diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index e2f4371fe2818f086db178aca0b5b95370ba4494..9fb16743fbb52a67faf47f47c66b117914b921b1 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -815,7 +815,7 @@ public class LdapUserDAO extends LdapDAO
         logger.debug("search filter: " + filter);
 
         final String[] attributes = new String[]
-            { LDAP_UID, LDAP_FIRST_NAME, LDAP_LAST_NAME };
+            { LDAP_USER_NAME, LDAP_FIRST_NAME, LDAP_LAST_NAME };
         final SearchRequest searchRequest =
             new SearchRequest(usersDN, SearchScope.ONE, filter, attributes);
 
@@ -831,10 +831,10 @@ public class LdapUserDAO extends LdapDAO
                     next.getAttributeValue(LDAP_FIRST_NAME);
                 final String lastName =
                     next.getAttributeValue(LDAP_LAST_NAME).trim();
-                final String uid = next.getAttributeValue(LDAP_UID);
+                final String username = next.getAttributeValue(LDAP_USER_NAME);
 
                 User user = new User();
-                user.getIdentities().add(new HttpPrincipal(uid));
+                user.getIdentities().add(new HttpPrincipal(username));
 
                 // Only add Personal Details if it is relevant.
                 if (StringUtil.hasLength(firstName) &&
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java
index 37c3e1335499e464880c68141f041b724df29e89..d58b5b791a82f3864527ee49834c537e419c3212 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java
@@ -107,7 +107,7 @@ public class CreateGroupAction extends AbstractGroupAction
             }
             for (User usr : group.getUserMembers())
             {
-                addedMembers.add(usr.getHttpPrincipal().getName());
+                addedMembers.add(usr.getX500Principal().getName());
             }
         }
         logGroupInfo(group.getID(), null, addedMembers);
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java
index 8d08c6fb61ff369567382cd6c4c27c7666e51f2f..8abb5a7a6a2d2ed80b4a436baa8285947e28f3ed 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java
@@ -78,6 +78,7 @@ import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.server.PluginFactory;
 import ca.nrc.cadc.ac.server.UserPersistence;
 import ca.nrc.cadc.auth.AuthenticationUtil;
+import ca.nrc.cadc.util.ObjectUtil;
 
 public class RemoveUserMemberAction extends AbstractGroupAction
 {
@@ -102,6 +103,7 @@ public class RemoveUserMemberAction extends AbstractGroupAction
 
         User user = getUserPersistence().getAugmentedUser(userPrincipal);
         User toRemove = new User();
+        ObjectUtil.setField(toRemove, user.getID(), "id");
         toRemove.getIdentities().addAll(user.getIdentities());
 
         if (!group.getUserMembers().remove(toRemove))
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/User.java b/cadcAccessControl/src/ca/nrc/cadc/ac/User.java
index 19a1b2cd6e8fdaa05652ada5013ffcd2bcfb6568..827f3df6c1f3e36c64fed54d8567ba9835c83aa1 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/User.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/User.java
@@ -68,6 +68,7 @@
  */
 package ca.nrc.cadc.ac;
 
+import java.io.PrintWriter;
 import java.security.Principal;
 import java.util.Comparator;
 import java.util.Date;
@@ -77,8 +78,12 @@ import java.util.TreeSet;
 
 import ca.nrc.cadc.auth.HttpPrincipal;
 
+import javax.security.auth.x500.X500Principal;
+
 public class User
 {
+    // How on God's green earth is this used?  Where is it set?
+    // jenkinsd 2016.03.24
     private InternalID id;
 
     private Set<Principal> identities = new TreeSet<Principal>(new PrincipalComparator());
@@ -141,6 +146,14 @@ public class User
         return null;
     }
 
+    public X500Principal getX500Principal()
+    {
+        final Set<X500Principal> identities =
+                getIdentities(X500Principal.class);
+        return identities.isEmpty() ? null : identities.iterator().next();
+    }
+
+
     /**
      * A User is considered consistent if the User's set of identities are a superset
      * of this Users set of identities.
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
index 8e2780087f960fd4d48077f0ad87b3945a2888e0..baebd04836031f517ae436300392b8e039f39b16 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
@@ -117,8 +117,8 @@ public class UserClient
     /**
      * Constructor.
      *
-     * @param baseURL The URL of the supporting access control web service
-     *                obtained from the registry.
+     * @param serviceURI    The URI of the supporting access control web service
+     *                      obtained from the registry.
      */
     public UserClient(URI serviceURI)
             throws IllegalArgumentException
@@ -129,7 +129,7 @@ public class UserClient
     public UserClient(URI serviceURI, RegistryClient registryClient)
     {
         if (serviceURI == null)
-            throw new IllegalArgumentException("invalid serviceURI: " + serviceURI);
+            throw new IllegalArgumentException("Service URI cannot be null.");
         if (serviceURI.getFragment() != null)
             throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI);
 
@@ -204,7 +204,9 @@ public class UserClient
     {
         URL usersURL = registryClient.getServiceURL(usersURI, "https");
         final List<User> webUsers = new ArrayList<User>();
-        HttpDownload httpDownload = new HttpDownload(usersURL, new JsonUserListInputStreamWrapper(webUsers));
+        HttpDownload httpDownload =
+                new HttpDownload(usersURL,
+                                 new JsonUserListInputStreamWrapper(webUsers));
         httpDownload.setRequestProperty("Accept", "application/json");
         httpDownload.run();