Index: src/main/java/info/magnolia/jaas/sp/ldap/ADAuthenticationModule.java
===================================================================
--- src/main/java/info/magnolia/jaas/sp/ldap/ADAuthenticationModule.java	(revision 38398)
+++ src/main/java/info/magnolia/jaas/sp/ldap/ADAuthenticationModule.java	(working copy)
@@ -58,6 +58,9 @@
                     = this.context.search(this.properties.getProperty(AttributeMap.INITIAL_SEARCH_STRING), uidAttribute+"="+this.name, ctrl);
             this.parseSearchResult(answer);
             String commonName = this.attributeMap.getSingleValueProperty(AttributeMap.COMMON_NAME);
+            // if we have the user's DN (set by parseSearchResult(), why not use it - CF.createContext() will fallback to Context.SECURITY_PRINCIPAL (with USERID substitution) if its not there)
+            String distinguishedName = attributeMap.getSingleValueProperty(AttributeMap.DISTINGUISHED_NAME);
+
             // now see if we can authenticate this user
             if (StringUtils.equals(this.properties.getProperty(AttributeMap.SSO_SLAVE), "true")) {
                 // do nothing, we cannot check for password in SSO env
@@ -71,7 +74,7 @@
                 this.context = ConnectionFactory.getContext(connectionName,
                         jndiConfigFilePath,
                         commonName,
-                        null,
+                        distinguishedName,
                         password);
             }
         } catch (AuthenticationException ae) {