>
 {
     private T userID;
@@ -130,11 +133,7 @@ public class User<T extends Principal>
             return false;
         }
         User other = (User) obj;
-        if (!userID.equals(other.userID))
-        {
-            return false;
-        }
-        return true;
+        return AuthenticationUtil.equals(userID, other.userID);
     }
 
     @Override