diff --git a/src/authm_mad/remotes/ldap/authenticate b/src/authm_mad/remotes/ldap/authenticate
index b4a14bc806..c919212519 100755
--- a/src/authm_mad/remotes/ldap/authenticate
+++ b/src/authm_mad/remotes/ldap/authenticate
@@ -54,7 +54,6 @@ begin
     xml.initialize_xml(STDIN.read, 'AUTHN')
 
     user   = URI_PARSER.unescape(xml['/AUTHN/USERNAME'])
-    pass   = URI_PARSER.unescape(xml['/AUTHN/PASSWORD'])
     secret = URI_PARSER.unescape(xml['/AUTHN/SECRET'])
 rescue
     STDERR.puts "Invalid XML input"
@@ -106,13 +105,19 @@ order.each do |name|
             Timeout.timeout(timeout) do
                 ldap=OpenNebula::LdapAuth.new(server_conf)
 
-                user_name, user_group_name = ldap.find_user(user)
+                user_dn, user_uid, user_group_name = ldap.find_user(user)
 
-                if !user_name
+                if !user_dn
                     STDERR.puts "User #{user} not found"
                     break
                 end
 
+                if user_uid != user
+                    STDERR.puts "User \"#{user}\" has different "\
+                                "casing in LDAP \"#{user_uid}\""
+                    break
+                end
+
                 if server_conf[:group]
                     if !ldap.is_in_group?(user_group_name, server_conf[:group])
                         STDERR.puts "User #{user} is not in group #{server_conf[:group]}"
@@ -120,7 +125,7 @@ order.each do |name|
                     end
                 end
 
-                if ldap.authenticate(user_name, secret)
+                if ldap.authenticate(user_dn, secret)
                     groups = ldap.get_groups
                     if groups.empty?
                         if !server_conf[:mapping_default]
@@ -133,8 +138,9 @@ order.each do |name|
 
                     # authentication success
                     group_list = groups.join(' ')
+
                     escaped_user = URI_PARSER.escape(user).strip.downcase
-                    escaped_secret = URI_PARSER.escape(user_name)
+                    escaped_secret = URI_PARSER.escape(user_dn)
 
                     puts "ldap #{escaped_user} #{escaped_secret} #{group_list}"
                     exit
diff --git a/src/authm_mad/remotes/ldap/ldap_auth.rb b/src/authm_mad/remotes/ldap/ldap_auth.rb
index 9e2388dc52..76b6ec6326 100644
--- a/src/authm_mad/remotes/ldap/ldap_auth.rb
+++ b/src/authm_mad/remotes/ldap/ldap_auth.rb
@@ -64,9 +64,8 @@ class OpenNebula::LdapAuth
             }
         end
 
-        if !@options[:rfc2307bis]
-            @options[:attributes] << @options[:user_field]
-        end
+        # always fetch user_filed to compare casing
+        @options[:attributes] << @options[:user_field]
 
         # fetch the user group field only if we need that
         if @options[:group] or !@options[:rfc2307bis]
@@ -143,15 +142,21 @@ class OpenNebula::LdapAuth
 
         if result && result.first
             @user = result.first
-            [@user.dn, @user[@options[:user_group_field]]]
+
+            [@user.dn,
+             @user[@options[:user_field]].first,
+             @user[@options[:user_group_field]]
+            ]
         else
             result=@ldap.search(:base => name)
 
             if result && result.first
                 @user = result.first
-                [name, @user[@options[:user_group_field]]]
+                [name,
+                 @user[@options[:user_field]].first,
+                 @user[@options[:user_group_field]]]
             else
-                [nil, nil]
+                [nil, nil, nil]
             end
         end
     end