diff --git a/lib/cli.js b/lib/cli.js
index 0ba93d95..b938a26f 100644
--- a/lib/cli.js
+++ b/lib/cli.js
@@ -360,6 +360,10 @@ program
     , 'LDAP search field (or $LDAP_SEARCH_FIELD)'
     , String
     , process.env.LDAP_SEARCH_FIELD)
+  .option('--ldap-username-field <scope>'
+    , 'LDAP username field (or $LDAP_USERNAME_FIELD)'
+    , String
+    , process.env.LDAP_USERNAME_FIELD || 'cn')
   .action(function(options) {
     if (!options.secret) {
       this.missingArgument('--secret')
@@ -386,6 +390,9 @@ program
         , objectClass: options.ldapSearchClass
         , field: options.ldapSearchField
         }
+      , username: {
+          field: options.ldapUsernameField
+        }
       }
     })
   })
diff --git a/lib/units/auth/ldap.js b/lib/units/auth/ldap.js
index 3d36f4a3..e39b9946 100644
--- a/lib/units/auth/ldap.js
+++ b/lib/units/auth/ldap.js
@@ -79,7 +79,7 @@ module.exports = function(options) {
             var token = jwtutil.encode({
               payload: {
                 email: ldaputil.email(user)
-              , name: user.cn
+              , name: user[options.ldap.username.field]
               }
             , secret: options.secret
             , header: {