Comment 1 for bug 997700

So the trivial first fix is to change sn to cn for the name field in the identity LDAP backend.

The problem is that the cn is used as the user ID field already, and this cannot be the Name. I suspect that the right field to use would be the uid. But for inetOrgPerson, that is listed as MAY not MUST. That goes all the way up the hierarchy to 'Person' where the only two MUST fields are cn and sn.